| View previous topic :: View next topic |
| Author |
Message |
Karlsweldt
Enlightened Master
Joined: 12 Nov 2003
Posts: 18694
Location: 07438
|
 Posted: Fri Mar 08, 2013 6:23 am Post subject: Email Scam Warning.. |
 |
|
Got an Email this morning, in my 'spam' inbox.
Was suspicious, so did the "save as" then "viewed" without opening.. the only safe means.
If anyone gets an Email from "Hk" with the notation "Confi1" it is a scam. Opening it may release a virus or track your habits! Delete it.
The message body requests "Can you assist? I want you to assist in claiming some funds belonging to a late client of mine. Details will be furnished."
_________________
F@H.. to solve mankind's maladies.. in our lifetimes! |
|
| Back to top |
|
 |
evasive
Mobo-fu Master
Joined: 06 May 2001
Posts: 36479
Location: Netherlands, Breda
|
| Posted: Fri Mar 08, 2013 7:19 am Post subject: |
|
|
I have seen so many varieties of this one it's not funny. But thank you for the general heads-up...
_________________
We hate rut, but we fear change.
System error, strike any user to continue... |
|
| Back to top |
|
|
bdub
Black Belt 3rd Degree
Joined: 19 Feb 2003
Posts: 3348
Location: Washington D.C.
|
| Posted: Fri Mar 08, 2013 8:05 am Post subject: |
|
|
just a question... how does simply opening email release a virus? i thought it happened on opening attachments in the actual email. is it because the web-browser automatically runs scripts or something than can cause the opening of attachments with the virus, or cookie that tracks, or what?
_________________
my main rig...
asrock 970 extreme3
AMD athlonII X3 440
zalman cpns5x performa hs/fan
crucial ballistix 2x4gb sport ddr3-1333
powercolor 3850 256bit/512meg vga
antec neo he 650r
kingston hyperx 3k ssd 120GB
seagate 500GB HDD 32M cache
seagate 750GB HDD 32M cache
hitachi 1TB HDD 32M cache
lg wh14ns40 bd burner
optiarc ad-7240s sata dvdrw (nec chipset) |
|
| Back to top |
|
|
evasive
Mobo-fu Master
Joined: 06 May 2001
Posts: 36479
Location: Netherlands, Breda
|
| Posted: Fri Mar 08, 2013 8:08 am Post subject: |
|
|
Depending on what email-client you use, they can use HTML for the markup. So in essence it's a webpage. And in the same way a webpage can contain an invisible script, so can an email. All you need is a leak inside something like Flash or Java, put in the code to call that vulnerability and you're done for. They don't even need to disable your virusscanner as it goes undetected and can implement a full-blown rootkit on your system including MBR infection. Seen this in the field. No fun to clean up.
_________________
We hate rut, but we fear change.
System error, strike any user to continue... |
|
| Back to top |
|
|
Karlsweldt
Enlightened Master
Joined: 12 Nov 2003
Posts: 18694
Location: 07438
|
| Posted: Fri Mar 08, 2013 8:42 am Post subject: |
|
|
evasive is right. When you actually "open" an Email, the HTML script may draw in some data 'bits' that later assemble into a virus or Trojan. The 'bits' pass under the scanner radar, and look innocent. But when assembled, too late!
For any Email that is not from a known or trusted source, never actually open it. But "save as" to a secure folder, then use a text editor to only view it. This way, you have little chance of activity.
Yes, many schemes to hook the unsuspecting Email recipient. Some ask only for your personal help.. but others want your bank account number and family members names! Or "please forward $xxx.xx amount to this account".
_________________
F@H.. to solve mankind's maladies.. in our lifetimes! |
|
| Back to top |
|
|
bdub
Black Belt 3rd Degree
Joined: 19 Feb 2003
Posts: 3348
Location: Washington D.C.
|
| Posted: Fri Mar 08, 2013 9:25 am Post subject: |
|
|
yeah, not that i ever usually even open stuff that is unknown to me... but there are odd times i do, and usually with a client that has the bells and whistles turned off for unknown addresses (say, like thunderbird). but then again every once in a while i use webmail (browser based email, hotmail, yahoomail, etc.... you are saying if html is on for my browser, and i open an infected email, even OPEN it, that the computer can get virused?
that's pretty powerful stuff, there.
_________________
my main rig...
asrock 970 extreme3
AMD athlonII X3 440
zalman cpns5x performa hs/fan
crucial ballistix 2x4gb sport ddr3-1333
powercolor 3850 256bit/512meg vga
antec neo he 650r
kingston hyperx 3k ssd 120GB
seagate 500GB HDD 32M cache
seagate 750GB HDD 32M cache
hitachi 1TB HDD 32M cache
lg wh14ns40 bd burner
optiarc ad-7240s sata dvdrw (nec chipset) |
|
| Back to top |
|
|
Karlsweldt
Enlightened Master
Joined: 12 Nov 2003
Posts: 18694
Location: 07438
|
| Posted: Sat Mar 09, 2013 9:02 am Post subject: |
|
|
HTML script is actually a "live" page. You do not see any links that may call up a Web site or invite pop-up menaces, when you open it. But they will get you!
Whenever you open an HTML document or page, unseen script links automatically activate. And even if you hover over a URL to note statistics, you may call up a malicious link. Be especially wary if any suspicious Emails have an attachment!
More or less, we are "fish" in a big bucket.. and the hackers and phishers are out to get us.
We, as adults, should know better. But we are gullible. Yet youths are too curious, and unless we instruct them about caution with Emails, the computer may be bombed with malware.
Sometimes, an Email may look familiar.. from a friend or business. But if in doubt, save the link to a secure folder.. then use a file manager such as Total Commander from www.ghisler.com/ to safely view the contents. The full HTML text script can be seen, but there is no activation of content. Active script links would be highlighted with a different color. If you hover over those links, then you would note a long string for a URL source. Not advisable to do so, might be malicious! But the sender and date/time would be noted. There are scams relating to food and health products, plus legitimate business names. Even regular billing or bank notices!
_________________
F@H.. to solve mankind's maladies.. in our lifetimes! |
|
| Back to top |
|
|
bdub
Black Belt 3rd Degree
Joined: 19 Feb 2003
Posts: 3348
Location: Washington D.C.
|
| Posted: Sun Mar 10, 2013 2:35 pm Post subject: |
|
|
what's a "secure folder"?
_________________
my main rig...
asrock 970 extreme3
AMD athlonII X3 440
zalman cpns5x performa hs/fan
crucial ballistix 2x4gb sport ddr3-1333
powercolor 3850 256bit/512meg vga
antec neo he 650r
kingston hyperx 3k ssd 120GB
seagate 500GB HDD 32M cache
seagate 750GB HDD 32M cache
hitachi 1TB HDD 32M cache
lg wh14ns40 bd burner
optiarc ad-7240s sata dvdrw (nec chipset) |
|
| Back to top |
|
|
Karlsweldt
Enlightened Master
Joined: 12 Nov 2003
Posts: 18694
Location: 07438
|
| Posted: Mon Mar 11, 2013 7:32 am Post subject: |
|
|
A "secure folder" could be a common folder, called "Web cache" or "Unknown" or any other name. Best not to be kept in the "Documents and Settings" folder! Kept a separate entity from the root directory, less chance it would be accessible to use by other programs or searches. Best to be on another drive partition. Adding the 'hidden' attribute to the folder would be additional security. You know it is there, but other programming would not find it. Putting same on the desktop or quick-launch is not a good idea!
_________________
F@H.. to solve mankind's maladies.. in our lifetimes! |
|
| Back to top |
|
|
bdub
Black Belt 3rd Degree
Joined: 19 Feb 2003
Posts: 3348
Location: Washington D.C.
|
| Posted: Mon Mar 11, 2013 2:19 pm Post subject: |
|
|
so on another partition besides the system os... gotcha.
_________________
my main rig...
asrock 970 extreme3
AMD athlonII X3 440
zalman cpns5x performa hs/fan
crucial ballistix 2x4gb sport ddr3-1333
powercolor 3850 256bit/512meg vga
antec neo he 650r
kingston hyperx 3k ssd 120GB
seagate 500GB HDD 32M cache
seagate 750GB HDD 32M cache
hitachi 1TB HDD 32M cache
lg wh14ns40 bd burner
optiarc ad-7240s sata dvdrw (nec chipset) |
|
| Back to top |
|
|
|
