Title: Errorer impersonating staff Post by: Drifter on June 15, 2011, 02:57:04 PM A member is sending PM's talking of rule violations and linking to images4u site (didn't click on it). Beware this user. This thread is to alert staff and to warn others.
Quote from: Errorer Hello Statements which should not be generally offensive, be excessively repeated or have bad formatting (spam), contain forbidden advertising or political or religious views, not be non-English when English is required, disclose personal data of others, or support any other rule violation. Proof can be seen at: http://images4u.EDITEDFORSAFETY One more warning and your account might be banned. Title: Re: Errorer impersonating staff Post by: error on June 15, 2011, 03:05:47 PM Click the "Report to Admin" link at the lower right hand side of the displayed private message.
Title: Re: Errorer impersonating staff Post by: Drifter on June 15, 2011, 03:12:41 PM Right, I'll do that now. I actually haven't opened to the PM, just read the email notification and wanted to warn not only staff but users as fast as possible.
Done. Forum is pretty slow right now but I think it went through. Title: Re: Errorer impersonating staff Post by: jimbo77 on June 15, 2011, 03:28:32 PM Same message but different person sent mine. Had name similar to admin.
CONTAINS VIRUS. I actually clicked it! :'( Title: Probable scam. Post by: Amechan on June 15, 2011, 03:34:01 PM I just got a PM form a newbie with the following information:
Quote You have just been sent a personal message by Errorer on Bitcoin Forum. IMPORTANT: Remember, this is just a notification. Please do not reply to this email. The message they sent you was: Hello Statements which should not be generally offensive, be excessively repeated or have bad formatting (spam), contain forbidden advertising or political or religious views, not be non-English when English is required, disclose personal data of others, or support any other rule violation. Proof can be seen at: http://xxxxxxxxxxxxxxxxxxxxxxxxxxx One more warning and your account might be banned. I censored the link. I have no idea what that link is but I certainly wouldn't click on it. I reported the user and the message. Just a heads up. Title: Re: Probable scam. Post by: jimbo77 on June 15, 2011, 03:37:39 PM Virus. I clicked!
Title: Re: Probable scam. Post by: Amechan on June 15, 2011, 03:43:33 PM Could you give me some details as to what happened when you clicked on it?
Did it install software? Show a picture? Thanks Title: Re: Probable scam. Post by: jimbo77 on June 15, 2011, 03:51:10 PM Clicked link and Firefox starting downloding it without asking. Virus scanner popped up with W32.Induc.A warning and deleted it.
Title: Re: Probable scam. Post by: Amechan on June 15, 2011, 03:57:04 PM Thanks for the info.
I checked myself and it seems to open some Java script. Quote http://xxxxxxxxxxxxxxxxxxxxxxxxxximages4u.hostil.pl/DSC00054.jpg redirects to http://xxxxxxxxxxxxxxxxxxxxxxxxxxximages4u.hostil.pl/DSC00054.jpg/ Checking: http://xxxxxxxxxxxxxxxxxxxxxxxxxxxhostil.pl/reklama.js File size: 4331 bytes File MD5: 4119156a2fb15193a5647431ba91b261 http://xxxxxxxxxxxxxxxxxxxxxxhostil.pl/reklama.js - Ok Checking: http://xxxxxxxxxxxxxxxxxxxxxxxxxxxximages4u.hostil.pl/DSC00054.jpg/ Engine version: 5.0.2.3300 Total virus-finding records: 2220597 File size: 859 bytes File MD5: 381b45cceb715c29baaa073dc1dd2a82 http://xxxxxxxxxxxxxxxxxxximages4u.hostil.pl/DSC00054.jpg/ - archive HTML >http://xxxxxxxxxxxxxxxximages4u.hostil.pl/DSC00054.jpg//JavaScript.0 - Ok >http://xxxxxxxxxxxxxxxxxximages4u.hostil.pl/DSC00054.jpg//Script.1 - Ok >http://xxxxxxxxxxxxxxxxximages4u.hostil.pl/DSC00054.jpg//Script.2 - Ok http://xxxxxxxxxxxxxxxximages4u.hostil.pl/DSC00054.jpg/ - Ok Don't click on any of the above. Title: Re: Probable scam. Post by: h2ofusion on June 15, 2011, 04:06:24 PM I think you should get rid of that link right away. We don't anyone accidentally clicking it and infecting their computer. One more thing, which AV were you using that caught the virus, it would be nice to know, thanks.
Title: Re: Probable scam. Post by: Amechan on June 15, 2011, 04:11:52 PM I added xxxxxs so no one can click by accident.
I didnt catch it with a antivirus. I caught it with my bullshit detector. I know I have not written anything offensive and a simple account check on the sender of the PM showed he was a newbie and only made one post in the newbie forum with the same link. I then ran the URL through some online checkers and it showed that it redirects to Javascript. Seems to try to install some software if clicked however what and why I dont know. Title: Re: Probable scam. Post by: Nescio on June 15, 2011, 04:29:51 PM Also, don't click on URL shortened links, especially in Bitcoin related fora.
Title: Re: Errorer impersonating staff Post by: theymos on June 15, 2011, 05:26:47 PM Their accounts are deleted now, and new users can now not use names that contain staff names. (This is probably pretty easy to bypass, though, so watch out.)
Title: Re: Errorer impersonating staff Post by: joan on June 15, 2011, 11:51:05 PM This got me thinking that another threat we will face shortly is phishing.
One could create a site looking just like Mt. Gox, InstaWallet or ClearCoin, with a similar domain name, but just be a big scam and eat your coins. People will need to be extra careful. |