Shitty virus\trojan\phishing scam going around-this is going to burn a lot of people!

Search
Joined
Sep 21, 2004
Messages
28,775
Tokens
THIS IS BOGUS

2003161741234575864_rs.jpg
 

Oh boy!
Joined
Mar 21, 2004
Messages
38,373
Tokens
Thanks TT.

This trojan/virus asks for your credit card information to activate your copy of Windows XP. Microsoft doesn't need this information to activate your copy.

Think about it. There are millions of copies of Windows XP that were ordered and paid through business accounts. How would they expect everyone to have that credit card number?
 
Joined
Feb 2, 2006
Messages
2,952
Tokens
i believe the people who start these virues/spyware tactics/trojans whatever should be brutally beaten and tortured....it should be a worse punishment than murder....
 
Joined
Sep 21, 2004
Messages
28,775
Tokens
i believe the people who start these virues/spyware tactics/trojans whatever should be brutally beaten and tortured....it should be a worse punishment than murder....

Especially the identity theft fucks. They need to have their eyeballs burned out with a blowtorch. F'ing scumbags
 

Oh boy!
Joined
Mar 21, 2004
Messages
38,373
Tokens
i believe the people who start these virues/spyware tactics/trojans whatever should be brutally beaten and tortured....it should be a worse punishment than murder....

As someone who has had to clean up after viruses, I agree.
 

New member
Joined
Jun 2, 2006
Messages
29,253
Tokens
Billsgirl gets viruses on a weekly basis, it's a major pain in the ass to clean that shit up.
 
Joined
Sep 21, 2004
Messages
28,775
Tokens
BH, if that's the case, there is probably an underlying trojan causing the "re-infections". They can be a bitch to get rid of, but it can be done.
 

MrJ

New member
Joined
Nov 4, 2005
Messages
2,578
Tokens
that says mlcrosoft.com/piracy doesn't it?

quantum, most people are probably ignorant when it comes to computer and the net. First of all your copy is already bought and paid for, you don't need credit card details in the first place, windows does not need the net as far as I know so why would this kind of system be in place? The whole thing is pretty obvious and if something is asking for billing details the least you should do is research it.
 

2009 RX Death Pool Champion
Joined
Apr 3, 2005
Messages
13,603
Tokens
here is a new one!

http://www.informationweek.com/story/showArticle.jhtml?articleID=201800958&cid=RSSfeed_IWK_News

By Sharon Gaudin
InformationWeek
August 17, 2007 03:51 PM

Security researchers have unearthed the single largest cache of stolen identities, thanks in part to a Trojan stealing the data that has been hidden in a fraudulent advertisement on online job sites like Monster.com.

Don Jackson, a researcher with security company SecureWorks, told InformationWeek that he found 12 data caches connected to one group using the latest variance of the Prg Trojan, which also is known as Ntos, Tcp Trojan, Zeus, Infostealer.Monstres and Banker.aam. Several of the 12 found caches contain information on about 4,000 to 6,000 identity theft victims, but one contains about 10,000 and the largest one contains 46,000.

He estimates that between the 12 caches, there probably is information on about 100,000 stolen identities.

"That's at least four times as large as the largest ones I've run across before," said Jackson. "That tells me they're using a lot of different methods to do what they do or they've found really reliable methods to do it."

Jackson calls the identity theft organization behind the caches the "car group" because they've named each of the servers storing the information for a different auto manufacturer, like Ford, Mercedes, Chrysler, and French carmaker Bugatti.

The data, which includes bank and credit card account information, Social Security numbers, online payment account usernames and passwords, comes from victims who were all individually infected with the Trojan beginning in early May.

He said the latest variant of the Prg Trojan has been running on fraudulent ads on at least two online job sites. One, he said, is Monster.com. Representatives from Monster did not return a request for an interview.

"The hackers behind this scam are running ads on job sites and are injecting those ads with the Trojan," said Jackson. "When a user views or clicks on one of the malicious ads, their PC is getting infected and all the information they are entering into their browser, including financial information being entered before it reaches the SSL-protected sites, is being captured and sent off to the hacker's server in Asia Pacific."

Jackson said one server is still collecting stolen data and they are seeing 9,000 to 10,000 victims sending information to the server at any one time. When someone clicks on the advertisement, they're taken to a malicious Web page where their computer is infected with the Prg Trojan.

He said they've given information about the caches and the phony ads to the FBI. Jackson also said they tried contacting Monster.com but they haven't received a response yet.

"When I first discovered this large cache of data, I couldn't figure out how the hackers were compromising so many Web sites, and as a result, infecting so many victims," added Jackson. "However, when I uncovered the Trojan-injected advertisements, it made total sense. These job sites get tons of traffic so it is no wonder that the hackers are having such success."

The Trojan is designed to exploit several different software flaws, including vulnerabilities -- all of which have been patched by the vendors -- inMicrosoft( MSFT)'s Internet Explorer browser, WinZip and Apple's QuickTime.

Jackson said they found the caches by writing signatures that detect the Trojan communicating with the hackers' command server, which sends out instructions to the malware and accepts data from it. Researchers followed the traffic back to several servers. He said some are located in the Russian business network, others are in Hong Kong, and they believe the major cache is on a server in Malaysia.

Different hacker groups are selling a kit that helps malware authors compile new versions of the Prg Trojan. The kit, which sells for about $300 on underground forums and marketplaces, even re-scrambles the code to evade anti-virus detection.

SecureWorks noted that computers infected with the Prg Trojan will have a backdoor proxy server listening for connections on Port 6081. "This port is in not assigned to legitimate services and is not hidden by the rootkit functionality. f port 6081 is open on your computer, you are likely infected with the Prg Trojan," said Jackson. "If anti-virus is not detecting the infection, then you will need to boot the computer into Safe Mode and run another scan. If that fails, manual removal or reinstalling the operating system may be necessary."
 

Member
Joined
Oct 29, 2005
Messages
8,476
Tokens
TT..thx
Just had a huge virus on my 'puter...good thing my neighbor is a Tech Geek..

He said my shit w/ F* CK up.....took 6 hrs to fix..:ughhh:

minus the beer breaks ..:toast:
:nohead:
 

New member
Joined
Sep 20, 2004
Messages
6,066
Tokens
As someone who has had to clean up after viruses, I agree.

but then again that gives us all more work in the IT field


( I count myself lucky because I normally only deal with router/switches nightmares and rarely deal with an end user and the only end user who is a repeated customer is my dad............with whom I normally end up mad by seeing the spyware-zoo exhibit he hands me when 'his computer is slow)
 

2009 RX Death Pool Champion
Joined
Apr 3, 2005
Messages
13,603
Tokens
FOLLOW UP!


NEW YORK/BOSTON (Reuters) — The theft of contact information for job seekers in the database of Monster Worldwide (MNST) may have been much greater than the 1.3 million individuals reported earlier this month, Chief Executive Sal Iannuzzi said Wednesday.

While investigating the recent theft, the company learned that its website had previously been hacked.

"We're assuming it is a large number. It could easily be in the millions," Iannuzzi said in an interview with Reuters.

To be safe, he said, each Monster.com user should assume that his or her contact information has been taken.

The company said earlier that the theft of confidential information was not an isolated incident, and said the scope of illegal activity was impossible to pinpoint.


Monster is stepping up surveillance of site traffic, boosting its security staff and is contacting users about ways of protecting their privacy.

"I want to be clear and I want to be frank: There is no guaranteed fix," Iannuzzi said. "I wish I could say ... there will be absolutely no way that the Monster site can be compromised. I cannot ever make that promise, and no Internet company can."

So far, the company has found no evidence that the data thieves were able to take financial information, he said.

About 200 to 300 job seekers have canceled their accounts as a result of the security issue, the CEO said, but those have been offset by an upswing in new accounts. A "handful" of employers have canceled their accounts, Iannuzzi said.

The company, which said last month it would invest $80 million to $100 million over 18 months to improve its technology, will dedicate "a large measure of that money" to fixing the security issue, Iannuzzi said.

Monster shares closed Wednesday up $1.24, or 3.8%, to $34.15 on the Nasdaq. Its shares were little changed in extended trading.
 

Forum statistics

Threads
1,119,476
Messages
13,568,703
Members
100,801
Latest member
ps5repairs
The RX is the sports betting industry's leading information portal for bonuses, picks, and sportsbook reviews. Find the best deals offered by a sportsbook in your state and browse our free picks section.FacebookTwitterInstagramContact Usforum@therx.com