cancel
Showing results for 
Search instead for 
Did you mean: 

Digital Puppies - virus (worm)

Superuser
Superuser
Posts: 668
Thanks: 166
Registered: 05-04-2007

Digital Puppies - virus (worm)

Just to flag up a "worm" currently doing the rounds - came in to a (webmail-compromised) mailbox here so may well be received by other customers.
text of e-mail (which comes without an attachment) is:
Quote
Would you consider helping us with your opinion of our new program
Digital Puppies
This beta testing will enable us to fine tune the software for public
release. To say thanks, Beta testers will receive a free copy and 5
years of free updates.
1: Download the software  2: Try it  3: Tell us what you think If you
want to participate, just follow the link to our download site:
xxxxhttp://xx.116.113.120/setup.exe

more details on the PUG (UserGroup) site at http://usergroup.plus.net/forum/index.php/topic,5230.0.html .
Regards,
Penny.
Penny Rollo * Force 9 from 17/02/98 * PlusNet from 2000 onwards
Project HappyChild - free maths worksheets, free French-English
worksheets and 12 other languages
personal site www.pennymidasrollo.plus.com
16 REPLIES
Plusnet Staff
Plusnet Staff
Posts: 12,169
Thanks: 18
Fixes: 1
Registered: 04-04-2007

Re: Digital Puppies - virus (worm)

Yep, I had a similar one this afternoon, looks like another from the Zhelatin/Storm gang
We Need Beta testers to try out our new software Vegas Casino World
This beta testing will help prepare us for market release. As a beta tester you will receive a free copy of the program and free updates.
1: Download the software  2: Try it  3: Tell us what you think Here is your chance. Follow the link to our secure download center:
http://1XXXX/setup.exe
Superuser
Superuser
Posts: 668
Thanks: 166
Registered: 05-04-2007

Re: Digital Puppies - virus (worm)

Quote from: dave
Yep, I had a similar one this afternoon, looks like another from the Zhelatin/Storm gang

Cheers Dave.  Just occurs to me to ask, does PN have something in place to flag up viruses/worms that look like causing a problem?
Only ask because this e-mail made its way into my mail program (OE) having been spam-cleared, and given that most/all mail is in some way filtered now, might perhaps not be too difficult to add a "possible virus" folder option (like the spam folder) into squirrel mail to which any mails containing an .exe link or similar might be diverted.
Does that sound logical / possible?
Regards,
Penny.
Penny Rollo * Force 9 from 17/02/98 * PlusNet from 2000 onwards
Project HappyChild - free maths worksheets, free French-English
worksheets and 12 other languages
personal site www.pennymidasrollo.plus.com
Community Veteran
Posts: 1,699
Registered: 30-07-2007

Re: Digital Puppies - virus (worm)

I got it as well.  I guessed it must be somehthing like this so dumped it.  I should have thought about notifying the forum.  Thanks for the reminder. Undecided
John
Plusnet Staff
Plusnet Staff
Posts: 12,169
Thanks: 18
Fixes: 1
Registered: 04-04-2007

Re: Digital Puppies - virus (worm)

Best thing to do is forward them to the despam address if they aren't being picked up as spam and it should hopefully learn. Although given the frequent changes these guys have been doing with their spam these mail probably won't be around long.
Superuser
Superuser
Posts: 668
Thanks: 166
Registered: 05-04-2007

Re: Digital Puppies - virus (worm)

Quote from: dave
Best thing to do is forward them to the despam address if they aren't being picked up as spam and it should hopefully learn.

Should I take that as a polite "no" to my question above, about possibly separating out mail that contains .exe links?  I appreciate that in certain instances people would be expecting genuine .exe program links but if they were automatically separated off into a designated SquirrelMail folder, would just avoid (any) PN-group customers clicking on worm/virus carrying addresses by accident (and people expecting genuine stuff would know where it would be foldered).
If it's too complicated / not viable, to arrange, fair enough Smiley
Regards,
Penny.
Penny Rollo * Force 9 from 17/02/98 * PlusNet from 2000 onwards
Project HappyChild - free maths worksheets, free French-English
worksheets and 12 other languages
personal site www.pennymidasrollo.plus.com
Community Veteran
Posts: 1,699
Registered: 30-07-2007

Re: Digital Puppies - virus (worm)

This was slightly more subtle than that.  It didn't have an attachement, just a link, but no less dangerous.
John
Community Veteran
Posts: 26,548
Thanks: 791
Fixes: 9
Registered: 10-04-2007

Re: Digital Puppies - virus (worm)

Quote from: dave
Best thing to do is forward them to the despam address if they aren't being picked up as spam and it should hopefully learn. Although given the frequent changes these guys have been doing with their spam these mail probably won't be around long.

Good suggestion - just click the "This is spam" button in webmail. Oh - it isn't there yet - well quite frankly reporting missed spam in the correct format is to much hassle at present so I won't be doing it.
jelv (a.k.a Spoon Whittler)
   Why I have left Plusnet (warning: long post!)   
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£13/month)
Mobile: iD mobile (£4/month)
Plusnet Staff
Plusnet Staff
Posts: 12,169
Thanks: 18
Fixes: 1
Registered: 04-04-2007

Re: Digital Puppies - virus (worm)

Quote from: Penny

If it's too complicated / not viable, to arrange, fair enough Smiley

I'm not sure that it would be possible, at least not easily. Would tagging it with [Suspected dangerous link] in the subject or something be better? Again I don't know how feasible that would be. Plus it's quite easy to disguise the exe. Maybe one to keep an eye on to see if there are more or if it disappears as a tactic.
Community Veteran
Posts: 1,699
Registered: 30-07-2007

Re: Digital Puppies - virus (worm)

Quote from: jelv
Quote from: dave
Best thing to do is forward them to the despam address if they aren't being picked up as spam and it should hopefully learn. Although given the frequent changes these guys have been doing with their spam these mail probably won't be around long.

Good suggestion - just click the "This is spam" button in webmail. Oh - it isn't there yet - well quite frankly reporting missed spam in the correct format is to much hassle at present so I won't be doing it.

I agree that forwarding the spam is a hassle, but mostly I've stopped doing it, because when I do, the amount of spam I get goes up!!
I suspect it's to do with the fact that to forward it, you have to open it.
John
Superuser
Superuser
Posts: 668
Thanks: 166
Registered: 05-04-2007

Re: Digital Puppies - virus (worm)

Quote from: dave
Would tagging it with [Suspected dangerous link] in the subject or something be better? Again I don't know how feasible that would be. Plus it's quite easy to disguise the exe. Maybe one to keep an eye on to see if there are more or if it disappears as a tactic.

Sounds reasonable Smiley  I assume most people nowadays know to leave the preview pane closed so mail doesn't open automatically, and to be wary of attachments, but a link to click, one that's openly an .exe link, or worse a disguised one, is another matter.
Presumably the existing pre-arrival spam-scan software reads the source code not just what's "visible".
Worst-case-scenario would be a spoofed PN-send address (given the original webmail hack to get PN-group addresses en masse was done deliberately) with such a link in the body of the e-mail, because most customers would click if it looked interesting and supposedly originated from PN.  Highly unlikely ever to happen, of course, but not beyond the bounds of possibility.
I guess I'd feel more comfortable if exe-link-type e-mails were hived off somewhere (for access only if required) - even if it stops only one in a hundred customers getting a virus/worm, that's still 2000 people, in the final analysis, and that many computers with viruses could perhaps cause a load on PN's e-mail servers.
All hypothetical and no doubt very unlikely, but maybe, as you say, worth keeping an eye on ongoing tactics being used.
Regards,
Penny.
Penny Rollo * Force 9 from 17/02/98 * PlusNet from 2000 onwards
Project HappyChild - free maths worksheets, free French-English
worksheets and 12 other languages
personal site www.pennymidasrollo.plus.com
Plusnet Staff
Plusnet Staff
Posts: 12,169
Thanks: 18
Fixes: 1
Registered: 04-04-2007

Re: Digital Puppies - virus (worm)

It's actually already been done, I remember a virus about a year or two ago that would set the from address as being something like support@to-domain or abuse@to-domain so mails to PlusNet customers looked to come from support@plus.com, aol addresses support@aol.com etc. Not really seen it happen since, maybe the spammers didn't think it worked too well.
Superuser
Superuser
Posts: 668
Thanks: 166
Registered: 05-04-2007

Re: Digital Puppies - virus (worm)

Quote from: dave
It's actually already been done, I remember a virus about a year or two ago ... so mails to PlusNet customers looked to come from support@plus.com ...

oh joy Smiley
... just occurs to me how easy it would be, for someone with a grudge and a little bit of knowledge of how things work here, to create a (masked) .exe type link for a trojan/virus, and include the link in an e-mail supposedly from PN billing, or even this forum, anything that a customer might be likely to read and click through from, without checking first where the link actually went.
... have there been any developments on finding out exactly who hacked the webmail database, btw?
Penny Rollo * Force 9 from 17/02/98 * PlusNet from 2000 onwards
Project HappyChild - free maths worksheets, free French-English
worksheets and 12 other languages
personal site www.pennymidasrollo.plus.com
Superuser
Superuser
Posts: 668
Thanks: 166
Registered: 05-04-2007

Re: Digital Puppies - virus (worm)

Quote from: PJ
See here for article on the group apparently behind the e-mails reported by the OP.

Interesting.  Probably the same people as were behind the YouTube attack on 28th August.
Google must be teed off about their Blogger site being targeted; surprised it happened there, tbh.
I guess PN is small fry by comparison, but it's worrying that the webmail database was deliberately hacked and it would be reassuring to know that some thought was being given to ways of protecting PN-customers should the hacked addresses in due course become a target for mass e-mails carrying the .exe type links, masked or otherwise.
Regards,
Penny.
Penny Rollo * Force 9 from 17/02/98 * PlusNet from 2000 onwards
Project HappyChild - free maths worksheets, free French-English
worksheets and 12 other languages
personal site www.pennymidasrollo.plus.com
mjtuohy
Grafter
Posts: 136
Registered: 16-06-2007

Re: Digital Puppies - virus (worm)

Penny. You said earlier about keeping the preview pane closed when going into your email program. I use firefox, but didn't realise this could be done. How do you do this please as it seems a good idea. Huh Thanks Martin
       
                  Edit just realised that unless you click on a message
                        It won't open sorry its been a long night. Embarrassed