Jump to content


Photo

Trouble at Net-Integration


  • Please log in to reply
12 replies to this topic

#1 Mike

Mike

    Dark Lord of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 514 posts

Posted 16 August 2005 - 09:55 AM

It looks like someone hacked into the message board over at Net-Integration.net and used the software to spam the members. Thatís an assumption, which I base on the headers from the spam.

X-AntiAbuse: Originator/Caller UID/GID - [32004 32009] / [47 12]
X-AntiAbuse: Sender Address Domain - peace.emfc.com
X-Source: /usr/bin/php
X-Source-Args: /usr/bin/php admin.php
X-Source-Dir: net-integration.net:/public_html/forums

The spam has the following:

    Protect Your PC !!!

    Please download antivirus protection
    [link removed]

The file it links is almost certainly a virus of some kind. So if you receive this email, trash it :)

The site is disabled until the problem is worked out. Iím sure itíll be up again soon.
SpywareInfo: How are you gentlemen?? All your base are belong to us!!
Spyware: What you say!!
SpywareInfo: You have no chance to survive. Make your time!

#2 joysness

joysness

    Member

  • Full Member
  • Pip
  • 16 posts

Posted 16 August 2005 - 11:03 AM

Thanks Mike,

I had 4 of them in my email this morning. The fact that there were 4 of them made me suspicious. I deleted them all and was going to the forum to advise them when I got the message my account had been temporarily suspended. :blink:

Then I knew something was up.

#3 wreck

wreck

    Always Learning!

  • Full Member
  • PipPipPipPip
  • 285 posts

Posted 16 August 2005 - 11:19 AM

Yeah, I got 5 e-mails as well!. It traces back to some Russian page!
"It's not the size of the dog in the fight -- it's the size of the fight in the dog."

#4 tashi

tashi

    Forum Deity

  • Ambassador
  • PipPipPipPipPip
  • 555 posts

Posted 16 August 2005 - 11:30 AM

Eagle1 has shut down the Board and is investigating, I will post more news as I receive it.

tashi

Microsoft MVP~Consumer Security


#5 Majicman

Majicman

    Just trying to kill the malware...

  • Helper
  • PipPipPip
  • 207 posts

Posted 16 August 2005 - 12:45 PM

I know on my ISP's forum (Comcast), there has been mention that the Symantec Brightmail filters on the Comcast mail servers, as well as whatever yahoo is using has removed several trojans from the e-mail.

That's so horrible that a Malware Removal website was hacked. :(
IPB Image
Official ASAP member since November, 2005.

#6 Metallica

Metallica

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 849 posts

Posted 16 August 2005 - 01:04 PM

I hope not too many people were tempted into downloading and running that password stealer I received (3 x)

Hang in there tashi.

Regards,

Pieter
MVP Windows Security 2003-2015 Posted Image

Remove and prevent spyware

#7 Piatan

Piatan

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,982 posts

Posted 16 August 2005 - 04:02 PM

Right, the multiple emails are also what first made me suspicious. Though I don't recall using that particular email address at NI, or any other Anti-Spyware site and that isn't something I'm likely to do.
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Posted Image

#8 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 16 August 2005 - 05:14 PM

My fine spam blocker offered them to me as ones to review. No problem deciding to block! No way N-I is going to send you an unsolicited link to a download site.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#9 tashi

tashi

    Forum Deity

  • Ambassador
  • PipPipPipPipPip
  • 555 posts

Posted 16 August 2005 - 06:18 PM

Hang in there tashi.
Regards,  Pieter


Thank you Pieter, it has been quite a day. :rolleyes:

Microsoft MVP~Consumer Security


#10 Mike

Mike

    Dark Lord of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 514 posts

Posted 16 August 2005 - 06:56 PM

They're back up now
http://forums.net-in...showtopic=32730
SpywareInfo: How are you gentlemen?? All your base are belong to us!!
Spyware: What you say!!
SpywareInfo: You have no chance to survive. Make your time!

#11 Corrine

Corrine

    The Mystical Rose

  • Ambassador
  • PipPipPip
  • 186 posts

Posted 16 August 2005 - 06:58 PM

Tashi, you know we're behind you. If you need help, my friend, just yell.

Forum%20Sig_zpsjw5k8xhn.jpg

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.


#12 Corrine

Corrine

    The Mystical Rose

  • Ambassador
  • PipPipPip
  • 186 posts

Posted 16 August 2005 - 07:05 PM

Too bad I hadn't refreshed before posting. Congratulations, Eagle1 et al. That was splendid work getting a handle on that as quickly as you did.

Forum%20Sig_zpsjw5k8xhn.jpg

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.


#13 tashi

tashi

    Forum Deity

  • Ambassador
  • PipPipPipPipPip
  • 555 posts

Posted 19 August 2005 - 04:04 PM

Thank you Corrine. :)

Sorry I didnt see this earlier, I have been a tad busy. :wave:

Microsoft MVP~Consumer Security





Member of UNITE
Support SpywareInfo Forum - click the button