Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Spate of new spam

Options
  • 08-07-2014 8:58am
    #1
    KAGY
    Registered Users Posts: 1,090 ✭✭✭


    Hi all, I've been getting a spate of new spam from some of my contacts in the last while. They are all similar, ususally a one word subject line with a space in the word, a short message then a link to "get your facebook message" "see their photo" etc. The link is normally 
    107.183.127.113/l/?xuzubi={short key}&hidi=&id={some long key]==&talijupagi={some key}
    Gmail doesn't seem to be able to intercept this spam, which has come from users of both gmail and firefox.
    Speaking to some of them, none have clicked on a similar mail, but I wouldn't consider them the most tech savy. Has anyone more info on this, I couldn't find anything on google. Do you think it has to do with the Heartbleed bug, as I'd assume they use the same password for everything.
    PS: Ive given them the usual talk on basic security


Comments

  • Options
    #2
    eddiehen
    Registered Users Posts: 155 ✭✭eddiehen


    KAGY wrote: »
    Hi all, I've been getting a spate of new spam from some of my contacts in the last while. They are all similar, ususally a one word subject line with a space in the word, a short message then a link to "get your facebook message" "see their photo" etc. The link is normally 
    107.183.127.113/l/?xuzubi={short key}&hidi=&id={some long key]==&talijupagi={some key}
    Gmail doesn't seem to be able to intercept this spam, which has come from users of both gmail and firefox.
    Speaking to some of them, none have clicked on a similar mail, but I wouldn't consider them the most tech savy. Has anyone more info on this, I couldn't find anything on google. Do you think it has to do with the Heartbleed bug, as I'd assume they use the same password for everything.
    PS: Ive given them the usual talk on basic security

    Yep - seeing lots and lots of them lately. Have you noticed the short text is a Harry Potter quote? Neither did I, but when I googled it I got this:

    http://www.dailyedge.ie/harry-potter-spam-explainer-1537279-Jun2014/

    The links don't seem to trigger any IDS rules, and from dumping the content of the URL there doesn't seem to be any exploit or driveby download going on. Am I missing something?


  • Options
    #3
    lemon2
    Banned (with Prison Access) Posts: 15 lemon2


    Hello,

    I also had this, and it was from people in my contacts, and they send out weird spam trying to get me to login to g-mail.

    I epersonally think it could even be MI5 logging people because MI5 have full control over google, AND THATS what we know for certain so think about other agent HQ's having control,etc.


  • Options
    #4
    KAGY
    Registered Users Posts: 1,090 ✭✭✭KAGY


    Comment from that article
    That link believe it or not, contains both the email address of the person who sent the email and your email address but its encoded. When you click on that URL, you straight away confirm your email account is actively monitored by a human. Usually the website will have some form of drive by attack as well, hopefully harvesting your email account credentials and sending on the same email to all the people in your address book.


  • Options
    #5
    magentis
    Closed Accounts Posts: 2,249 ✭✭✭magentis


    lemon2 wrote: »
    Hello,

    I also had this, and it was from people in my contacts, and they send out weird spam trying to get me to login to g-mail.

    I epersonally think it could even be MI5 logging people because MI5 have full control over google, AND THATS what we know for certain so think about other agent HQ's having control,etc.

    Hehe.
    Take your tablets will ya.


  • Options
    #6
    KAGY
    Registered Users Posts: 1,090 ✭✭✭KAGY


    lemon2 wrote: »
    I epersonally think it could even be MI5 logging people because MI5 have full control over google, AND THATS what we know for certain so think about other agent HQ's having control,etc.

    Mi6 is the foreign secret service. But why do you think that Google are the puppets and not the masters ? You can save yourself now by wrapping your smart phone in tinfoil


  • Advertisement
  • Options
    #7
    KAGY
    Registered Users Posts: 1,090 ✭✭✭KAGY


    And on a serious note: get your friends to change their password, I've just started using keepass so I can have a different password for all my important accounts but I wouldn't recommend that for the non tech savvy


  • Options
    #8
    eddiehen
    Registered Users Posts: 155 ✭✭eddiehen


    KAGY wrote: »
    Comment from that article

    Yeah, turns out the article is a bit more generic about the threat than it should be. It's correct in mentioning the email address is encoded into the URL, but the URLs are unique and change with every email sent, and the Harry Potter quotes were to get around your average Bayes filter.

    If your email addy is one of the 3-4 main ones (hotmail, gmail, yahoo, live) it redirects you to a phishing page which attempts to harvest your login details. If it doesn't recognise your domain, it redirects you to a fake BBC page which advertises that "Garcinia Combogia" stuff, which is a supposed slimming product (but the page is recon for browser vulnerabilities).

    And here's the nifty part - if you click on it again (from one of the recognised domains) it redirects you to the fake BBC site second time around, catching you with both phishing and browser recon attempts with 2 stupid clicks.


Advertisement