Dismiss Notice
You are browsing this site as a guest. It takes 2 minutes to CREATE AN ACCOUNT and less than 1 minute to LOGIN

You Sent A Virus But Your Computer or Email Program Wasn't Itself Infected

Discussion in 'Tech, Gadgets & Science Forum' started by MziziMkavu, Oct 8, 2011.

  1. MziziMkavu

    MziziMkavu JF-Expert Member

    #1
    Oct 8, 2011
    Joined: Feb 3, 2009
    Messages: 38,553
    Likes Received: 2,824
    Trophy Points: 280
    [​IMG]


    reactive thinkers blame first think second



    [​IMG]




    Someone's Sending A Virus From My E-Mail Addres How Do I Stop Them?!

    Today I came to learn a realization that was all to real, and likely something I already realized but hadn't realized nor considered the repercussions of. It was a reality check from hell and a reality that really makes me uncomfortable.
    Let me start from the beginning.
    E-mail viruses are nothing new. People have been hit by them for years unsuspectingly although I thought as many others did, that it was due to something you did (whether or not you did it intentionally or were a victim of doing something normal only to be tricked into doing it matters not) that made it happen- Simple cause and effect right? Wrong.
    The typical way viruses get into your system are:

    • You open an email with a script built into the HTML or even the .eml (extension in outlook emails are saved in i believe, I may have the exact letter combination wrong- I don't like outlook much- no versatility on different pc's without some major syncing and set up) encoding that emits a powerful viral installation. The fact is the script can be 2 lines in length, super focused (less code i.e. a loop action vs an if/do) and many viruses actually act like zip files in that they contain only the "active" ingredient and use your own windows OS to supplement the rest of it's "Body"! Yes you can be infected simply by your own curiosity (infectious curiosity?) and OPENING the mail- not clicking anything opening anything, allowing anything- just opening it is like pulling the trigger- they are getting cleaver these days!

    • You open a website with a scrip- same scenario plays out only it's much easier to implement in a browser due to the many holes in most browsers (Firefox is not impenetrable but it's dam good at keeping out most things, if you use IE (sound the death toll music) then your just walking through the ghetto of the internet with a solid gold bike and a flat tire- why would you do that? IE is the worst thing ever in browser technology security- granted 9.0 is better but still Microsoft after all (I say as I hypocritically use Windows Vista, but NOT IE, I won't even allow that program on my PC, some sites can actually LAUNCH IE even if you never use it, and plant a virus through the screen door of holes in that useless software (yes I'm a bit peeved with all the viruses ONLY IE let in).

    • You downloaded or opened a screensaver file (thinking well it's not an .exe right? but the scr extension IS executable- tsk tsk... or you clicked a link to something you thought was legit- possibly becuase your friend sent it- or did he? Likely not.

    • The last option is the focus of this hub/article
     
  2. MziziMkavu

    MziziMkavu JF-Expert Member

    #2
    Oct 8, 2011
    Joined: Feb 3, 2009
    Messages: 38,553
    Likes Received: 2,824
    Trophy Points: 280
    They May As Well Have Sent The Mail From YOUR Computer Through The Screen!

    [​IMG]



    Introduction - Your Screwed, And There Isn't A Dam Thing You Can Do About it But Hope Your Friends Family And Boss Is Not a Moron And Blames You

    Well today I was astonished to find out that even though I don't ever download anything without a bazillion filtering through AVP's or likely unless it's a movie (avi format) I don't download programs, I'd rather buy them and save myself the hassle, that yes I too was a victim- I should say AM A VICTIM.

    You see you no longer (or ever had to be?) have to be infected, or to infect your system in any way to become a victim of this unscrupulous BS. Your sitting there one day minding your own business- sending out emails carefully and even have Avast Antivirus CORPORATE edition installed- that thing is iron clad isn't it?
    Yep- never have I had a virus get in past that guard. Today I actually for the first time questioned the programs ability to protect me- but I was wrong to do that as this was no more my AVP's negligence than it was my own!


    [​IMG]
    Unfortunately if they just harvested your email from say a website or someone sold them your email from some site you purchased something from or a forum you joined run by unscrupulous people- it's not even about proxies, but spoofing it


    The Last Option (from the top paragraph bullet list)

    We regret to inform you that your email address is infected. Not the computer, not the email program, and not you yourself- your address. You know that email that you've carefully protected and held onto for over 20 years? Yea- that one. The one you don't want to change

    because you love it, everyone knows it and people you've not talked to in 20 years still remember and find you? It's like a phone number once your entire network has it and even people later in life use to find you (I hope his email is the same otherwise I can't find him!).

    Infected means infiltrated, possessed- let's go with that one.


    Possessed means you lose control of it's ability to reason, do what you want, and even to stop it from causing havok all over the web with people you just met and business associates and yes, even your boss.
    When someone recieves an email from you with a virus in it (most people realize this is a virus and you've been "hacked". In fact a guy I

    worked for years ago got such a mail last night and replied simply with "Hacked" in the email body above the actual email he recieved. Another friend in Venezuela got it and trusted it so she clicked it- "I tried to check out that site and it wouldn't load- " was her response as I held my head in my hands thinking oh chit- she's toast- that was likely a real virus.

    The last option that is so simple most people don't even consider it is that someone grabbed your email from either you, someone you emailed, or someone who emailed you and a bunch of other people in a list of contacts. It could be your email that is live on a forum, in a signiture, on your retail or other type of site- anywhere your email can be harvested (if they can't click on it they can still transcribe it.


    [​IMG]
    Worst culprit in the real world is the business card with your email address printed- you may as well print your SS number on the back too.
     
  3. MziziMkavu

    MziziMkavu JF-Expert Member

    #3
    Oct 8, 2011
    Joined: Feb 3, 2009
    Messages: 38,553
    Likes Received: 2,824
    Trophy Points: 280
    Email Addresses Are Dangerous Now

    You can't defend yourself against a ghost in the machine. If they have your email address- that is the actual letters and numbers that comprise your email IDENTITY, then they can do unfathomable damage due to the state of the world being paranoid first then thinking about it (thinking it through is rarely the first thing people do- they feel that deep seated plumet of their dissappointment (it can happen to me? I thought...) and

    then that feeling is most often associated to the name on the header's "from" field- they first get angry but not at you so much as at the fact that they feel violated- then they need an outlet and your right there (not really you but some cloned copy of your identity- who'd of thought- email identity theft is real!

    Sure they lash out then calm down when you give them a reality check- "stop yelling and listen- you didn't get hacked- this is benign so long as you didn't open the email or click anything"... but the damage is done because they've built a psychological filter that your the scum of the earth for doing this to them- even though you didn't- it's like if someone cloned you from your dna and that clone was caught with another

    woman and your significant other didn't believe you- only this clone is digital in nature!
    You can't get protection because this is not an actual virus- it's as benign at it's core as sending an email- it's what they do with it or how they perceive it that opens "Pandora's Box". The real virus is socially engineered! Read Mitnicks book "The Art Of Persuasion" (or something like that).

    The bottom line is that your email address is now sacred- more than ever- but if you truly want to protect your identity from marketers, unscrupulous deviants, and anyone else who could potentially use a spoofing program or whom knows programming code and can really make it look legit even to the trained eye (someone who can read headers for example and knows to look in their sent folder for suspicious emails sent without your knowledge.

    Although if this is the work of a virus they just take your email list and do the dirty work on their own secure system/network- so no "sent" mail appears, nor does it appear if they do it from your own computer as many of the "smart viruses" know how to and do just add a script to go into and remove the "sent" mail based on what it used for a subject line. More likely is the first option because it makes them untraceable (for the most part unless they were a white hat hacker with no real skills- just using a program/script- a real hacker made- they call these guys/gals Script Kiddies) - they essentially just ripped your email list and the virus likely used your own windows to delete itself when it's dirty work was complete!


    [​IMG]



    [​IMG]




    Slightly Off Topic Fun Facts

    Vengeance Ironically Can Come From The Hackers To The Script Kiddies!
    I call them SC/Kiddies) ****** with too much automated power and no real idea of what their doing - so they usually can get caught, in fact some hackers attack THEM by making the program leave footprints back to the script kiddie- they do this to eliminate their potential future

    competition or just because they hate people who don't learn the trade and make their own scripts- a lesson to them usually is this back stabbing code that the script kiddie likely can't even read to protect themselves!
    The other irony is that if the person "using" the script does know their stuff- they will always look at the code to see if they can improve their own skillset- and when they see that piece of code that leaves footprints they smirk and say "nice, but no dice lol" and remove it- no harm no

    foul- they know how the game is played.
    The "virus within a virus" in this case is aimed at those lazy hackers who never take the time to learn code and thus the real hackers wanting a shortcut (not so much lazy as efficient) know to look and what to remove- to make the program a pure virus that won't backfire on them. "Use this program at your own risk" is not just a disclaimer- it's a hacker 'NOTE' and Script kiddies often have no clue that it's a real warning- don't use without knowing the code contents- would you drink something you didn't know anything about it's contents? I wouldn't- anymore


    Back on topic...

    The purpose of this off topic information is to further help you understand what's at stake and what you may one day need to explain to your boss, girlfriend, friends etc... if they lose it when your fake viral email (they spoof your email address and some are very cleaver about making it really look like you sent it including finding ways to get your IP address (which for most people is static, dynamic in reality but who really turns

    their broadband modem off and back on again very often (the only way to change your IP is to recycle your modem other wise your on one LONG session of the same IP and until that connection is lost- it's static)?

    The damages they could cause just based on how most people are reactive not active thinkers (even if they claim they think for themselves most people are actually reactive- they react to life not dominatingly living their life thus when something happens like say they open an email from YOU and click the link and find their hard drive infected- they blame you before rationally thinking it through (even I didn't realize an email address could be so problematic!) is mind boggling.

    If you don't think that most people are reactive thinkers think on this: Why do those rediculous and annoying popups that keep popping up pissing people off- keep going? because someone out there is buying from that popup and keeping the popup momentum going- they don't care about your annoyance- they care about the 1 in 10k people who do buy- the rest can go to hell I'm sure- the same formula applies.



    [​IMG]




    Your Email Could Get You Fired

    The serious implications of someone harvesting your email are no longer simply "annoying" or causing you to reformat your drive to remove the virus that's sending email without your permission (or even awareness). No those days now are cherrished as the fix was annoying but worked.
    Now, if they get your email, no virus is needed, other than one to harvest the list in your account. These hide in cool plugins for your browser, shareware, and even scripts on email/html sites... but this new (or old?) thing- even a mac user is compromised (what I mean by that is, if you didn't know, you can't attack a MAC computer with a standard virus- I heard years ago one virus got through but was quickly plugged (the hole).
    So many people like MAC, especially in the old days of AOL proggie hacking and annoying other members of the community with a Visual basic program that would allow you to harness the power of the cheap aol browser/construct to harass and "punt" offline, any AOL user simply by hitting a button on a program- a 2 year old could do it). MAC users were immune to this and would laugh at the PC users (more politically correct PC means personal computer but often non mac computers were called PC's let's say instead windows users) and even found ways to

    build those programs to work on a mac (for harassing but they couldn't be touched- they were the AOL mob squad lol).
    Sorry, off topic again- so much to say so little space.
    Now once they harvest your email they can send everyone in your list (or everyone in any list that includes you) any type of email and spoof it to look like it originated from your IP address, your computer/email program, and so on. If pressed a hacker could be hired to prove you didn't or if your savvy you could also prove it- but most people aren't that savvy or don't know a real hacker (or good programmer or someone proficient in email and code etc...).

    What if they sent your boss some information that only you should know? What if they hacked into your email or somehow aquired some inside information about your work place protected by a non-disclosure agreement and made up some story about how you told them everything and they didn't think you should be trusted.

    The implications here are that someone who knows you and wants to get back at you for taking their girl or whatever you did to upset them, and since you knew them you let them either have access to your pc (a thumbdrive can be purchased that will instantly plant a virus, keylogger and worse- just by putting it into the usb drive- which on most computers is hidden in the back so you'd never even know they did

    it! With the keylogger alone they could have it email them everything you ever type- passwords are the least of your concerns- it's the things you type at work that are an issue here as they can easily gain credibility in saying your "sharing company secrets" simply by giving up that chit you typed one day that nobody else could know.

    Likely- if your boss is an internet guru or knows some stuff about computers, he/she would know all of this is possible and wouldn't idiotically jump the gun wihtout at least talking to you, but again, many bosses are not so proficient- so you better know how to explain the potentials of this abuse to him/her (hence why I'm telling you this now!).

    With your email address and a keylogger they can destroy you.
    Back to the normal- they just got your email address from someone who was hacked's email contacts or themselves were spammed by someone they met on a forum and want to teach that person not to spam them (hackers really hate spam!) they would likely employ a campaign to spam all your contacts with an email coming from you and getting them to click a link. The rest is history.
     
  4. MziziMkavu

    MziziMkavu JF-Expert Member

    #4
    Oct 8, 2011
    Joined: Feb 3, 2009
    Messages: 38,553
    Likes Received: 2,824
    Trophy Points: 280
    [​IMG]




    It Wasn't Me- Stop Yelling- Sheesh!

    That last section was meant to open your eyes not scare you- use that fear in a good way and start talking to your friends, boss, coworkers, BEFORE they are hit with the fake virus. Create a specific signiture and a code that if it's not in the SUBJECT line- is not you. Think of it like in the old west when you signed a contract you left your mark (cause most people didn't read too good lol), this one diviation from your normal subject line format could be the difference between them getting it and NOT opening it and NOT blaming you-
    How do you tell them?

    Show them this article. I need the link juice lol, but seriously- show them this email before during or after the event takes place (better before or during) and "nuff said". I actually read an article here that opened my eyes.

    Once I thought I was hacked, I got paranoid and started looking through my sent folder and new mail and figured out I had fake sent 5 people including two of my bosses (who was witty enough to realize it wasn't my doing- I do work on the internet afterall!). When I saw that my bosses recieved a nice copy of a viral link from yours truly- I immediately instant messaged them and they said, yea I saw that- sucks but common- how dumb do they think people are?

    The reality is my bosses were keen but many of my friends are not so keen- and one actually clicked the link to prove she wasn't (I still love ya friend from Venezuela!). But worse many of my friends are associates too so what scares me is:

    • Until TODAY If someone's email account sent me a virus or marketing pitch designed as an unsolicited email (yea like facebook advertising with your image without your permission or even paying you!) I would "reactively" (I'm more active than reactive for the record lol) think, oh boy, I know not to trust this person 100% because if they downloaded something and it gave them a virus- I mean how dumb do you have to be?
    I never get viruses because I do my homework, learn how the latest viruses are propagated and how to protect myself- don't open emails from strangers and definitely don't download programs, sometimes even from friends that are acquaintances (I mean they could easily plant a virus just to monitor my activities to compete with me?

    A little parinioa is fine- it may save you. I no longer subscribe to the mentality (which by it's nature was ignorant anyway)- I now know that sometimes it's simply outside someones control- and even I can't always spot a spoofed email- their getting cleaver with those headers and internal page code.

    I myself would need to hire a proficient hacker or programmer to verify it! My fear now is that "I could be the one they think, how stupid do you have to be to get a virus- especially from email? Now you've compromised my email address!"
    So I wrote this email for my friends, family, and anyone else who backlashes at me based on an email they received supposedly from me- it wasn't me- get over it and delete it if you see that. Anything starting wtih RE: and nothing else IS LIKELY NOT FROM ANYONE REAL OTHER THAN AN ADVERTIZER OR VIRUS.

    • Those friends of mine that are victims of this email spoofing (gaining instant trust because they think it was from me but I had no hand in the game) getting hurt by a virus, stress, and building undue paranoia that makes their online experience bad- or worse that they start rambling to others that the internet isn't safe, and EVERY email is dangerous- yea I know a few of these types- I love them anyway- but they really need to get a clue before passing on ill conceived and unsubstantiated information propagated by fear and anger blended with frustration. Stop. Breathe. Contact me. I'll explain the whole thing (or show you this post).

    • Reputation damage due to associates I just met all of a sudden getting a viral email and thinking I'm incompetent to do business with- I mean (goes back to the old mentality I had too) whose dumb enough to get infected with so much literature online about how to protect yourself? Don't you have Avast??? Norton??? etc... what's worse is some of these associates may fit into the "friends with less internet awareness/sense" that may ramble about me to others and without my even doing anything could start controversy!
    Especially if this happens to someone whose part of a forum I'm a part of- think about this- scary chit, and often what's the most scary is the reactive thinker (not a bad person in any way- just not too forward or independent thinking thus let others and environmental "actions" affect them reactively- those same people I love for buying products on my affiliate sites (good products none the less but are "easy" to sell on it

    because they are likely not "tire kickers"- are the people that frighten me in everyday life- anyone whose ever been hit by a bs rumor mill on a forum due to an overzealous person whose just blindly attacking people for no reason other than needing attention- knows what I'm talking

    about- it's the same thing as a kid having the power these days to call 9-1-1 and lying to the operator that "mommy just beat me with a frying pan" or worse- and the police reactively won't often think proactively first- they will arrest you and ask questions later- I've seen this happen to people- children can be terrifying in this "new world".

    I think you get the idea- think before you act/react-
    If you think that this could be potentially hazardous to your health, reputation, or worse do what I'm doing and write something to simply link them to to explain everything so they can relax- they are not infected

    Someone spoofing your email and sending porn links to you family members, friends, or boss whose already (if you work in the same building, unlike myself I work online as an independent contractor basically) paranoid that your using company time to surf porn or facebook (your screwed either way)- and gets an email thinking that this was the result of what he was paranoid of (which is not only unsubstantiated but not true)- do you see how this can get bad for you?
    You can, again, link them here as I think I covered everything needed to defuse their worries.



    [​IMG]




    The Bottom Line... Your Not Neccessarily Infected If They Get These Emails


    You may not be infected- but whomever has your email address and is sending this stuff out- is marketing under your name or worse is causing havoc to sell some Viagra, or worse they may have devious motivations even if they never meet you or your friends and don't even

    see the effects of their tyrone- they do it for the thrill, to feel better about themselves- at your expense.
    I suspect this is merely used mainly as a free advertising and cleaver and upsetting advertising practice. Since pop-ups are losing momentum, spam has all but lost it's real power- they are desperately trying to find new ways to propagate their ads- they really should boycott any

    product that uses this process- however- what may be REALLY scary is that these unscrupulous advertizers (not the actual product merchants ads but the vehicle they trust such as an ad firm they think uses legitimate means to push their products to people) may be liying to the merchants and they have no idea how bad their reputation is being tarnished when they would never do such a thing as unscrupulous (yea I

    liike that word scruples) as hijacking people and using them as hostages to sell their products. The likely culprit is doubleclick or other big businesses that hire hackers to create these schemes and propagate them using bots to scrape the web for people who unknowingly post their email in the public eye (forums, sites, etc. legitimately but don't realize the dangers!
    Another name for this hub could be "The Serious Dangers Of Posting Your Email Address ANYWHERE publically!" You really should protect

    your email like you do your social security number- only give it to legitimate and highly trusted people- don't put it on business cards, put a URL to your site and include an easy to install form that doesn't require them to actually see your email! At least not unless you reply back to them- and there are ways to hide it even then! This is the 2011's not the 80's when there weren't options and awareness of this type of sociological terrorism.
     
Loading...