GL1800Riders Forums banner

1 - 12 of 12 Posts

·
Registered
Joined
·
994 Posts
Discussion Starter #1
I received an email from Newegg.com confirming that I had just purchased a new Sony computer for $2400. The details of the transaction could be seen by clicking on the "self extracting" attached PDF file. I have never dealt with Newegg before so I looked at the details of the attached file and it was 37679041.PDF.EXE

I did not like the looks of that EXE on the end so I called Newegg and they confirmed that it was a virus being sent. Be on the lookout.
 

·
Registered
Joined
·
1,244 Posts
That exe file probably would install a key-logger program that sends the info over the internet to somewhere to be analized for username/password, credit card, and other personal info. The only clue you would have is your computer may run a bit slower than it used to.
 

·
Firm Member
Joined
·
3,159 Posts
Good Catch Jim,
Thanks!
 

·
Registered
Joined
·
4,157 Posts
Yeah, good catch!

Remember, never open any *.exe files or click on any link in an email. Even if it's legit you can get the same info when you go to a company's website without using the link.

Here's a little list:
ebay - If it's a legitimate email from ebay you will have one in your ebay account also.
American Express - They will send you emails with links in them, but either call or get on their site your normal way.
Chase - Will send you links, but never asking for password or personal info.

There are no vendors I know of that will send unsolicited emails asking for personal info.

Beware, the internet can be a dangerous place.
 

·
GL1800 Doctor
Joined
·
20,222 Posts
This is a malware item that gives you a taste of Trojan-Downloader.Win32.Agent.aav

Norton AV or Mcafee AV should be able to clean it up. :D
 

·
Registered
Joined
·
270 Posts
You da man Jim. 8)
 

·
Registered
Joined
·
4,935 Posts
Thanks for the heads up.

A question to all you computer guru's out there:
I run ZoneAlarm firewall, would these keyloggers be stopped from sending the info by my software?
 

·
Registered
Joined
·
2,577 Posts
RE: Zonealarm. Probably not.

Firewalls, especially "consumer" software types are usually designed only to stop unwanted INCOMING connections. Anything going from your computer onto the network is generally considered safe. Micosoft's Windows XP firewall is one example of this. The hardware firewall in the cable/dsl router works the same way... stuff and go out, but nothing comes in unless requested.

Some software firewalls have a "training" mode where every time a program wants to talk to the network or receive something from it, the software stops the action while it asks you if it's OK. You can then easily create a "rule" for that program allowing it to talk to anyone or just a selected address.

On my Windows machines, I run the Kerio Personal Firewall. It's free for home use (with some features disabled after the trail) and inexpensive for commercial use. It has just a training mode and I leave it on all of the time. It's amazing how many Windows programs think they need to talk to someone over the internet.

There ARE ways around even this kind of firewall... but it'd require the user to have created a rule allowing another program to talk to anyone.

That's where my Spybot Search and Destroy kicks in... it'd pop up a warning that 123456.exe is attempting to launch someIElibrary.dll and do I want to allow this.

By paying attention to what you're doing (as the original poster did), using common sense, keeping Windows machines updated on a regular basis, using Spybot Search and Destroy (free but donation requested), Avast! anti-virus (free for home use), Kerio Personal firewall (free for home use) there is no reason for a home-based Windows computer to be infected or to infect others via the Internet. Add in a hardware device like a $30 Cable/DSL router and the system is even more secure.

Unfortunately, this is not happening. I read a white paper yesterday at work that showed that over half of the machines that had been taken over by trojans and were being used to spread spam (penis enlargement and stock scams mostly) were running Windows XP Service Pack 2 and were in North America. All but about 20% of the rest were running Windows XP Service Pack 1 or 0 and were in North America.
 

·
Registered
Joined
·
20,956 Posts
so what ever happens to the folks behind all this garbage if they ever get caught ?
 

·
Registered
Joined
·
1,244 Posts
cycledude said:
so what ever happens to the folks behind all this garbage if they ever get caught ?
Not much. The cases are too difficult to prove. Maybe thier ISP will cutoff thier internet access but they just get access somewhere else in a short time. Personally, I think they need to load them into the cargo bay of the next shuttle mission and released into orbit to fend for themselves. :D
 
1 - 12 of 12 Posts
Top