Stopping a Virus Writer - Page 2
Page 2 of 7 FirstFirst 1234 ... LastLast
Results 11 to 20 of 68

Thread: Stopping a Virus Writer

  1. #11
    Junior Member
    Join Date
    May 2005
    Posts
    12
    Originally posted here by DjM
    How are these 'Viruses' being delivered? Do they come as an e-mail attachment, or via IM? How do you know they are viruses, what do they do?

    Cheers:
    I believe that they are coming in as attachments but I am not sure. I myself haven't gotten one. Yet.
    The virus are attacking the antivirus programs themself. They won't allow one to access the website of the particular antivirus being used at the time. As in Norton and McAfee. I can come back here later with an exact description and method of delivery.

  2. #12
    Junior Member
    Join Date
    May 2005
    Posts
    12
    Originally posted here by Striek
    If you post your website somebody might be able to figure out how he keeps signing up with new email accounts.

    Of course, I have 5 addresses available through my ISP, which I can change anytime I wish. He might be doing that too.
    Our website is
    http://www.chins-n-quills.com/forums/
    I will be getting exact information from those affected shortly today or tomorrow so that I can answer questions with more knowledge.

  3. #13
    They call me the Hunted foxyloxley's Avatar
    Join Date
    Nov 2003
    Location
    3rd Rock from Sun
    Posts
    2,528
    Threads: 61,145, Posts: 593,557, Members: 3,713
    Thats some forum .............
    As it's that size, I would HOPE your admin / mods were better able to protect your assets.

    As previously requested :

    Delivery method : EMail attachments can be stripped by default ? [OE anyway ]

    Numbers involved in attacks : How many members are targeted ? - how often ? - same people ? or different each time ?

    time line of attacks : when did you notice them starting ? When do you SUSPECT they started ?

    frequency of attacks : how long from p155ing him off to getting attacked ? - lifecycle of an attack ?
    55 - I'm fiftyfeckinfive and STILL no wiser,
    OLDER yes
    Beware of Geeks bearing GIF's
    come and waste the day :P at The Taz Zone

  4. #14
    Junior Member
    Join Date
    May 2005
    Posts
    12
    Originally posted here by foxyloxley
    Thats some forum .............
    As it's that size, I would HOPE your admin / mods were better able to protect your assets.

    As previously requested :

    Delivery method : EMail attachments can be stripped by default ? [OE anyway ]

    Numbers involved in attacks : How many members are targeted ? - how often ? - same people ? or different each time ?

    time line of attacks : when did you notice them starting ? When do you SUSPECT they started ?

    frequency of attacks : how long from p155ing him off to getting attacked ? - lifecycle of an attack ?
    I have found out that I was wrong before. I said that my board required a ISP email account to regester. In fact, one can use a free web email such as yahoo and regester. I know that changes things. I will have answers to these questions within the next day or two. Thank you everyone who is trying to help!

  5. #15
    Junior Member
    Join Date
    May 2005
    Posts
    12
    Ok, this is what I have been able to find out for sure so far:
    The MOD's are banning this guy by his ISP but he keeps coming back using a different ISP somehow.
    The viruses are coming in an attachment both in MSN messager and in email and the attachments are made to look as if they are coming from someone reliable. I don't know if the attachments can be stripped by default.
    There have been four people attacked so far in the past month. Each time the virus is different. One of the viruses was named "mitleader", I don't know what the other one is named yet. It's hard contacting the people affected because their PC's are down and they are having to use someone elses. Every time the same people are being attacked. One of them is one of our MODS. They are the same four that have had words with this guy on the board. The attacks started about one month ago and two of the four have been hit twice. One person got the first virus, spent a great deal of time and money getting rid of it and today was attacked again. This time the virus sent itself to everyone in her messanger list.
    The attacks seem to be occuring within two days of this guy getting pissed off. I suspect that there are more victims that have gotten a virus but don't know where it came from. It's just kinda funny that the same four people who he has had words with are the ones being attacked so we are pretty sure who is doing it. I don't understand what is meant by "the life cycle of attack". I will have more information tomorrow or the next day as the MOD's and I are getting together to discuss this.

  6. #16
    Frustrated Mad Scientist
    Join Date
    Dec 2004
    Posts
    1,152
    I would still put out a recomendation to everyone on your board to get firewalls and up to date AV. It may not help but it won't do any harm. Get their machines patched up as well.

    Are you able to tell where this troll is geographically? If you can narrow their location down to a country it may be worth contacting the law enforcement there. Obviously that is easier if it is the US. I don't know how helpful they would be but you never know.

    Have you spread the information around your board that there is a Troll speading viruses and that your members should be very wary of opening any attachment even it it appears to come from a trusted source.

    You could also recommened that everyone double check the source of an attachement before opening. I.E. Mr A. recieves an attachment addressed From Mrs B. Mr A. emails Mrs B. to confirm the attchment was sent from Mrs. B. If B confirms that she sent it A can open it. If B does not know about the email it is probably sent by the Troll and should be deleted.

    I'm not an msm user so I'm not sure if the above would work for it.

    the Troll can make his messages appear to come from other members of your board quite easily but it is much harder for him to intercept messages going back out.


    Just a thought: If this little **** is writing new viruses which are not being caught by your AV (which is up to date), how do you know you've got a virus?

  7. #17
    Junior Member
    Join Date
    May 2005
    Posts
    12
    We didn't want to panic anyone at first because we were not totally sure that what was suspected was true but after yesterday, we now are convinced that our troll is sending these viruses. Therefore we will be following your advice and warning our members and suggesting what you did. BTW, you have some very good suggestions, thank you.
    We know it's a virus because no matter how he writes it, it does the same thing. Among other things it denies the user access to their respective antivirus programs. It's the same four people getting the same virus, and in some cases, twice. It's the same four people who have had words with this one guy and he has threatened to "get you" before to these members. However yesterday it was sent to a member who had had it before and this time was caught by her antivirus program (Norton). I instructed her to save all the information about it that she could but I don't know if she understood me. I have been thinking of going at this guy myself to see if I can piss him off enough to send ME one so that I can get more information about it. I am behind a firewall and am up to date and have saved all important stuff from my pc in case I have to reformat. My pc is rather old and I have been thinking of getting a new one anyway.
    We are pretty sure he is in the Texas area.
    A while back, on the Tennessee Titans Message Board there was a guy that started sending me viruses. I knew it was him because everytime we got into it, within two days I got a virus. If I stayed off the board then the viruses would stop. Within two days of being back on the board they would start up again. I was lucky and my antivirus program caught each one but it was scary enough that I finally just quit going to that board. I don't want this to happen to our hedgehog board. I feel that I have been run off of one board this way and refuse to be ran off or intimadated into leaving the hedgehog board.
    Thanks for all of your suggestions. I am taking notes and fully intend to see this to the end!

  8. #18
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    Originally posted here by jett1960
    Ok, this is what I have been able to find out for sure so far:
    The viruses are coming in an attachment both in MSN messager and in email and the attachments are made to look as if they are coming from someone reliable.
    For the ones that come in via email attachments, check the headed records on the email itself. These records should give some idea to where the email is actually originating from. If you don't know how to read the header records, remove any personal information from the header record and post it here, we'll see if we can track it down.

    Cheers:
    DjM

  9. #19
    Senior Member
    Join Date
    Oct 2001
    Location
    Odessa
    Posts
    268
    I was looking around on the board you posted. I did not see anything letting members know that someone using the boards may be spreading viruses. You should talk the Admin/s into making ATLEAST a post stating this. Maybe make it a sticky in EVERY forum. You may want the board to send an email or PM to everyone letting them know. Of course do not include the suspect. When you let the members know, I wouldn't tell them that persons user name JUST incase he is not to blame. Just state the fact that there is someone (more than likley) on the board spreading viruses around. Let them know that it seems to be spreading through instant messengers, emails, and however else you may think. Let them know it is in their best intrest to:

    1. Have an UPDATED virus scan installed. (If they need one, I recomend www.Avast.com . There are other free ones as well. )

    2. Have the latest Windows updates.

    3. Install and update Ad-Aware. ( http://www.download.com/3001-8022_4-10319876.html )

    4. Install and update Spybot. ( http://www.download.com/3001-8022_4-10289035.html )

    5. Run a firewall.

    6. Scan EVERY file sent to them no matter who it is sent from, or what it is sent through.

    7. GOTO 6!

    8. Check for updates to everything AGAIN... again, AND OVER.

    9. Run the scans OVER... over, AND OVER!


    Also, you may want to let them know it may be a good idea to disconnect from the Internet while not at the computer.

    Good luck and keep us informed.
    [gloworange]DISLEX[/gloworange]

  10. #20
    Junior Member
    Join Date
    May 2005
    Posts
    12
    One of our MOD's will be here shortly and she can give better information .
    I would like to say thank you to everyone who has tried to help us.
    We are listening to what your saying and will take your advice!
    The MOD's name on here will be "Tindale".
    Thanks again!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides