# fake posts warning that member's passwords have been hacked



## rescuepenguin (Apr 21, 2010)

Just a friendly warning for everyone, I came across a post on a forum ( not this one) which was set up as a warning to the admins that the forum's database had been hacked, and a list of all the member's nick names and passwords were posted on a certain website. They provided a link to the page. 

It also provided an invite for all members to check to see if their names were on the list, and for them to change their passwords if their names were there.

When you follow the link, it tries to download that fake anti virus software which has been discussed on this forum in other threads. I recommend that everyone ignore these posts and alert a mod to its existence.

Steve


----------



## effox (Apr 21, 2010)

Good find Steve, thanks for sharing with community.


----------



## davefrombc (Apr 21, 2010)

Here is a copy of an article posted on another forum .. original source unknown.

The next time a website says to download new software to view a movie or fix a problem, think twice. There's a pretty good chance that the program is malicious.

In fact, about one out of every 14 programs downloaded by Windows users turns out to be malicious, Microsoft said Tuesday. And even though Microsoft has a feature in its Internet Explorer browser designed to steer users away from unknown and potentially untrustworthy software, about 5 percent of users ignore the warnings and download malicious Trojan horse programs anyway.

Five years ago, it was pretty easy for criminals to sneak their code onto computers. There were plenty of browser bugs, and many users weren't very good at patching. But since then, the cat-and-mouse game of Internet security has evolved: Browsers have become more secure, and software makers can quickly and automatically push out patches when there's a known problem.

So increasingly, instead of hacking the browsers themselves, the bad guys try to hack the people using them. It's called social engineering, and it's a big problem these days. "The attackers have figured out that it's not that hard to get users to download Trojans," said Alex Stamos, a founding partner with Isec Partners, a security consultancy that's often called in to clean up the mess after companies have been hacked.

Social engineering is how the Koobface virus spreads on Facebook. Users get a message from a friend telling them to go and view a video. When they click on the link, they're then told that they need to download some sort of video playing software in order to watch. That software is actually a malicious program.

Social-engineering hackers also try to infect victims by hacking into Web pages and popping up fake antivirus warnings designed to look like messages from the operating system. Download these and you're infected. The criminals also use spam to send Trojans, and they will trick search engines into linking to malicious websites that look like they have interesting stories or video about hot news such as the royal wedding or the death of Osama bin Laden.

"The attackers are very opportunistic, and they latch onto any event that might be used to lure people," said Joshua Talbot, a manager with Symantec Security Response. When Symantec tracked the 50 most common malicious programs last year, it found that 56 percent of all attacks included Trojan horse programs.

In enterprises, a social-engineering technique called spearphishing is a serious problem. In spearphishing, the criminals take the time to figure out who they're attacking, and then they create a specially crafted program or a maliciously encoded document that the victim is likely to want to open -- materials from a conference they've attended or a planning document from an organization that they do business with.

With its new SmartScreen Filter Application Reputation screening, introduced in IE 9, Internet Explorer provides a first line of defense against Trojan horse programs, including Trojans sent in spearphishing attacks.

IE also warns users when they're being tricked into visiting malicious websites, another way that social-engineering hackers can infect computer users. In the past two years, IE's SmartScreen has blocked more than 1.5 billion Web and download attacks, according to Jeb Haber, program manager lead for SmartScreen.

Haber agreed that better browser protection is pushing the criminals into social engineering, especially over the past two years. "You're just seeing an explosion in direct attacks on users with social engineering," he said. "We were really surprised by the volumes. The volumes have been crazy."

When the SmartScreen warning pops up to tell users that they're about to run a potentially harmful program, the odds are between 25 percent and 70 percent that the program will actually be malicious, Haber said. A typical user will only see a couple of these warnings each year, so it's best to take them very seriously.


----------



## oakley1984 (Oct 10, 2010)

ALL of that is simply common sense...


----------



## bingerz (Mar 3, 2011)

lol...i need the cliff notes for that. if it's common sense then i won't bother. =)


----------



## rescuepenguin (Apr 21, 2010)

bingerz said:


> lol...i need the cliff notes for that. if it's common sense then i won't bother. =)


It is common sense, but all it takes is to let your guard down once. A computer's user is its weakest link. Social engineering is the most effective way of hacking, scamming, and even stealing. Even when you get the warning that you are about to download something malicious, some people are so despirate to stop it, that they accidently click on the window to install it.

btw The most skilled scam artist I have ever known, used social engineering. If all else failed she threatened to sue people if she didn't get her way.

Steve


----------

