Exclusive: GMC Trojans and You

Posted by takua108 on May 4, 2006, 3:54 p.m.

Okay, it's not really exclusive, but whatever. Good hook to get you to read this, no?

I literally <i>just</i> got home from school when I got this e-mail, apparently from the GMC:<fieldset><legend>Suspicious E-Mail</legend><font size="-7" face="Courier New, Courier, mono">From - Thu May 04 15:38:49 2006

X-Account-Key: account3

X-UIDL: 0MKuxu-1Fbk8T3XHE-0007E6

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-Path: <nobody@cust4655a.ipslink.com>

Delivery-Date: Thu, 04 May 2006 16:09:18 -0400

Received-SPF: none (mxus0: 67.15.173.51 is neither permitted nor denied by domain of cust4655a.ipslink.com) client-ip=67.15.173.51; envelope-from=nobody@cust4655a.ipslink.com; helo=cust4655a.ipslink.com;

Received: from [67.15.173.51] (helo=cust4655a.ipslink.com)

by mx.perfora.net (node=mxus0) with ESMTP (Nemesis),

id 0MKuxu-1Fbk8T3XHE-0007E6 for adam@thetyphooncorp.com; Thu, 04 May 2006 16:09:17 -0400

Received: from nobody by cust4655a.ipslink.com with local (Exim 4.52)

id 1Fbk8Q-0002VN-SV

for adam@thetyphooncorp.com; Thu, 04 May 2006 15:09:14 -0500

To: adam@thetyphooncorp.com

Subject: Administration forums.gamemaker.nl ( From Game Maker Community )

From: "Game Maker Community" <gmcommunity@gmail.com>

X-Priority: 3

X-Mailer: IPB PHP Mailer

Message-Id: <E1Fbk8Q-0002VN-SV@cust4655a.ipslink.com>

Date: Thu, 04 May 2006 15:09:14 -0500

X-AntiAbuse: This header was added to track abuse, please include it with any abuse report

X-AntiAbuse: Primary Hostname - cust4655a.ipslink.com

X-AntiAbuse: Original Domain - thetyphooncorp.com

X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12]

X-AntiAbuse: Sender Address Domain - cust4655a.ipslink.com

X-Source:

X-Source-Args:

X-Source-Dir:

Envelope-To: adam@thetyphooncorp.com

X-SpamScore: 0</font>

<b>We offer you to take a part in our new tournament.

Just register in the application below:

<font color="#ff0000">[LINK REMOVED -ed]</font></b></fieldset>

Either I already have viruses already, and they're just being tricky, or something is awry with the GMC. And yes, I'm intelligent enough to see that this didn't come from the GMC, although I'm supposed to think that it did. However, now that I look closely at the headers, it at least <i>looks</i> like it came through an Invision Power Board…

I find it suspicious that the GMC is also down while this is happening…

And by the way, do yourself a favor and <i>don't</i> go to that URL…I'm pretty sure it's spyware or a virus. I'm too cautious to check.

I think that the GMC might've downloaded Trojans or whatever automatically…here's ewido's summary of what was wrong:

<fieldset><legend>ewido anti-malware - Scan report</legend><font size="-7" face="Courier New, Courier, mono">+ Created on: 4:11:17 PM, 5/4/2006

+ Report-Checksum: BBCFF370

+ Scan result:

HKLMSOFTWAREClassesCLSID{3E422F49-1566-40D3-B43D-077EF739AC32} -> Adware.Generic : Cleaned with backup

HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{3E422F49-1566-40D3-B43D-077EF739AC32} -> Adware.Generic : Cleaned with backup

HKUS-1-5-21-1202660629-1409082233-725345543-1003SoftwareMicrosoftWindows CurrentVersionExtSettings{3E422F49-1566-40D3-B43D-077EF739AC32} -> Adware.Generic : Cleaned with backup

HKUS-1-5-21-1202660629-1409082233-725345543-1003SoftwareMicrosoftWindows CurrentVersionExtStats{3E422F49-1566-40D3-B43D-077EF739AC32} -> Adware.Generic : Cleaned with backup

C:WINDOWSsystem32NaviHelper.dll -> Adware.Navi : Cleaned with backup

::Report End</font></fieldset>

More details at ten…or whenever AVG gets done scanning my 180GB computer.

<i>Later that night…</i>

Oops…kind of forgot about this. Anyways, AVG turned up negative, so I guess it's all good now.

Comments

ludamad 18 years, 6 months ago

Need not fear kenon, I specified that you were too lame for the virus. XD

takua108 18 years, 6 months ago

WTF was that for?

neonut99 18 years, 6 months ago

You have to expect this is gonna happen sometime. I mean, its got 1000's of hits daily, and lots of them are highly experienced programmer and geeks/nerds!

BTW. Hacking is what hackers do.

I'm becoming a hacker. They program.

Cracking is what crackers do.

Cracking is the bad stuff.