OK, I am just too tickled not to make a comment.
First, the spam attacks lol I love these long drawn out mails from here that lead up to the final point of wanting to exchange yahoo information.
For those that may not know I want to go ahead and share some insider info. Well, its common really but like I said, I was tickled.
First, the DNS redirect. This is the most obvious attack a "spammer" would use. A dns redirect is pretty easy to do when you have an ip address.
So here is yaho scene 1.
Person actually writes a very convincing letter and you respond. You are then tricked into a conversation via yahoo. A webcam is almost always involved or, pictures are being sent.
How to spot the attack: When you chat with someone new on yahoo, do not direct connect OR let the software to an API direct connect. When someone drags a picture into the IM window and sends it to you (instead of selecting the send file option) they will be able to discover your ip address.
What will they do? If your a broadband user the DNS redirect is the first target. I know of 300 DSL and cable routers and modems that I can access via TELNET and TFTP using factory set passwords. These passwords are usually specific to each vendor brand. I can, if I know your IP address, log into your modem or router and configure a static DNS. The static DNS will be computers I control that will LOOK like the regular internet only that when you go to an address like paypal.com you will be seing an identical copy BUT your log in information is logged and sent to the hacker while you continue on thinking you are using paypal like normal.
Effective: I would give this a 40-60% success rate for ALL dsl subscribers and the m series of modems are VERY easy to crack.
Will this attack happen to you? Most likely not. Its a very serious attack and matchdoctor.com is too obvious. Still, have you ever noticed how sometimes http://matchdoctor.com is different than http://www.matchdoctor.com?
Scene 2:
This is the 2nd MOST common!
Bot install. Again, using the direct connect or webcam feature in yahoo, an attacker can (if they know the api well enough) use a long list of very easy exploits. The first will be to expose your computer. Yahoo is one of the ONLY chat clients with this problem. What the attacker can do is use either an injection attack that will execute code on your computer or have you go to a webpage that does the attack. The code executed will most likely trigger a web browser window to secretly (by passing in an iframe) install an application that will either display ads on your computer or be used to attack sites by doing Ddos attacks.
This is one of the most common reason people are spamming matchdoctor.com trying to get your yahoo address! They want to install a botnet! The botnet is a neat piece of code. Usualy it will be an irc server running on the web. The bot connects to the server and gets its commands from the irc chat window via encrypted text. Makes them damn hard to find and 90% of the REAL botnets can not be found seen or removed by any known anti virus software.
Why? The botnets that are in control out there generate anywheere from 23-100 million a DAY. Its spread out over different companies/people who rent out the botnet.
**--insider secret--** if you think you have a botnet (did you download a torrent?) press ctrl+alt+del, the three finger solute, then check the running processes. You should see a bunch of svchost.exe processes running. Some registered to System and some registered to the User. (this may crash windows explorer so save your work first). Start with the first svchost.exe registered to the computer user, not the system. Right click and click End Process Tree. It will shut down and keep an eye out on your task list. If you see a program name jump up, usually a random combination of letters, run for a second then go away right away you have found your botnet.
That random program name is generated by the svchost application. The botnet is loaded into memory, configured, then set to run then the launcher is shut down so you can't actually shut down the botnet process. All you can do is shut down the svchost that the botnet is binded to (but the program stays in memory until a reboot).
Haulistic scanning wont find anything, the math is encrypted until run time so you can't scan the file in plain text mode and find characteristics that would only be present in a virus or botnet. Thats how 90% of the viruses are found. Script kiddies write sloppy code with a ton of if then statements and massive memory leaks.
The last bit, Scene 3, is the lesser common but still used.
I can harvest your e-mail address by getting your yahoo id. Do you really use the yahoo id? I could care less. I only want to capture it.
Then, I want your name. If I can, I will get your address.
Have any of you heard about the Can-Spam act? Its a law in the US mainly that says you can not e-mail someone about business without their permission. Second, you can not offer that information to anyone else without first getting consent. Anyone caught in violation of the can spam act, the fines come to the total of millions (google it, some real scum bags have been captured). So why does that get involved with matchdoctor.com and other social networking sites?
Step one of the can spam act...no business can contact you without consent.
By you giving them that yahoo id, that is satisfied. They are now free to contact you. From there they will either trick you into singing up to a mailing list that simply means phase two is satisfied. The spammer will be LEGALY PROTECTED at this point. Thats the down side to can-spam. If you meet the guidelines you are protected by US law. That means you got free reign!
I'll cut to the chase on this one. On average I can expect to make $3-5 US for every person I harvest AFTER I've harvested about 10k or so. 10k takes about a month to collect. The reason why spammers want real information to attach to you is because its easier to scam the affiliate companies. If I were the spammer, I would get you talking to me and thinking I'm really interested. Then I'd get your name. Its easy to nail down an address. The easiest way, do a google map search around their zip code and pick a school or other large known landmark and see where they are from there. Usually a person would give you enough to head over to phonebook.com to search for the phone number and address. From there you get the drivers license number and from there the social security number (you use the DL number to register to vote. Your social is then exposed, no I wont say where but yes it is publicly and (it legaly has to be) there). I know this last part to be VERY true because I had the rare opportunity to setup and configure the new election computers used here in FL.
I digress, anyway. So now I have your address and phone number and everything.
Here is where the money comes in.
Copy & paste to friend: (Click inside box; Ctrl + C to copy; Ctrl + V to paste)
|
|
read more blogs!
|