Spam PM on this forum

[Mr-Protocol]

This was just sent to me from MannInBlackk and I believe it to be spam... Be advised everyone.

Hello, friend. There are viruses' activities from your computer in last few days. Strongly recommend you to check your computer. You can find a report about your computer's security and solve every problem with it here: http://www.check-pc.net/detected/(AccountName)
Thank you. Forum member.

[dingoatemybaby]

I have been sent the same - word for word with my user name put in. I strongly urge people NOT to click on any links.

I also urge people who run this whole site to check for compromised security.

I have Kaspersky and a truckload of anti-virus gear. The chances of me having any virus or malware are very small. Mannin black should also be banned from the forum unless he or she is an innocent victim of a hacked account.

[Mr-Protocol]

Actually... I'm going to click it LOL but in a virtual machine... Let's see what it is :D

[dingoatemybaby]

I knew it. I have just done the "wet paint". lol.

OK. Virtual machine. Maybe Linux as well could be a good idea. And sandboxing. But I'm not touching it with anything.

[Mr-Protocol]

Eh, XP virtual machine i could care less about. Says page cannot be displayed. Installing Wireshark in VirtualBox VM of XP to see what packets look like.

[Mr-Protocol]

GET /detected/Mr-Protocol HTTP/1.1

Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, */*

Accept-Language: en-us

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)

Accept-Encoding: gzip, deflate

Host: www.check-pc.net

Connection: Keep-Alive



HTTP/1.1 302 Found

Date: Wed, 27 Jan 2010 07:19:29 GMT

Server: Apache/2

Location: http://www.check-pc.net/pc/out.php

Content-Length: 286

Keep-Alive: timeout=1, max=100

Connection: Keep-Alive

Content-Type: text/html; charset=iso-8859-1



<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.check-pc.net/pc/out.php">here</a>.</p>
<hr>
<address>Apache/2 Server at www.check-pc.net Port 80</address>
</body></html>
GET /pc/out.php HTTP/1.1

Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, */*

Accept-Language: en-us

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)

Accept-Encoding: gzip, deflate

Host: www.check-pc.net

Connection: Keep-Alive



HTTP/1.1 302 Found

Date: Wed, 27 Jan 2010 07:19:29 GMT

Server: Apache/2

X-Powered-By: PHP/5.2.10

Location: http://extrassecurityzone.com/hitin.php?&affid=41000

Vary: Accept-Encoding,User-Agent

Content-Encoding: gzip

Content-Length: 20

Keep-Alive: timeout=1, max=99

Connection: Keep-Alive

Content-Type: text/html



....................

[aloishis89]

haha yeah, VM was the first thing I did. Time to see how secure that domain is...

[Mr-Protocol]

Yeah i'm done playing with it... could care less but just wanted to notify people

[aloishis89]

got a login prompt for ftp://extrasecurityzone.com, does anyone want to start running hydra on it?

[Mr-Protocol]

Couldn't ping. Got this:

ping extrassecurityzone.com
Ping request could not find host extrassecurityzone.com. Please check the name a
nd try again.

[aloishis89]

i got that too, but I tried it on my netbook and got a reply from 193.169.13.200

[Mr-Protocol]

IP: 193.169.13.200

IP Country: ip address flag Ukraine

[criticalmass]

yea i just got this too. i was like wtf.

[manuel]

not trolling, but there is a stickied post, in this section to be exact, http://hak5.org/forums/index.php?showtopic=15325 That asks uses to forward to a member of the moderation team.

[COKEMAN]

Just FYI, sent the same as the OP from the same user.

[screw_ball69]

I got this as well.

[G-Stress]

I just received this as well

[moonlit]

Dealing with the offending users as we speak, don't click on the links.