Pages: [1] 2   Go Down
Author Topic: Malware warning ... is this genuine or not?  (Read 1556 times)
0 Members and 1 Guest are viewing this topic.
Global Moderator
Offline Offline
Brattain Member
*****
Karma: 474
Posts: 18696
Lua rocks!
View Profile
WWW
 Bigger Bigger  Smaller Smaller  Reset Reset

I recently got a message from my web service provider, claiming that an email account had been compromised (this is one of my children's accounts, not my personal one). Whilst plausible, I get messages almost daily claiming that my bank accounts have been compromised and to "log in" to confirm the details.

This particular message suggests I download a malware scanner from:

http://www.malwarebytes.org/

It also references Wikipedia: http://en.wikipedia.org/wiki/Malware_scanner

The Wikipedia page refers to the linked scanner page, so on the surface of it, this all looks genuine.

So my question is: Has anyone heard of this site (malwarebytes.org)? Can you vouch for it, or is it a known "fake" anti-virus site?

I am aware that one technique to install viruses is for software to pretend to be anti-virus.
Logged

Valencia, Spain
Offline Offline
Faraday Member
**
Karma: 143
Posts: 5305
View Profile
 Bigger Bigger  Smaller Smaller  Reset Reset

Change the email password.

Malwarebytes is legit AFAIK.

The 'Pro" version isn't worth it though. It's no better than any number of free ones.
.
Logged

No, I don't answer questions sent in private messages (but I do accept thank-you notes...)

Global Moderator
Offline Offline
Brattain Member
*****
Karma: 474
Posts: 18696
Lua rocks!
View Profile
WWW
 Bigger Bigger  Smaller Smaller  Reset Reset

They changed it for me. I got a warning to do a scan first and then they would let me know the new one. That's pretty good service.
Logged

Valencia, Spain
Offline Offline
Faraday Member
**
Karma: 143
Posts: 5305
View Profile
 Bigger Bigger  Smaller Smaller  Reset Reset

They changed it for me. I got a warning to do a scan first and then they would let me know the new one. That's pretty good service.

The world needs more of that...
Logged

No, I don't answer questions sent in private messages (but I do accept thank-you notes...)

Grand Blanc, MI, USA
Offline Offline
Faraday Member
**
Karma: 92
Posts: 3942
CODE is a mass noun and should not be used in the plural or with an indefinite article.
View Profile
WWW
 Bigger Bigger  Smaller Smaller  Reset Reset

They changed it for me. I got a warning to do a scan first and then they would let me know the new one. That's pretty good service.

I'm suspicious. Why should they give you the new password only after you had done a scan? Why would they give you a password at all, why not just send you to a password change page? Malwarebytes is definitely legit, and a good product, but I wonder if that and the Wikipedia link aren't just window-dressing.
Logged

MCP79411/12 RTC ... "One Million Ohms" ATtiny kit ... available at http://www.tindie.com/stores/JChristensen/

Global Moderator
Offline Offline
Brattain Member
*****
Karma: 474
Posts: 18696
Lua rocks!
View Profile
WWW
 Bigger Bigger  Smaller Smaller  Reset Reset

The actual wording was:

Quote
ACTIONS THAT YOU MUST TAKE:

1. You will need to scan and clean all computers that are used to
access the (redacted) email account
with up-to-date anti-malware/anti-virus software. See
http://en.wikipedia.org/wiki/Malware_scanner

Many site owners have reported good results when scanning
their machines with MalwareBytes, http://www.malwarebytes.org/

2. Acknowledge this notice with any information you have
regarding this issue and the results of scans you have completed.

Once acknowledgment and the results of your scans are received
we can provide you with the opportunity to reset your password
and regain access to your CNC.

There is no specific requirement to run that particular software. They merely seem to be wanting some proof that I have taken action to resolve the issue. I am assuming they don't want the same thing to happen tomorrow if they just give me a new password.
Logged

Grand Blanc, MI, USA
Offline Offline
Faraday Member
**
Karma: 92
Posts: 3942
CODE is a mass noun and should not be used in the plural or with an indefinite article.
View Profile
WWW
 Bigger Bigger  Smaller Smaller  Reset Reset

Huh. Well none of the usual misspellings or bad grammar. I assume all hyperlinks match the corresponding text. Seems harmless so far. Makes me wonder what happened, where the problem was. The occasional computer gets compromised and I can't imagine an ISP would care. Now if the problem were on their end, and many accounts were compromised, that might explain it.

I am assuming they don't want the same thing to happen tomorrow if they just give me a new password.

I wonder what the thing was that happened.
Logged

MCP79411/12 RTC ... "One Million Ohms" ATtiny kit ... available at http://www.tindie.com/stores/JChristensen/

Global Moderator
Offline Offline
Brattain Member
*****
Karma: 474
Posts: 18696
Lua rocks!
View Profile
WWW
 Bigger Bigger  Smaller Smaller  Reset Reset

According to earlier in the email:

Quote
There are four possibilities in these situations...

1:  A machine that either was used to access that email account, or the email account password was stored on, was compromised
2: The password used was easy to guess (dictionary type attack)
3: The user/password and addresses were sniffed, e.g. on an unsecured
wireless network
4: This email address was used as a username at an external service and
the password provided was the same as the email account password and
the external service was compromised...  There are some that speculate
that this may become more common...

(2) and (4) were possible in this case.

Virus scans seem to be ruling out (1) and the wireless network here is secured, hopefully ruling out (3) however you can never be too certain about that when visiting friends ask for your wireless password so they can get onto the Internet.

Personally I use random passwords for every new online account, just to stop the spread of compromised passwords. However not everyone does that.
Logged

NSW Australia
Offline Offline
Faraday Member
**
Karma: 78
Posts: 3181
View Profile
 Bigger Bigger  Smaller Smaller  Reset Reset

Personally I use random passwords for every new online account, just to stop the spread of compromised passwords.

So - you use LastPass - as Steve Gibson recommends?
Logged

Grand Blanc, MI, USA
Offline Offline
Faraday Member
**
Karma: 92
Posts: 3942
CODE is a mass noun and should not be used in the plural or with an indefinite article.
View Profile
WWW
 Bigger Bigger  Smaller Smaller  Reset Reset

Personally I use random passwords for every new online account, just to stop the spread of compromised passwords.

So - you use LastPass - as Steve Gibson recommends?

I do a fair amount of that, it gets to be a management problem with multiple systems. I was recently looking into KeePass.

@Nick, this new router I recently installed has provision for a "guest" network. I think it's just a second SSID and passphrase, point being that one can change frequently and the one the owners use doesn't have to.
Logged

MCP79411/12 RTC ... "One Million Ohms" ATtiny kit ... available at http://www.tindie.com/stores/JChristensen/

Global Moderator
Offline Offline
Brattain Member
*****
Karma: 474
Posts: 18696
Lua rocks!
View Profile
WWW
 Bigger Bigger  Smaller Smaller  Reset Reset

So - you use LastPass - as Steve Gibson recommends?

I'm usually on a Mac, so I use the KeyChain app. But I have also used PasswordSafe.
Logged

Maine
Offline Offline
Sr. Member
****
Karma: 14
Posts: 417
Caution: Explosives in use.
View Profile
WWW
 Bigger Bigger  Smaller Smaller  Reset Reset

Huh. Well none of the usual misspellings or bad grammar. I assume all hyperlinks match the corresponding text. Seems harmless so far. Makes me wonder what happened, where the problem was. The occasional computer gets compromised and I can't imagine an ISP would care. Now if the problem were on their end, and many accounts were compromised, that might explain it.

I am assuming they don't want the same thing to happen tomorrow if they just give me a new password.

I wonder what the thing was that happened.

A lot of email providers have started picking up on scam emails that are sent from legitimate addresses. If someone you have received email from before sends a mass email to you and 50 other people, your email client will give you a little pop up saying that the email may be a phishing attempt, and asking you to either "report as spam" or "report as compromised account". I assume if you "report as compromised account" they contact the email provider that the account belongs to.
Logged

"Anyone who isn't confused really doesn't understand the situation."

Electronic props for Airsoft, paintball, and laser tag -> www.nightscapetech.com

Global Moderator
Offline Offline
Brattain Member
*****
Karma: 474
Posts: 18696
Lua rocks!
View Profile
WWW
 Bigger Bigger  Smaller Smaller  Reset Reset

We are in an annoying zone of having a lot of false positives, and false negatives.

For example, I get lots of emails telling me my account at X has been compromised, and to go to Y website to "reset" things. These seem fairly clear spamming attempts, especially if I don't bank with or use X.

However if I do, it gets more complex. For example, yesterday I ordered something from eBay and shortly afterwards got an email telling me that my recent order could not be completed until I log into somewhere.

Or something like this:

Quote
You have initiated a payment for $100.00 AUD to WHATEVER.com.
*Payment details*
Amount: $100.00 AUD
Transaction ID: 5C53687F7327933R

Because the payment was made from an foreign ip address, we put the transaction ID 5C53687F7327933R on hold.

To cancel this payment, please follow the link below:

SOMEDODGYLINK.com

Since the actual link is not displayed it would be easy to be fooled by this stuff.

And just when you get used to ignoring all this crap, a genuine one may slip in, and you ignore that as well, to your peril.

And then you get emails telling you your parcel has been delayed (and just when you happened to be expecting a parcel), so you aren't sure if that is genuine either.

And the worst thing is when I get emails from myself! Emails that I never wrote, offering me work, or some get-rich-quick scheme. Or I get emails from close family members along similar lines. So you simply can't trust the (purported) sender either.

Spammers, may they rot in hell. They are destroying the trust which is required for society to operate normally.
Logged

Valencia, Spain
Offline Offline
Faraday Member
**
Karma: 143
Posts: 5305
View Profile
 Bigger Bigger  Smaller Smaller  Reset Reset

I'm suspicious. Why should they give you the new password only after you had done a scan?

Presumably because they don't want any more spam sent via that email account.

Logged

No, I don't answer questions sent in private messages (but I do accept thank-you notes...)

Grand Blanc, MI, USA
Offline Offline
Faraday Member
**
Karma: 92
Posts: 3942
CODE is a mass noun and should not be used in the plural or with an indefinite article.
View Profile
WWW
 Bigger Bigger  Smaller Smaller  Reset Reset

We are in an annoying zone of having a lot of false positives, and false negatives.
...

Wow that's a lot of weird stuff going on. I might think about a new email address.
Logged

MCP79411/12 RTC ... "One Million Ohms" ATtiny kit ... available at http://www.tindie.com/stores/JChristensen/

Pages: [1] 2   Go Up
Jump to: