[KS] NB! Possible virus, masquerading as news about Korea
Afostercarter at aol.com
Afostercarter at aol.com
Wed Aug 12 11:41:28 EDT 2009
Dear Frank,
Thank you VERY much for this. Most enlightening,
especially for us ageing technophobes who, to our
shame, basically don't have a clue how the machines
and systems we depend on actually work.
I take the liberty of copying this to the other message
boards and Korea nodes whom I had also alerted,
since everyone needs to be aware of this threat.
The moral: Caveat clickor! These stinking phish are even
smarter and subtler than I'd realized, hence more insidious.
Many thanks again,
Aidan
Aidan Foster-Carter
Honorary Senior Research Fellow in Sociology & Modern Korea, Leeds
University, UK
Flat 1, 40 Magdalen Road, Exeter, Devon, EX2 4TE, England, UK
T: (+44, no 0) 07970 741307 (mobile); 01392 257753 Skype:
Aidan.Foster.Carter
E: _afostercarter at aol.com_ (mailto:afostercarter at aol.com) ,
_afostercarter at yahoo.com_ (mailto:afostercarter at yahoo.com) W:
_www.aidanfc.net_ (http://www.aidanfc.net/)
___________________
In a message dated 8/12/2009 15:53:12 GMT Standard Time,
hoffmann at koreaweb.ws writes:
Hi Aidan:
To make it short: your suspicion is 100% correct!
(a) What it is:
There are "clever" scripts for phishing that help the criminal who is
implementing phishing practices to individually brand -- for anyone
who hasn't noted yet, we live in the age of branding ::)field of
interest or activity. As a first step, these scripts enable email
spiders that "harvest" (that's what it is called) the Internet for
email addresses -- they go to home pages and especially to online
discussion boards, blogs, archives of email lists such as our Korean
Studies discussion List (Web archives), and filter out and collect
all and every email address there. From the keywords in the direct
environment they create their own keyword lists and topics, in this
case KOREA or NORTH KOREA, and then nicely assign the harvested email
addresses to social network groups. In a second step they use RSS
news feed techniques to auto-create subject lines and some email
content. somewhere in that email, however, is then a clickable link,
an URL, that, if you click it, will download some script to your PC
(Mac users are still save, which is just one of the many reasons I
use one) that spies you out.What script that is, I can't say -- there
are endless varieties. It may well be a virus, but in many cases the
entire purpose (that's what phishing is usually about) is to get your
money ... to get your credit card data, bank info, etc.
(Explanation about "phishing": http://en.wikipedia.org/wiki/Phishing)
(b) What can you do?
The extended email header shows this info:
--------------
Received: from rly-dd09.mx.aol.com (rly-dd09.mail.aol.com
[172.19.141.156]) by air-dd06.mail.aol.com (v124.15) with ESMTP id
MAILINDD063-b974a82632fa1; Wed, 12 Aug 2009 02:37:56 -0400
--------------
172.19.141.156 ==> There were already complaints about this IP sent
to Google (gmail) since May, but it didn't help. The spammers are
using changing AOL and Gmail addresses, and use a bounce technique
(so, often you may see your own email address as the fake sender of
such mails). See here for one short discussion about this same IP --
that also gives you the link to the Google complain form:
http://www.google.com/support/forum/p/gmail/thread?tid=3f3ef974642c8739&hl=e
n
Blacklisting sender email addresses does not make sense. But you can
blacklist the IP 172.19.141.156, that might help for a month or two.
Then again, these ciminals probably use many other IPs as well. So,
it is pretty useless, there is not much you can do.
A last note: this kind of spamming and phishing scripts, often a
hotchpot of more complex and simple scripts, are now starting to
implement nano technology -- still pretty rudimentary parts of nano
technologies, but we will sure see more complex implementation
coming. Nano technology is what we will see getting implemented
during the next years more and more. The really interesting point,
for me anyway, are the connections of social networks in their
virtual world (Internet) with physics and e-technology in
revolutionary new ways. You will see far far more of all that, bad
and good. Also, bio-technology that uses nano technology tools is
growing rapidly, that again implements social network strategies --
will do so more and more, thereby then again creating social networks
that lead to new economic strategies.
Best,
Frank
--
--------------------------------------
Frank Hoffmann
http://koreaweb.ws
________________________
NB! Possible virus, masquerading as news about Korea
Dear friends and colleagues,
I’ve been getting a number of messages like the one below.
They look as if they are news items about Korea, and the
first time this happened I very nearly clicked on the link.
(AOL’s filters don’t pick them up as spam.)
But I was and am suspicious:
* They are always sent by unknown individuals, often with
odd or slightly implausible names;
* The links (I’ve disabled these below, lest anyone click inadvertently)
lead to a site called Newsplaza.net, which simply says Hello.
* The URL given, which one can see by hovering the cursor over the link
BUT not clicking (a useful trick for sniffing out spam) ends in .HTA.
I’m no techie, but I gather this is an executable code – ie trouble.
(I would give the link, but again I don’t want anyone who is reading
their mail in a hurry clicking by mistake.)
Has anyone else been getting messages like this?
Are my suspicions correct, or is paranoia setting in?
Maybe some nice stranger is just trying to help me keep
uptodate on North Korea. Or maybe not.
In case it helps persons cleverer than me to detect the source,
I also append the full path details below.
Beware!
Best wishes
Aidan
Aidan Foster-Carter
Honorary Senior Research Fellow in Sociology & Modern Korea, Leeds
University, UK
Flat 1, 40 Magdalen Road, Exeter, Devon, EX2 4TE, England, UK
T: (+44, no 0) 07970 741307 (mobile); 01392 257753 Skype:
Aidan.Foster.Carter
E: _afostercarter at aol.com_ (mailto:afostercarter at aol.com) ,
_afostercarter at yahoo.com_ (mailto:afostercarter at yahoo.com) W:
_www.aidanfc.net_ (http://www.aidanfc.net/)
_________________________
Subject: [Further News] Kim Jong Il in 'Full Control' of North Korea
Date: 8/12/2009 07:37:56 GMT Standard Time
From: robert.condn at gmail.com
Reply To:
To: Afostercarter at aol.com
CC:
BCC:
Sent on:
"Kim Jong Il in 'Full Control' of North Korea, National Security Chief
Says"
AUG 12,2009 3:50PM, EST
Despite reports that Kim is ailing and indications that he is setting up
his own succession, National Security Adviser Jim Jones tells "FOX News
Sunday" that he has not lost his grip on power.
FULL STORY
`
© 2009 Cable News Network, LP, LLLP.
All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines. Contact us.
_________________________________
Sent from the Internet (Details)
Return-Path: <robert.condn at gmail.com>
Received: from rly-dd09.mx.aol.com (rly-dd09.mail.aol.com
[172.19.141.156]) by air-dd06.mail.aol.com (v124.15) with ESMTP id
MAILINDD063-b974a82632fa1; Wed, 12 Aug 2009 02:37:56 -0400
Received: from mail-yw0-f121.google.com (mail-yw0-f121.google.com
[209.85.211.121]) by rly-dd09.mx.aol.com (v124.15) with ESMTP id
MAILRELAYINDD091-b974a82632fa1; Wed, 12 Aug 2009 02:37:35 -0400
Received: by mail-yw0-f121.google.com with SMTP id 27so1934978ywh.13
for <Afostercarter at aol.com>; Tue, 11 Aug 2009 23:37:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=gamma;
h=domainkey-signature:mime-version:received:date:message-id:subject
:from:to:content-type;
bh=I5x91OhkIkR91xKD9CpMlcGKviRbgVMMxPuxedPXmak=;
b=kj/uWSd+htxRB2Tt22p3rrhYynUG3dY6wx2qPQFLKb2XpDOcOphlXcqwD0y88GqFJZ
w+0H7OD1Se4/TlvBjQMJWOem2tAqcuuLK6b5t1KNLdUKb3TBT8vHJCE7yZEoh9LzIXox
Y84lVHW5sij90T6mLD3nwplYDMJvmUrbM2i98=
DomainKey-Signature: a=rsa-sha1; c=nofws;
d=gmail.com; s=gamma;
h=mime-version:date:message-id:subject:from:to:content-type;
b=wKgd6xjvCQIflVYG2cIDBoekR9Pfjm929n93rrgblmfyhc7ATMgDxIzL9OJ1ocDjq9
8p/n1hDwcE1chWTZCrNG4a6CUg7gWIeovicy+WXHtTxkIo8qCtmWu9pxRNUaltspaaFG
MdNZYMXeyV8LlPD317Ia2gai+gjtICKCTy3rM=
MIME-Version: 1.0
Received: by 10.150.152.3 with SMTP id z3mr7421506ybd.75.1250059054748;
Tue,
11 Aug 2009 23:37:34 -0700 (PDT)
Date: Wed, 12 Aug 2009 15:37:34 +0900
Message-ID: <ac62bc110908112337u674a1c18qcf454b99486be55e at mail.gmail.com>
Subject: [Further News] Kim Jong Il in 'Full Control' of North Korea
From: Robert Condon <robert.condn at gmail.com>
To: Afostercarter at aol.com
Content-Type: multipart/alternative; boundary=000e0cd3f8ace8142d0470ec0d37
X-AOL-IP: 209.85.211.121
X-AOL-SCOLL-SCORE:1:2:426136512:93952408
X-AOL-SCOLL-URL_COUNT:1
X-AOL-SCOLL-AUTHENTICATION: mail_rly_antispam_dkim-m204.1 ; domain :
gmail.com DKIM : pass
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://koreanstudies.com/pipermail/koreanstudies_koreanstudies.com/attachments/20090812/134c2bcc/attachment.html>
More information about the Koreanstudies
mailing list