[KS] NB! Possible virus, masquerading as news about Korea

Afostercarter at aol.com Afostercarter at aol.com
Wed Aug 12 11:41:28 EDT 2009


 
Dear Frank,
 
Thank you VERY much for this. Most enlightening,
especially for us ageing technophobes who, to our
shame, basically don't have a  clue how the machines 
and systems we depend on actually work.
 
I take the liberty of copying this to the other message 
boards and Korea nodes whom I had also  alerted,
since everyone needs to  be aware of this  threat.
 
The moral: Caveat clickor! These stinking  phish are even
smarter and subtler than I'd realized, hence more  insidious.
 
Many thanks again,
Aidan 
 
 
Aidan Foster-Carter 
Honorary Senior Research Fellow in Sociology  & Modern Korea, Leeds 
University, UK   
Flat 1, 40 Magdalen Road,  Exeter, Devon, EX2 4TE, England, UK 
T: (+44, no 0)    07970 741307 (mobile);   01392 257753       Skype: 
Aidan.Foster.Carter 
E: _afostercarter at aol.com_ (mailto:afostercarter at aol.com) ,   
_afostercarter at yahoo.com_ (mailto:afostercarter at yahoo.com)               W: 
_www.aidanfc.net_ (http://www.aidanfc.net/)  
___________________
 
In a message dated 8/12/2009 15:53:12 GMT Standard Time,  
hoffmann at koreaweb.ws writes:

Hi  Aidan:

To make it short: your suspicion is 100% correct!

(a)  What it is:
There are "clever" scripts for phishing that help the criminal  who is 
implementing phishing practices to individually brand -- for anyone  
who hasn't noted yet, we live in the age of branding ::)field of  
interest or activity. As a first step, these scripts enable email  
spiders that "harvest" (that's what it is called) the Internet for  
email addresses -- they go to home pages and especially to online  
discussion boards, blogs, archives of email lists such as our Korean  
Studies discussion List (Web archives), and filter out and collect 
all  and every email address there. From the keywords in the direct 
environment  they create their own keyword lists and topics, in this 
case KOREA or  NORTH KOREA, and then nicely assign the harvested email 
addresses to  social network groups. In a second step they use RSS 
news feed techniques  to auto-create subject lines and some email 
content. somewhere in that  email, however, is then a clickable link, 
an URL, that, if you click it,  will download some script to your PC 
(Mac users are still save, which is  just one of the many reasons I 
use one) that spies you out.What script  that is, I can't say -- there 
are endless varieties. It may well be a  virus, but in many cases the 
entire purpose (that's what phishing is  usually about) is to get your 
money ... to get your credit card data, bank  info, etc.
(Explanation about "phishing":  http://en.wikipedia.org/wiki/Phishing)

(b) What can you do?
The  extended email header shows this info:
--------------
Received: from  rly-dd09.mx.aol.com (rly-dd09.mail.aol.com 
[172.19.141.156]) by  air-dd06.mail.aol.com (v124.15) with ESMTP id 
MAILINDD063-b974a82632fa1;  Wed, 12 Aug 2009 02:37:56 -0400
--------------
172.19.141.156 ==>  There were already complaints about this IP sent 
to Google (gmail) since  May, but it didn't help. The spammers are 
using changing AOL and Gmail  addresses, and use a bounce technique 
(so, often you may see your own  email address as the fake sender of 
such mails). See here for one short  discussion about this same IP -- 
that also gives you the link to the  Google complain  form:
http://www.google.com/support/forum/p/gmail/thread?tid=3f3ef974642c8739&hl=e
n
Blacklisting  sender email addresses does not make sense. But you can 
blacklist the IP  172.19.141.156, that might help for a month or two. 
Then again, these  ciminals probably use many other IPs as well. So, 
it is pretty useless,  there is not much you can do.

A last note: this kind of spamming and  phishing scripts, often a 
hotchpot of more complex and simple scripts, are  now starting to 
implement nano technology -- still pretty rudimentary  parts of nano 
technologies, but we will sure see more complex  implementation 
coming. Nano technology is what we will see getting  implemented 
during the next years more and more. The really interesting  point, 
for me anyway, are the connections of social networks in their  
virtual world (Internet) with physics and e-technology in  
revolutionary new ways. You will see far far more of all that, bad 
and  good. Also, bio-technology that uses nano technology tools is 
growing  rapidly, that again implements social network strategies -- 
will do so  more and more, thereby then again creating social networks 
that lead to  new economic strategies.


Best,
Frank


--  
--------------------------------------
Frank  Hoffmann
http://koreaweb.ws




________________________
 
 
 
NB! Possible virus,  masquerading as news about Korea 
Dear friends and colleagues, 
I’ve been getting a number of messages like the one  below. 
They look as if they are news items about Korea, and the   
first time this happened I very nearly clicked on the  link. 
(AOL’s filters don’t pick them up as  spam.) 
But I was and am suspicious: 
* They are always sent by unknown individuals, often  with 
odd or slightly implausible names; 
* The links (I’ve disabled these below, lest anyone click  inadvertently) 
lead to a site called Newsplaza.net, which simply says  Hello. 
* The URL given, which one can see by hovering the cursor over the  link 
BUT not clicking (a useful trick for sniffing out spam) ends in  .HTA. 
I’m no techie, but I gather this  is an executable code – ie trouble. 
(I would give the link, but again I don’t want anyone who is  reading 
their mail in a hurry clicking by  mistake.) 
Has anyone else been getting messages like  this? 
Are my suspicions correct, or is paranoia setting  in? 
Maybe some nice stranger is just trying to help me  keep 
uptodate on North Korea. Or maybe  not. 
In case it helps persons cleverer than me to detect the source,   
I also append the full path details  below. 
Beware! 
Best wishes 
Aidan 
Aidan  Foster-Carter 
Honorary  Senior Research Fellow in Sociology & Modern Korea, Leeds 
University, UK   
Flat 1, 40  Magdalen Road, Exeter, Devon, EX2 4TE, England, UK 
T: (+44, no  0)    07970 741307  (mobile);   01392 257753   Skype: 
Aidan.Foster.Carter 
E: _afostercarter at aol.com_ (mailto:afostercarter at aol.com) ,   
_afostercarter at yahoo.com_ (mailto:afostercarter at yahoo.com)                 W: 
_www.aidanfc.net_ (http://www.aidanfc.net/)  
_________________________ 
Subject: [Further News] Kim Jong Il in 'Full Control' of  North Korea  
Date: 8/12/2009 07:37:56 GMT Standard Time   
From: robert.condn at gmail.com   
Reply To:   
To: Afostercarter at aol.com   
CC:   
BCC:   
Sent on:   
"Kim Jong Il in 'Full Control' of North Korea, National  Security Chief 
Says"  
AUG 12,2009 3:50PM,  EST 
Despite reports that Kim is ailing and indications that  he is setting up 
his own succession, National Security Adviser Jim Jones tells  "FOX News 
Sunday" that he has not lost his grip on  power. 
FULL STORY 
`  
© 2009 Cable News Network, LP,  LLLP. 
All Rights Reserved. 
Terms under which this service is provided to  you. 
Read our privacy guidelines. Contact us.   
_________________________________ 
Sent from the Internet (Details)   
Return-Path:  <robert.condn at gmail.com> 
Received: from rly-dd09.mx.aol.com (rly-dd09.mail.aol.com  
[172.19.141.156]) by air-dd06.mail.aol.com (v124.15) with ESMTP id  
MAILINDD063-b974a82632fa1; Wed, 12 Aug 2009 02:37:56  -0400 
Received: from mail-yw0-f121.google.com (mail-yw0-f121.google.com  
[209.85.211.121]) by rly-dd09.mx.aol.com (v124.15) with ESMTP id  
MAILRELAYINDD091-b974a82632fa1; Wed, 12 Aug 2009 02:37:35  -0400 
Received: by mail-yw0-f121.google.com with SMTP id  27so1934978ywh.13 
for  <Afostercarter at aol.com>; Tue, 11 Aug 2009 23:37:35 -0700  (PDT) 
DKIM-Signature: v=1; a=rsa-sha256;  c=relaxed/relaxed; 
d=gmail.com; s=gamma; 
h=domainkey-signature:mime-version:received:date:message-id:subject 
:from:to:content-type; 
bh=I5x91OhkIkR91xKD9CpMlcGKviRbgVMMxPuxedPXmak=; 
b=kj/uWSd+htxRB2Tt22p3rrhYynUG3dY6wx2qPQFLKb2XpDOcOphlXcqwD0y88GqFJZ 
w+0H7OD1Se4/TlvBjQMJWOem2tAqcuuLK6b5t1KNLdUKb3TBT8vHJCE7yZEoh9LzIXox 
Y84lVHW5sij90T6mLD3nwplYDMJvmUrbM2i98= 
DomainKey-Signature: a=rsa-sha1;  c=nofws; 
d=gmail.com; s=gamma; 
h=mime-version:date:message-id:subject:from:to:content-type; 
b=wKgd6xjvCQIflVYG2cIDBoekR9Pfjm929n93rrgblmfyhc7ATMgDxIzL9OJ1ocDjq9 
8p/n1hDwcE1chWTZCrNG4a6CUg7gWIeovicy+WXHtTxkIo8qCtmWu9pxRNUaltspaaFG 
MdNZYMXeyV8LlPD317Ia2gai+gjtICKCTy3rM= 
MIME-Version: 1.0 
Received: by 10.150.152.3 with SMTP id z3mr7421506ybd.75.1250059054748;  
Tue,  
11 Aug 2009 23:37:34 -0700 (PDT) 
Date: Wed, 12 Aug 2009 15:37:34 +0900 
Message-ID:  <ac62bc110908112337u674a1c18qcf454b99486be55e at mail.gmail.com> 
Subject: [Further News] Kim Jong Il in 'Full Control' of North  Korea 
From: Robert Condon  <robert.condn at gmail.com> 
To: Afostercarter at aol.com 
Content-Type: multipart/alternative;  boundary=000e0cd3f8ace8142d0470ec0d37 
X-AOL-IP: 209.85.211.121 
X-AOL-SCOLL-SCORE:1:2:426136512:93952408 
X-AOL-SCOLL-URL_COUNT:1 
X-AOL-SCOLL-AUTHENTICATION: mail_rly_antispam_dkim-m204.1 ; domain :  
gmail.com DKIM :  pass

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://koreanstudies.com/pipermail/koreanstudies_koreanstudies.com/attachments/20090812/134c2bcc/attachment.html>


More information about the Koreanstudies mailing list