Yo! I've got something awesome that is going to surprise you, just take a look http://seallf.org/evolution.php?2627 GTALUG Talk
What the... okay, I think it's safe to say *don't open the damned link". Somebody got pwned. W. On 7 Apr 2017 18:33, "GTALUG Talk via talk" <talk@gtalug.org> wrote:
Yo!
I've got something awesome that is going to surprise you, just take a look open link <http://seallf.org/evolution.php?2627>
GTALUG Talk
--- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
Yeah, it reminds me of my experience dealing with a group of bikers. "We have a present for you." they said at one point. The gift didn't work out, and I'm still here ;). P.
What the... okay, I think it's safe to say *don't open the damned link".
Somebody got pwned.
W.
On 7 Apr 2017 18:33, "GTALUG Talk via talk" <talk@gtalug.org> wrote:
Yo!
I've got something awesome that is going to surprise you, just take a look open link <http://seallf.org/evolution.php?2627>
GTALUG Talk
--- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
--- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
-- Peter Hiscocks Syscomp Electronic Design Limited, Toronto http://www.syscompdesign.com USB Oscilloscope and Waveform Generator 647-839-0325
One of my hobbies is to download those sites with wget and a fake user agent string, and analyze them. If they are phishing, I like to flood it with random fake logins and passwords. I once got a keylogger sending the logs by FTP. I connected to it, deleted every log, and chmoded a-w the directory. The owner of the keylogger must have been surprised to see his logger didn't worked. On Apr 7, 2017 9:13 PM, "Peter Hiscocks via talk" <talk@gtalug.org> wrote:
Yeah, it reminds me of my experience dealing with a group of bikers. "We have a present for you." they said at one point.
The gift didn't work out, and I'm still here ;).
P.
What the... okay, I think it's safe to say *don't open the damned link".
Somebody got pwned.
W.
On 7 Apr 2017 18:33, "GTALUG Talk via talk" <talk@gtalug.org> wrote:
Yo!
I've got something awesome that is going to surprise you, just take a look open link <http://seallf.org/evolution.php?2627>
GTALUG Talk
--- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
--- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
-- Peter Hiscocks Syscomp Electronic Design Limited, Toronto http://www.syscompdesign.com USB Oscilloscope and Waveform Generator 647-839-0325
--- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
Mauro, how do I "like" your email? I can't find the "like" button on my mail client. :) David Thornton @northdot9 https://www.quadratic.net On Apr 7, 2017 9:03 PM, "Mauro Souza via talk" <talk@gtalug.org> wrote:
One of my hobbies is to download those sites with wget and a fake user agent string, and analyze them. If they are phishing, I like to flood it with random fake logins and passwords.
I once got a keylogger sending the logs by FTP. I connected to it, deleted every log, and chmoded a-w the directory. The owner of the keylogger must have been surprised to see his logger didn't worked.
On Apr 7, 2017 9:13 PM, "Peter Hiscocks via talk" <talk@gtalug.org> wrote:
Yeah, it reminds me of my experience dealing with a group of bikers. "We have a present for you." they said at one point.
The gift didn't work out, and I'm still here ;).
P.
What the... okay, I think it's safe to say *don't open the damned link".
Somebody got pwned.
W.
On 7 Apr 2017 18:33, "GTALUG Talk via talk" <talk@gtalug.org> wrote:
Yo!
I've got something awesome that is going to surprise you, just take a look open link <http://seallf.org/evolution.php?2627>
GTALUG Talk
--- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
--- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
-- Peter Hiscocks Syscomp Electronic Design Limited, Toronto http://www.syscompdesign.com USB Oscilloscope and Waveform Generator 647-839-0325
--- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
--- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
On 07/04/17 21:03, Mauro Souza via talk wrote:
One of my hobbies is to download those sites with wget and a fake user agent string, and analyze them. If they are phishing, I like to flood it with random fake logins and passwords.
I once got a keylogger sending the logs by FTP. I connected to it, deleted every log, and chmoded a-w the directory. The owner of the keylogger must have been surprised to see his logger didn't worked.
Or even more surprised that their wget honeypot worked and they got root on your system :D
Not probable. There's a few remote exploits for wget, but none would affect me, AFAIK. My /tmp is mounted with nodev noexec nosuid, and I create a directory for every "client". I usually download sites pretending to be my bank, or credit card, or some other entity I am not related to, and they usually ask me for login credentials, credit card information or to download and execute something. They are targeting clueless Windows' users, not savvy Linux users hunting malware sites. Next time I will use telnet to the server from inside a chroot in a Docker container, running on a virtual machine on a diskless computer booting from DVD, connected to the Starbucks WiFi. Just to be safe. On Apr 9, 2017 20:23, "Jamon Camisso via talk" <talk@gtalug.org> wrote:
On 07/04/17 21:03, Mauro Souza via talk wrote:
One of my hobbies is to download those sites with wget and a fake user agent string, and analyze them. If they are phishing, I like to flood it with random fake logins and passwords.
I once got a keylogger sending the logs by FTP. I connected to it, deleted every log, and chmoded a-w the directory. The owner of the keylogger must have been surprised to see his logger didn't worked.
Or even more surprised that their wget honeypot worked and they got root on your system :D
--- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
On 09/04/17 20:11, Mauro Souza wrote:
Not probable. There's a few remote exploits for wget, but none would affect me, AFAIK. My /tmp is mounted with nodev noexec nosuid, and I create a directory for every "client".
I usually download sites pretending to be my bank, or credit card, or some other entity I am not related to, and they usually ask me for login credentials, credit card information or to download and execute something. They are targeting clueless Windows' users, not savvy Linux users hunting malware sites.
Next time I will use telnet to the server from inside a chroot in a Docker container, running on a virtual machine on a diskless computer booting from DVD, connected to the Starbucks WiFi. Just to be safe.
Maybe the DVD could be Qubes[1] for even more isolation. [1] https://www.qubes-os.org/ Cheers, Jamon
Just to let everyone know I put this email address into moderation and nomail until I get confirmation that they have access to their email account again.
participants (7)
-
David Thornton -
GTALUG Talk -
Jamon Camisso -
Mauro Souza -
Myles Braithwaite -
phiscock@ee.ryerson.ca -
William Porquet