Fri, Jan 24, 7:31 PM CST

Renderosity Forums / Community Center



Welcome to the Community Center Forum

Forum Moderators: wheatpenny Forum Coordinators: Anim8dtoon

Community Center F.A.Q (Last Updated: 2025 Jan 22 10:24 am)

Forum news, updates, events, etc. Please sitemail any notices or questions for the staff to the Forum Moderators.



Subject: be wary of this very clever trojan/dropper mail


mrsparky ( ) posted Thu, 13 January 2005 at 8:05 AM · edited Fri, 24 January 2025 at 6:19 PM

Hi all, Checking mail this morning, like we all do. being safe ran mailwasher and scanned mail. Looked at 1 mail - no attachments - message relates to my user name and artie stuff. The standard kinda mail artists often get... Hi , Great work with the photo. I agree with you, I've been trying out new photoshop techniques since I joined a month ago... It's very addictive and I have so much more to learn! Regards, William Pickens ps: see my new gallery . But... click on the attached link and it trys to d/load a trojan.

Pinky - you left the lens cap of your mind on again.



Ardiva ( ) posted Thu, 13 January 2005 at 11:23 AM

Thank you for the info...I use "Mailwasher" as well. Nice program. :)



mateo_sancarlos ( ) posted Thu, 13 January 2005 at 11:30 AM

The way I understand it, even opening (reading) the message is a mistake, because it will usually contain html code that sends back your info to a server somewhere. Of course, if you click on anything in the message, that's when the serious damage begins.


Erlik ( ) posted Thu, 13 January 2005 at 3:58 PM

Mateo, use something like PocoMail, which can disable the download of images or completely strip html. Images method is the usual stuff for checking whether an address is active - they put a particularly named little gif (1x1 pixel) and when it's downloaded they know that somebody reads mail on that address. The second one uses an iframe trick to download stuff directly. I forget the details.

-- erlik


mrsparky ( ) posted Thu, 13 January 2005 at 4:26 PM

Hi Erlik, Very good points. I use Netscape mail as that doesn't have the same problems with html mail. Very old version that doesn't support frames either.I use lots of anti-spam filters as well. Plus Zone alarm seems to stop the use of 1x1 web-bugs. Typically mails like this are one line like "your password attached" and it's obvious it's a nasty So normally I don't fall for this type of mail, but this one was very clever as it alludes to the kind of work artists do. Very good peice of social enginnering and I admit it caught me. Lucikly AVG blocked the nasty. I guess all we can do is keeping using the right kind of tools and follow our common sense. Al

Pinky - you left the lens cap of your mind on again.



bonestructure ( ) posted Fri, 14 January 2005 at 7:02 AM

My ISP lets me look at my mail on their server, and delete anything from anyone I don't know, especially when it looks like a virus. When I do get a mail from someone I know, with an attachment, I generally make it a practice to email them to verify they actually sent me something. Anything I may miss, Norton usually gets.

Talent is God's gift to you. Using it is your gift to God.


spothmann ( ) posted Sat, 15 January 2005 at 7:16 PM

Plus Zone alarm seems to stop the use of 1x1 web-bugs. And how would it do that? The request for the 1-square-pixel-image comes from inside your email program, which has access to the net... BTW, what's the exact use of ZoneAlarm? If you have caught a trojan, do you indeed believe that this would try to "phone home" by its real name? (ZoneAlarms message:) "Hi, this is the evil trojan IWILLHACKYOU trying to access the internet. Do you want to allow this?" Don't you think that the question asked by Zonealarm could possibly look much more like this, if the cracker who wrote that particular trojan was not totally dumb: "Hi, this is the INTERNET EXPLORER (YOURMAILSOFTWARE, WINDOWS-UPDATE...) trying to access the internet. Do you want to allow this?" Perhaps something to think about...


mrsparky ( ) posted Sat, 15 January 2005 at 7:39 PM

spothmann, >And how would it do that? From what I understand Zone Alarm seems to block web-bugs for webpages in it's privacy settings. I honestly don't know if it blocks web-bugs in email. >Perhaps something to think about... True. I do agree with your opinion here. Trojans don't usually ask nicely! Thats why ZA is set to ensure any programe that wants 'net access has to ask. That includes core apps like Internet Explorer. So if a "changed programe needs permission" message appears, then I'll know theres a problem and can solve it. Hopefully now, Microsoft are getting on board with their anti-spyware app, and that'll get built into XP's services pack, it'll cut down the risks when online. Failing that TDS, Ad-ware, Spybot will remain in my arsenal for cleaning customers machines. Al

Pinky - you left the lens cap of your mind on again.



Privacy Notice

This site uses cookies to deliver the best experience. Our own cookies make user accounts and other features possible. Third-party cookies are used to display relevant ads and to analyze how Renderosity is used. By using our site, you acknowledge that you have read and understood our Terms of Service, including our Cookie Policy and our Privacy Policy.