Computer Hope

Software => Computer viruses and spyware => Topic started by: Geek-9pm on March 30, 2009, 03:58:42 PM

Title: WARNING New scam targets User Forums.. activationlink.co
Post by: Geek-9pm on March 30, 2009, 03:58:42 PM

WARNING New scam targets User Forums.. activationlink.co

A new user will ch eck in with something like this:

Hello, I dont know if I am writing in a proper board but I have got a problem with activation,
link is not working...  http: // activationlink.co/,

DO NOT try the link. (I broke it on purpose.)
The user names changes, but the text is the same.

Title: Re: WARNING New scam targets User Forums.. activationlink.co
Post by: BC_Programmer on March 30, 2009, 04:03:01 PM

err- a scam gets money from the victim- this seems to be SPAM.

Title: Re: WARNING New scam targets User Forums.. activationlink.co
Post by: evilfantasy on March 30, 2009, 04:23:58 PM

I'm not able to investigate the link right now but what is the exploit?

Title: Re: WARNING New scam targets User Forums.. activationlink.co
Post by: Wefro_froyas on March 30, 2009, 04:28:46 PM

I saw that on in a advertisement it crashed my browser. DONT  GO THERE!

Title: Re: WARNING New scam targets User Forums.. activationlink.co
Post by: evilfantasy on March 30, 2009, 04:42:41 PM

Is that the right link?

hxxp://activationlink.com

Not finding it in any of the databases.

http://www.mywot.com/en/scorecard/www.activationlink.com
https://safeweb.norton.com/report/show?url=activationlink.com&x=12&y=11
http://www.siteadvisor.com/lookup/?q=activationlink.com

Appears clean. http://unmaskparasites.com/security-report/

Title: Re: WARNING New scam targets User Forums.. activationlink.co
Post by: Geek-9pm on March 30, 2009, 04:50:56 PM

Can't find out what it is because it somehow is very clever.
If will show up on forums using PHP. The would include this forum. I found it on a a site using SMF. The are dozens, maybe hundreds of sites getting this post. I think it is called a

Santy Worm

But I don't have enough knowledge to confirm this. It attacks PHP code

There is no such site.

Title: Re: WARNING New scam targets User Forums.. activationlink.co
Post by: evilfantasy on March 30, 2009, 05:00:24 PM

I used Sandboxie and visited. It's just a generic search provider hosted on Godaddy servers. Didn't have time to look around too much but I never was able to find anything malicious.

www.sandboxie.com <- Great for investigating malicious sites.

I think it's just a spammer trying to generate traffic.

Title: Re: WARNING New scam targets User Forums.. activationlink.co
Post by: Geek-9pm on March 30, 2009, 05:24:10 PM

Quote

It's just a generic search provider

Thanks for checking it out. for some reason my ISP or browser blocks that site.
My limited research indicated that is was part of a PHP attack.

Because no harm was done, that does no prove lack of malicious intent.

The attack is very widespread and seeks out user forums.

Title: Re: WARNING New scam targets User Forums.. activationlink.co
Post by: evilfantasy on March 30, 2009, 05:34:17 PM

Yea I saw it in my Google search. It's definitely not to be trusted!

Title: Re: WARNING New scam targets User Forums.. activationlink.co
Post by: camerongray on June 29, 2009, 12:58:48 AM

I recently found this site: http://www.tkafeestekene.be/index.php?option=com_akobook&Itemid=29 (http://www.tkafeestekene.be/index.php?option=com_akobook&Itemid=29) The link will take you to their guestbook where you can see many of these messages spammed.

The website is for a German cafe but you can see all the messages in the guestbook.

The links are broken.

Title: Re: WARNING New scam targets User Forums.. activationlink.co
Post by: Quantos on June 29, 2009, 01:03:49 AM

Great, so these people come here and post links in (a href=) with a bogus description.  Is there a way to set up description tags like slashdot has?