Today while I was writing some code, I got an instant message from a friend of mine I haven’t spoken to in a while. At first I figured it was his dumb self because he can’t spell worth a crap, or is actually pretty dumb in many cases. I shrugged it off and thought nothing of it. After another line or so the next message threw me for a loop. He wanted me to go to some website and trying something. OK, I haven’t talked to you in over a year, and that is the first thing out of your keyboard? I responded with something about porn, and the next response from him is what gave it away. He used ‘plz‘ instead of ‘please‘. Sorry Matt, but you aren’t hip to the Internet chat lingo. After that, I responded letting them know I was on to them, and after a little research I knew it wasn’t Matt at all.
Here is the conversation in its entirety. Thought it was kind of funny, especially since many people would have fallen for this. FYI, the website he wanted me to lookout was revealed by Google of course to be a phishing, virus, and that other crud Windows users have to deal with, website.
Either his password was insanely simple, which I don’t think it was, or he will be calling me within the next couple of days stating something along the lines of, “Can you fix my computer, I think I have a virus?”
UPDATE: After that conversation I filed a report on Yahoo!, just like any good contributor does. I gave them my system information and all of the details letting them know I didn’t have to worry about clicking links. Well it seems they throw that information out and use some USER_AGENT sniffing instead. Boy did they get that all wrong. First off, here is a snippet of what they replied to me with, of course you can tell it is computer generated:
Dear Richard, Thank you for writing to Yahoo! Messenger. I understand that you have received an Instant Message or Messages containing a suspicious link or links. The links appear to have been sent by one or more of your contacts, but were actually sent by a malicious third party. Please do not click these links or download the associated EXE files. Remember, we always recommend that you never click suspicious links or download executable files sent from anyone including your contacts. Also, keep in mind that we are working to identify the source of the issue as well as to take down the sites that are the destination of these links. To remove and prevent further infection, please update your anti-virus software.
I told them previously in my report that I was using Linux and had nothing to worry about. Typically this helps with the pre-generated email responses, but in this case it didn’t. Then it went on and detailed the conversation I had with my hacked friend. After that though is what got me, and that was their information about my computer I used to contact them. Here that is:
Machine: Unknown OS: unknown Browser: Default Browser 0 REMOTE_ADDR: xxx.xxx.xxx.xxx REMOTE_HOST: xxx-xxx-xxx-xxx.somerouter.insomelocation.onsomenetwork.net Date Originated: Tuesday February 22, 2011 - 13:47:01 Cookies: disabled AOL: yes
Umm, for one I am not using AOL, and the last I checked, you couldn’t use it with Linux. If their sniffing were correct, it should have looked something like this:
Machine: ShakaDoobie OS: Linux (probably either Ubuntu or Kubuntu, as the WordPress sniffers pick this up) Browser: Default Browser 0 (should say Google Chrome, and it isn't my default browser) ... Cookies: enabled AOL: hell no!
Ahh the fun an excitement I tell you. OK, you can go back to doing whatever you were doing now that I wasted 5 minutes of your time.