Blog Post

Account Hackers Have No Mojo

Today while I was writing some code, I got an instant message from a friend of mine I haven’t spoken to in a while. At first I figured it was his dumb self because he can’t spell worth a crap, or is actually pretty dumb in many cases. I shrugged it off and thought nothing of it. After another line or so the next message threw me for a loop. He wanted me to go to some website and trying something. OK, I haven’t talked to you in over a year, and that is the first thing out of your keyboard? I responded with something about porn, and the next response from him is what gave it away. He used ‘plz‘ instead of ‘please‘. Sorry Matt, but you aren’t hip to the Internet chat lingo. After that, I responded letting them know I was on to them, and after a little research I knew it wasn’t Matt at all.

Here is the conversation in its entirety. Thought it was kind of funny, especially since many people would have fallen for this. FYI, the website he wanted me to lookout was revealed by Google of course to be a phishing, virus, and that other crud Windows users have to deal with, website.

Yahoo! Messenger Hacked

Either his password was insanely simple, which I don’t think it was, or he will be calling me within the next couple of days stating something along the lines of, “Can you fix my computer, I think I have a virus?”

UPDATE: After that conversation I filed a report on Yahoo!, just like any good contributor does. I gave them my system information and all of the details letting them know I didn’t have to worry about clicking links. Well it seems they throw that information out and use some USER_AGENT sniffing instead. Boy did they get that all wrong. First off, here is a snippet of what they replied to me with, of course you can tell it is computer generated:

Dear Richard,
 
Thank you for writing to Yahoo! Messenger.
 
I understand that you have received an Instant Message or Messages 
containing a suspicious link or links. The links appear to have been 
sent by one or more of your contacts, but were actually sent by a 
malicious third party. Please do not click these links or download the 
associated EXE files. 
 
Remember, we always recommend that you never click suspicious links or 
download executable files sent from anyone including your contacts. 
Also, keep in mind that we are working to identify the source of the 
issue as well as to take down the sites that are the destination of 
these links.
 
To remove and prevent further infection, please update your anti-virus 
software.

I told them previously in my report that I was using Linux and had nothing to worry about. Typically this helps with the pre-generated email responses, but in this case it didn’t. Then it went on and detailed the conversation I had with my hacked friend. After that though is what got me, and that was their information about my computer I used to contact them. Here that is:

Machine: Unknown
 
OS: unknown
 
Browser: Default Browser 0
 
REMOTE_ADDR: xxx.xxx.xxx.xxx
 
REMOTE_HOST: xxx-xxx-xxx-xxx.somerouter.insomelocation.onsomenetwork.net
 
Date Originated: Tuesday February 22, 2011 - 13:47:01
 
Cookies: disabled
 
AOL: yes

Umm, for one I am not using AOL, and the last I checked, you couldn’t use it with Linux. If their sniffing were correct, it should have looked something like this:

Machine: ShakaDoobie
 
OS: Linux  (probably either Ubuntu or Kubuntu, as the WordPress sniffers pick this up)
 
Browser: Default Browser 0  (should say Google Chrome, and it isn't my default browser)
 
...
 
Cookies: enabled
 
AOL: hell no!

Ahh the fun an excitement I tell you. OK, you can go back to doing whatever you were doing now that I wasted 5 minutes of your time.

This entry was posted in Personal. Bookmark the permalink. Post a comment or leave a trackback: Trackback URL.
  • Abcom

    looks like a virus to me, an automated conversation from his logged in client (probably hidden from him – and he probably won’t notice it until people start asking him about that strange page he just sent them yesterday)

  • Subscribe to nixternal.com

     Subscribe in a reader

    Or, subscribe via email:
    Enter your email address:

  • Archives


semidetached
semidetached
semidetached
semidetached
%d bloggers like this: