Topics

Shouldn't need to state this... Don't open random files from the Internets #offtopic


 Chris Spacone
 

I recently received a direct email from jara8426@... that contained a short cryptic message regarding a topic I and others have recently posted on.

I've never heard of this person so that was hint #1 and the message body contained no indication telling me whom it might have come from, hint#2.

The message body contained a link to drive.google.com and a document password, hint #3.

I downloaded the ZIP file and scanned it for virii, trojans and other potential villains, all came back negative. Hint #4.

I examined the ZIP file and it contained an oddly named file with a VBS extension. Hint #5.

I stopped there and deleted everything related to this. I may set up a playground and see what this thing intended to do but not terribly interested in expending a great deal of time on what is clearly a ham fisted hacking attempt.

So, if you get email from somebody you don't know, that isn't signed, that contains links you didn't ask for that point to files with questionable provenance you should probably do yourself a favor and delete it.

Remember, the vast majority of folks we meet are good, honest folk interested in the same thing we are, Airspy.

Remember also that there are bad actor out there as well and that you need to do your due diligence.

-Chris


Lyndxer
 

I received the same email yesterday claiming to be in response to my recent posts about my Spyverter problem. I immediately thought the wording and a reference to a form I supposedly requested was odd.  I looked at the path of the email and it looked legit. Out of further curiosity, I Googled "Nelsonvilletv.com to see if I could find someone there with that email address. No go.

I ran the link through an online malware detector and it came up negative on all the sites it checked. Then I decided to see if I could download the zipped file which had a .vbs doc in it, but Windows Defender would not let me  saying it detected a Trojan virus in it.  Defender has been known to be wrong before but at that point, my natural curiosity took a back seat to my natural skepticism and I went no further, other than forwarding the email to the group administrator asking whether the sender was a registered member of the group.


Johan Bodin
 

I got a similar, perhaps the same, message from the same sender. It referred to a thread on this list but was addressed directly to me.

/Johan

Den 2020-09-28 kl. 21:32, skrev Chris Spacone:

I recently received a direct email from jara8426@... that contained a short cryptic message regarding a topic I and others have recently posted on.

I've never heard of this person so that was hint #1 and the message body contained no indication telling me whom it might have come from, hint#2.

The message body contained a link to drive.google.com and a document password, hint #3.

I downloaded the ZIP file and scanned it for virii, trojans and other potential villains, all came back negative. Hint #4.

I examined the ZIP file and it contained an oddly named file with a VBS extension. Hint #5.

I stopped there and deleted everything related to this. I may set up a playground and see what this thing intended to do but not terribly interested in expending a great deal of time on what is clearly a ham fisted hacking attempt.

So, if you get email from somebody you don't know, that isn't signed, that contains links you didn't ask for that point to files with questionable provenance you should probably do yourself a favor and delete it.

Remember, the vast majority of folks we meet are good, honest folk interested in the same thing we are, Airspy.

Remember also that there are bad actor out there as well and that you need to do your due diligence.

-Chris


jdow
 

That's the one I just wrote about. I REALLY hope nobody opened it.

{^_^}

On 20200928 12:32:41, Chris Spacone wrote:
I recently received a direct email from jara8426@... that contained a short cryptic message regarding a topic I and others have recently posted on.

I've never heard of this person so that was hint #1 and the message body contained no indication telling me whom it might have come from, hint#2.

The message body contained a link to drive.google.com and a document password, hint #3.

I downloaded the ZIP file and scanned it for virii, trojans and other potential villains, all came back negative. Hint #4.

I examined the ZIP file and it contained an oddly named file with a VBS extension. Hint #5.

I stopped there and deleted everything related to this. I may set up a playground and see what this thing intended to do but not terribly interested in expending a great deal of time on what is clearly a ham fisted hacking attempt.

So, if you get email from somebody you don't know, that isn't signed, that contains links you didn't ask for that point to files with questionable provenance you should probably do yourself a favor and delete it.

Remember, the vast majority of folks we meet are good, honest folk interested in the same thing we are, Airspy.

Remember also that there are bad actor out there as well and that you need to do your due diligence.

-Chris



Simon Brown
 

I host the sdr-radio.com e-mail on Google, it got past Google’s defences!

 

Not living in the 1980’s I don’t have any need for VBS so just ignored it.

 

Simon Brown, G4ELI

https://www.sdr-radio.com

 

From: airspy@groups.io <airspy@groups.io> On Behalf Of jdow
Sent: 29 September 2020 20:02
To: airspy@groups.io
Subject: Re: [airspy] Shouldn't need to state this... Don't open random files from the Internets #offtopic

 

That's the one I just wrote about. I REALLY hope nobody opened it.

{^_^}


Noel f6bgc
 

Hello,
a similar email address jara8462(at)nelsonvilletv.com (yes, 8462, not 8426)
has been used in icom rs-ba1@groups.io to send the same scam email.
Adam VA7OJ banned this user from all groups he's managing.

If  not already done,
would it be possible for Youssef and Simon to ban the sender jara8426(at)nelsonvilletv.com
from all groups they manage respectively ?
Thanks in advance.

73 - noel f6bgc


Le mar. 29 sept. 2020 à 21:12, Simon Brown <simon@...> a écrit :

I host the sdr-radio.com e-mail on Google, it got past Google’s defences!

 

Not living in the 1980’s I don’t have any need for VBS so just ignored it.

 

Simon Brown, G4ELI

https://www.sdr-radio.com

 

From: airspy@groups.io <airspy@groups.io> On Behalf Of jdow
Sent: 29 September 2020 20:02
To: airspy@groups.io
Subject: Re: [airspy] Shouldn't need to state this... Don't open random files from the Internets #offtopic

 

That's the one I just wrote about. I REALLY hope nobody opened it.

{^_^}



--
73 - noel f6bgc


jdow
 

That should be done. But it is locking the bar door after all the horses have escaped.

{^_^}

On 20200929 13:27:41, Noel f6bgc wrote:
Hello,
a similar email address jara8462(at)nelsonvilletv.com (yes, 8462, not 8426)
has been used in icom rs-ba1@groups.io to send the same scam email.
Adam VA7OJ banned this user from all groups he's managing.

If  not already done,
would it be possible for Youssef and Simon to ban the sender jara8426(at)nelsonvilletv.com
from all groups they manage respectively ?
Thanks in advance.

73 - noel f6bgc


Le mar. 29 sept. 2020 à 21:12, Simon Brown <simon@...> a écrit :

I host the sdr-radio.com e-mail on Google, it got past Google’s defences!

 

Not living in the 1980’s I don’t have any need for VBS so just ignored it.

 

Simon Brown, G4ELI

https://www.sdr-radio.com

 

From: airspy@groups.io <airspy@groups.io> On Behalf Of jdow
Sent: 29 September 2020 20:02
To: airspy@groups.io
Subject: Re: [airspy] Shouldn't need to state this... Don't open random files from the Internets #offtopic

 

That's the one I just wrote about. I REALLY hope nobody opened it.

{^_^}



--
73 - noel f6bgc


Simon Brown
 

Ban and the email will change.

 

When I started my online forums https://forum.sdr-radio.com:4499/ an unholy number of bots started registering but were blocked by the forum security. Something like 2,500 different bot addresses tried in the first few days, that’s before the link to https://forum.sdr-radio.com:4499/ was even published!

 

This is one reason why my systems are backed up overnight to the cloud and NAS here at home.

 

I get at least one DDoS a month, my upmarket TP-Link router handles this well.

 

Simon Brown, G4ELI

https://www.sdr-radio.com

 

From: airspy@groups.io <airspy@groups.io> On Behalf Of jdow
Sent: 29 September 2020 22:00
To: airspy@groups.io
Subject: Re: [airspy] Shouldn't need to state this... Don't open random files from the Internets #offtopic

 

That should be done. But it is locking the bar door after all the horses have escaped.

{^_^}


Simon Brown
 

I think this script would have taken the barn door, hinges as well as the stable lad and all the horses.

 

Simon Brown, G4ELI

https://www.sdr-radio.com

 

From: airspy@groups.io <airspy@groups.io> On Behalf Of jdow
Sent: 29 September 2020 22:00
To: airspy@groups.io
Subject: Re: [airspy] Shouldn't need to state this... Don't open random files from the Internets #offtopic

 

That should be done. But it is locking the bar door after all the horses have escaped.

{^_^}


Mike Wolfson <nwhkr319@...>
 

I got one of these emails after sending my email about requesting additional functions.

Mike

On Tue, Sep 29, 2020, 1:59 PM jdow <jdow@...> wrote:
That should be done. But it is locking the bar door after all the horses have escaped.

{^_^}

On 20200929 13:27:41, Noel f6bgc wrote:
Hello,
a similar email address jara8462(at)nelsonvilletv.com (yes, 8462, not 8426)
has been used in icom rs-ba1@groups.io to send the same scam email.
Adam VA7OJ banned this user from all groups he's managing.

If  not already done,
would it be possible for Youssef and Simon to ban the sender jara8426(at)nelsonvilletv.com
from all groups they manage respectively ?
Thanks in advance.

73 - noel f6bgc


Le mar. 29 sept. 2020 à 21:12, Simon Brown <simon@...> a écrit :

I host the sdr-radio.com e-mail on Google, it got past Google’s defences!

 

Not living in the 1980’s I don’t have any need for VBS so just ignored it.

 

Simon Brown, G4ELI

https://www.sdr-radio.com

 

From: airspy@groups.io <airspy@groups.io> On Behalf Of jdow
Sent: 29 September 2020 20:02
To: airspy@groups.io
Subject: Re: [airspy] Shouldn't need to state this... Don't open random files from the Internets #offtopic

 

That's the one I just wrote about. I REALLY hope nobody opened it.

{^_^}



--
73 - noel f6bgc


 Chris Spacone
 

Noel,

In the States (perhaps elswhere in the world as well) we have a nickname for this kind of response: WhackAMole.

Almost certainly the email address is spoofed so blocking the user, assuming they even exist, is as pointless as Simon indicates.

Best to be a defensive internet user and practice Safe Cybernetics™.

-Chris


Joe M.
 

Did anyone getting those spam emails visit the bonito website?

That site has been spammed many times on other lists.
I've seen it here a few times now.

It seems any time a topic comes up, there is a link there.

Joe M.

On 9/29/2020 4:27 PM, Noel f6bgc wrote:
Hello,
a similar email address jara8462(at)nelsonvilletv.com
<http://nelsonvilletv.com> (yes, 8462, not 8426)
has been used in icom rs-ba1@groups.io <mailto:rs-ba1@groups.io> to send
the same scam email.
Adam VA7OJ banned this user from all groups he's managing.

If not already done,
would it be possible for Youssef and Simon to ban the sender
jara8426(at)nelsonvilletv.com <http://nelsonvilletv.com>
from all groups they manage respectively ?
Thanks in advance.

73 - noel f6bgc


Le mar. 29 sept. 2020 à 21:12, Simon Brown <simon@sdr-radio.com
<mailto:simon@sdr-radio.com>> a écrit :

I host the sdr-radio.com <http://sdr-radio.com> e-mail on Google, it
got past Google’s defences!____

__ __

Not living in the 1980’s I don’t have any need for VBS so just
ignored it.____

__ __

Simon Brown, G4ELI____

https://www.sdr-radio.com____

__ __

*From:*airspy@groups.io <mailto:airspy@groups.io> <airspy@groups.io
<mailto:airspy@groups.io>> *On Behalf Of *jdow
*Sent:* 29 September 2020 20:02
*To:* airspy@groups.io <mailto:airspy@groups.io>
*Subject:* Re: [airspy] Shouldn't need to state this... Don't open
random files from the Internets #offtopic____

__ __

That's the one I just wrote about. I REALLY hope nobody opened it.

{^_^}____



--
73 - noel f6bgc
https://f8kcf.net/

<http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient>
Virus-free. www.avg.com
<http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient>


<#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>