Fake virus warning messages

Just received an email advising me of a private message from the Adminstrator of WW1 Talk:

"Dear PeterG
A virus alert was noticed on your computer.
We highly recommend you to check your computer and perform online virus check at our site immediately: http ://antivirus.effectmedsxxxx.com/

Sincerely, Forum Administration

If you get a similar notification Do NOT, repeat NOT, click on the link. It will install a bogus virus security checker and install several trojans. I have inserted four Xs in the link to disable it

It is months since I posted in WW1 and there is no way they can check my computer.

Peter

 

Peter,

I am no computer boffin and so many thanks for the heads up.

Are there any official overseers of Web Addresses who could investigate the originator and close them down.

Regards
Tom

 

Got one of them too... didn't even know I was a member on there!


dave

 

It could indicate the site has been hacked, so I wouldn't visit it or click on any links.

 

I dont think the site has been hacked. The same person tried to get into a site which I am part of the admin team but we spotted and banned the offender. They are just registering and then using the PM facility to bombard members with phishing links. Shouldn't happen on a well managed site and a mod team that are on the ball. It goes without saying but don't be tempted to click any of their links.
Regards
Hugh

 

Hugh,

I think that happened to me the other day on this forum.

When I logged on a member had sent me a PM and the member had been discharged.
I thought it was a recruiting campaign for a revisionist site.
Obviously our Moderators are on the ball.

Regards
Tom

 

Have got to say I have not had any issues on this site since I have been a member. The mods do a good job here.
Regards
Hugh

 

I had two PMs (on WW1talk - which I haven't been on for quiet a while) and deleted them. Time will see if anymore appear eventhough the admin have said they are beefing up security.

 

Just received an email advising me of a private message from the Adminstrator of WW1 Talk:

"Dear PeterG
A virus alert was noticed on your computer. .....

Got an almost identical PM from the Scottish War Memorials website yesterday morning (same dodgy URL), through my membership. It seems someone created an account and manually sent the PM to me. Not sure if others were sent. I checked the members name ('Adminlady') and the membership was a few hours old with zero posts.

It has been dealt with quickly, but it seems crazy that the account could be created with such a name and allowed access to member lists and PMs with no prior posting history.

geoff

 

Cheeky little monkeys.

 

Just had an email advising me of a PM on GWF that I didn't open as the sender was advised as a 'LadyXAdmin'. I deleted it and advised GWF Admin.

Tony

 

This is a new and very dangerous development. Currently infections are running at an amazing 35 million per month. The problem now of course is that they are copying and mimicking security sites. A very nasty one is 'Windows Security Center', you can find a list of these nasties here Malware Help. Org | PC security, privacy, anonymity and anti-malware Resource. , a typical one is shown here
How to remove AntiMalware (AntiMalware Removal) | Malware Help. Org

What I think has happened to WW1 Talk is that their Members data list has been seeded with a rogue bot and emails auto-generated and sent to all members.

In the past two days alone I've help clear two computers in Italy over the Internent. If you have been caught the best solution I have found so far is to install the free version of Malwarebytes.org then get into safe mode and run it. I've tested a few other spyware and malware detectors, all have detected these 'security' trojans but only Malwarebytes has completely removed them, including the registry keys.

Peter

 

This particular pest going by the name of Lady_Admin and other variations of the name is probably hiding behind a proxy and I believe coming out of Germany and Holland.
Regards
Hugh

 

Got an almost identical PM from the Scottish War Memorials website yesterday morning (same dodgy URL), through my membership.
This is most interesting and would seem to indicate that as soon as a member of these forums responds s/he creates a zombie backdoor access to the Members List of their own forum, for example this one. It is not a question of the administrators being vigilant, rather it is essential that no member of this forum responds. Treat all Private Messages with caution and do not click on any links.

 

Just had an email advising me of a PM on GWF that I didn't open as the sender was advised as a 'LadyXAdmin'. I deleted it and advised GWF Admin.

Tony

'LadyXAdmin' and 'AdminLady' seems to have joined loads of forums in the last two days. Suspect it may be a hacked attack since I don't think GWF would allow this name and all their recruits are manually checked and cannot PM without 10 posts.

 

'LadyXAdmin' and 'AdminLady' seems to have joined loads of forums in the last two days. Suspect it may be a hacked attack since I don't think GWF would allow this name and all their recruits are manually checked and cannot PM without 10 posts.
LadyXAdmin and variants won't be in any Memeber lists, they are clearly auto-generated at the point the lure email is sent.

 

Treat all Private Messages with caution and do not click on any links.

I didn't click, trashed it. They only offered to clean up my PC. Now if they'd offered a crate of Leffe.....

 

LadyXAdmin and variants won't be in any Memeber lists, they are clearly auto-generated at the point the lure email is sent.

'AdminLady' was in the member list of the forum I had a PM from. First thing I checked. Looked like a bona fide membership account, which it probably was since they only screen non-ISP email accounts on joining. The PM notification email was genuine. It looked like a manual attack.