DTP


 
Lively discussions on the graphic arts and publishing — in print or on the web


Go Back   Desktop Publishing Forum > General Discussions > Software

Reply
 
Thread Tools Display Modes
Old 04-26-2012, 08:29 PM   #1
curveto
Member
 
curveto's Avatar
 
Join Date: Feb 2005
Location: some room with white padded walls ... now surrounded by Saguaro Cacti
Posts: 351
Default Warning: My Thunderbird just got "spowned"

Like that? I just made it up. SPAM. Owned. Spowned.

Anyhow, I've sent the better part of two days now watching my speedy laptop do essentially nothing as I scanned it with multiple "offline" virus detect / removal tools (from MS and Kaspersky to be exact).

Why? You ask?

Because some baddy targeted some SPAM (with a evil payload) at my yahoo mail account. Did I click on it? Why, no in fact I did not. Yahoo dropped it in my Bulk / Spam folder and the process of EMPTYING the folder (which requires selection) in the latest and greatest Thunderbird managed to let them run an exploit that a) took Thunderbird down and b) dropped a specially crafted "profile" in Thunderbird's AppData/ work space.

ALL of this activity made it past Security Essentials, btw.

When I subsequently launched Thunderbird, I noticed my UI was acting a bit odd (I now know that the special profile was actually CHECKING email and then pulling down attachments, etc. from as if it were me). I immediately started getting all manner of Spam messages targeted at my email account (guess why).

CLUE: If you (like me, now) suddenly start to get all manner of spam take that as a clue that mayhaps someone has phoned home (from your box!) to put out a call to "send in the re-enforcements!"

Thinking something was odd (like my box was rooted) I ran Security Essentials *Offline* version and low and behold, WAAAAAAAY at the end of the file system search what does she find? ...a gaggle of really horrendous tools offering up all manner of access to/from my box. They were harder than snot to get rid of too. But I appear to have gotten all of them.

I also removed Thunderbird from my system so the crap that continues to arrive in my email account has no means to re-establish a beach landing.

Just sharing with some of my kin folk,
curveto is offline   Reply With Quote
Old 04-26-2012, 08:36 PM   #2
curveto
Member
 
curveto's Avatar
 
Join Date: Feb 2005
Location: some room with white padded walls ... now surrounded by Saguaro Cacti
Posts: 351
Default

I also learned an important lesson using Security Essentials during this exercise.

Some "we shouldn't alarm the idiots to much" bonehead, err... committee of boneheads at Microsoft decided that the little green/yellow/red "you're protected because we scanned some of your disk" icon should STAY GREEN EVEN IF A VIRUS IS DETECTED until it completes (as in 100% coverage) a "full scan."

If you look closely they put some stupid disclaimer text that says words to the effect of "we think we may have found something ... when the full scan is all done you can check it out for yourself" warning. ...all wrapped up pretty-like in gobs-o-green primary UI.

Lesson learned (that I'll share with you). Run FULL scans on a reasonably regular basis (you can set a "don't use to much cpu" control in its options to mitigate the pain) and let the scan operation reach 100%. If you have a big disk (who doesn't) that means hours, possibly days of continuous operation (who frigg'n does this, right?). Well... now I DO. ...and probably you too.
curveto is offline   Reply With Quote
Old 04-27-2012, 01:03 PM   #3
terrie
Staff
 
Join Date: Oct 2004
Posts: 8,916
Default

Wow! Sounds really nasty! I use both Eudora and Thunderbird but, I've gotten in the habit of using the web-based email access for my accounts first before I pull anything into either Eudora or Thunderbird. I started doing that so that the web-based email software would be trained (theoretically) by moving any spam to the web-based spam folder and then deleting it from there.

I have a Yahoo email account but I have only used it in the past to register for sites that I know I will never visit again but that require registration to access. I never download my Yahoo mail to my own machine and only check the account at Yahoo sporatically. I receive so much spam that appears to be sourced from compromised Yahoo accounts that I don't trust anyone who actually uses a Yahoo account--present company excepted of course...'-}}

One of the reasons I like using Zone Alarm is that it's both an incoming AND outgoing Firewall. I want to know if something wants access from my system. If it's legit then, I set the "remember" flag in Zone Alarm. I've never found (haven't really looked) for another firewall that flags both incoming and outgoing access. I don't know if it would have helped you in this instance but it might have...

Glad you got your system cleaned up...

Terrie
terrie is offline   Reply With Quote
Old 04-27-2012, 04:40 PM   #4
curveto
Member
 
curveto's Avatar
 
Join Date: Feb 2005
Location: some room with white padded walls ... now surrounded by Saguaro Cacti
Posts: 351
Default

The symptoms I noticed (other than the outright crash of Thunderbird, of course) primarily revolved around a) a large, new, never before seen influx of spam (which is still "hitting" my yahoo mail account now) and the little "Bulk" folder icon in Thunderbird auto-magically going bold (as if "there's something in here") and then un-bold (i.e., empty).

I was already in the process of killing my yahoo email account (too) and so this served as the nail in the coffin. Since I figured google already knows everything about everything that's in my gmail account and no one (or essentially no one) has managed to perform a hard exploit against Chrome, I'm now using Chrome as my "email client." I don't normally use Chrome that much. It's nice and all but I really like my NoScript, Ghostery improved Firefox so that's the primary browser.

I still need to make a few MORE (min creds) accounts (and probably a separate machine) for "somewhat sensitive" and "really sensitive" data storage / usage (e.g., banking).

The fact that they established a basecamp in my min cred account was annoying. But that I was using that account for all manner of activities is just me being dumb, err... ignorant.
curveto is offline   Reply With Quote
Old 04-27-2012, 04:44 PM   #5
curveto
Member
 
curveto's Avatar
 
Join Date: Feb 2005
Location: some room with white padded walls ... now surrounded by Saguaro Cacti
Posts: 351
Default

...and I'm once again a new user of Kaspersky's Pure 2.0 (and, rather conveniently, Security Essentials v4 which JUST shipped).
curveto is offline   Reply With Quote
Old 04-27-2012, 05:28 PM   #6
ElyseC
Sysop Emeritus
 
ElyseC's Avatar
 
Join Date: Oct 2004
Location: southeastern Iowa, in the technology corridor
Posts: 2,190
Default

Quote:
Originally Posted by terrie View Post
Wow! Sounds really nasty! I use both Eudora and Thunderbird but, I've gotten in the habit of using the web-based email access for my accounts first before I pull anything into either Eudora or Thunderbird. I started doing that so that the web-based email software would be trained (theoretically) by moving any spam to the web-based spam folder and then deleting it from there.
I check my most spam-prone email account on my iPad before letting the computer collect it. The iPad seems to allow only images and PDFs to be saved out of email, it can't download files other than images via its browser (or at least I haven't figured out how to) and the only real downloading is restricted to getting stuff from the iTunes, iBook and App stores. Because of that I figure it's probably safer to preview and dump junk mail there before letting the laptop collect it.

   
__________________
Elyse
ElyseC is offline   Reply With Quote
Old 04-27-2012, 06:46 PM   #7
Steve Rindsberg
Staff
 
Join Date: Nov 2004
Posts: 6,709
Default

FWIW, there's a lovely $5 app called GoodReader that can pull down all manner of stuff (PDFs mainly, but other goodies too). From web sites, FTP and other sources. Very handy.

   
__________________
Steve Rindsberg
====================
www.pptfaq.com
www.pptools.com
and stuff
Steve Rindsberg is offline   Reply With Quote
Old 04-28-2012, 03:08 PM   #8
ElyseC
Sysop Emeritus
 
ElyseC's Avatar
 
Join Date: Oct 2004
Location: southeastern Iowa, in the technology corridor
Posts: 2,190
Default

Quote:
Originally Posted by Steve Rindsberg View Post
FWIW, there's a lovely $5 app called GoodReader that...
Thanks! I'll look it up!

   
__________________
Elyse
ElyseC is offline   Reply With Quote
Old 04-28-2012, 01:49 PM   #9
terrie
Staff
 
Join Date: Oct 2004
Posts: 8,916
Default

Quote:
elyse: Because of that I figure it's probably safer to preview and dump junk mail there before letting the laptop collect it.
Persackly! '-}}

Terrie
terrie is offline   Reply With Quote
Old 06-02-2013, 04:58 PM   #10
CMAR606
Member
 
Join Date: Jun 2013
Posts: 38
Default

Quote:
Originally Posted by terrie View Post
Wow! Sounds really nasty! I use both Eudora and Thunderbird but, I've gotten in the habit of using the web-based email access for my accounts first before I pull anything into either Eudora or Thunderbird. I started doing that so that the web-based email software would be trained (theoretically) by moving any spam to the web-based spam folder and then deleting it from there.

I have a Yahoo email account but I have only used it in the past to register for sites that I know I will never visit again but that require registration to access. I never download my Yahoo mail to my own machine and only check the account at Yahoo sporatically. I receive so much spam that appears to be sourced from compromised Yahoo accounts that I don't trust anyone who actually uses a Yahoo account--present company excepted of course...'-}}

One of the reasons I like using Zone Alarm is that it's both an incoming AND outgoing Firewall. I want to know if something wants access from my system. If it's legit then, I set the "remember" flag in Zone Alarm. I've never found (haven't really looked) for another firewall that flags both incoming and outgoing access. I don't know if it would have helped you in this instance but it might have...

Glad you got your system cleaned up...

Terrie
But if you use IMAP in either eudora or TB you should be able to NOT open an email and drag it to the spam folder and whatever email prodvider will black list it and know to spam it as your imap downloads.
CMAR606 is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
pronounce "vnreasonable" and "haue." Andrew B. On Language & Literature 10 12-14-2008 03:41 PM
"Lazy HTML" warning dthomsen8 Web Design 3 08-28-2007 05:13 PM
Suppress Word's "File Download" dialog? Lab309 Web Site Building & Maintenance 1 01-13-2006 10:09 AM
Verbs: "obscure" vs "secure" groucho On Language & Literature 16 11-14-2005 03:43 PM


All times are GMT -8. The time now is 11:23 PM.


Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Contents copyright 2004–2014 Desktop Publishing Forum and its members.