Recommended Posts

Thanks to Larry at BleepingComputer for the warning...

Someone has been PMing members at BC with the following:

Hello,

I have a major problem and from what I have read I think I have a rootkit or keylogger. I do alot of online transaction so I'm very worried about this. I understand you guys don't take new topics but older ones but I've read somewhere that if the person has a very serious problem then you can help them out first. Since you are a HJT member and you know basically everything I'm hoping you can help.

My topic:

http://www.bleepingcomputer.com/forums/topic161242.html

The topic is actually disguised using BBCode so that it leads to a different domain:

[url="hXXp://8cd46.9hz.com"]http://www.bleepingcomputer.com/forums/topic161242.html[/url]

It's now offline, but I added the XX in place of tt just to be safe.

The page is a rip of the BleepingComputer login page. If you didn't notice the strange URL, and logged in, it would redirect you to the proper topic... after it stole your login details!

They've tried it once, and they're likely to try again. Be careful with PMs, and forum topics bearing links to topics. Be especially careful if you get a login screen -- even if it looks legit. We use cookies to maintain your login info for 30 days. If you suddenly see a login screen, it's likely fake. Be sure to check the URL carefully. If you suspect you may have logged into a screen that was not legit, change your password immediately.

------------------------

I wanted to post this for everyone to make sure all of you were safe and if anyone has received any such PM please let me know ASAP.

Stay safe everyone!

B

Link to post
Share on other sites

I think it would be kind of whacked for anyone that is a HJT expert or student to click on a link without seeing where it leads. I click on nothing without looking at the actual URL that my browser shows. Maybe this is due to being RickRolled one too many times.

Link to post
Share on other sites