Tons of viruses from other nuke sites!

Posted: Sun Mar 27, 2005 8:46 pm

In the last 72 hours I have recieved a TON of emails from many of the nuke site domains that I am a member of. Everyone of them contained a virus.

Anyone else experiencing this?

Posted: Sun Mar 27, 2005 9:02 pm

What type of virus?

Posted: Sun Mar 27, 2005 9:11 pm

w32.Lovegate.R@mm in most of them.

Posted: Sun Mar 27, 2005 9:29 pm

Are you sure they are really coming from the sites and not just spoofed email addresses?

Posted: Sun Mar 27, 2005 9:46 pm

Well I am unsure about all of them, I only looked closely at the last few which indeed appear to be coming from the actual domains. I was just curious if anyone else has been getting these emails.

Posted: Mon Mar 28, 2005 6:46 am

I was and changed my email addresses a while back because of it. It was a huge pain in the rear but sometimes its the only recourse.

registered · Posted: Mon Mar 28, 2005 9:43 am

Hhmmmm... so the key question is, do you use the same email address on your nuke registrations than what you normally use for personal reasons? It is very troublesome to me if a virus was written specific to Nuke and get access to the nuke_users table. If you use the same email address for other things to, is it more probable that you are on other people's personal distribution lists, which is the primary model for email virus' to attack and propogate.

Sure hope we don't have a nuke-specific issue...

Regards,
montego

Posted: Mon Mar 28, 2005 9:46 am

Well the interesting thing is that on one of my servers that was running SPCHat and Coppermine I found a folder in the root directory entitled mailer. Inside that folder were php files that were definately snuck in. It looks like someone was using that domain to send stuff with using the php mail function.

Posted: Mon Mar 28, 2005 10:04 am

Funny how Coppermine always comes in discussions with mischief. And it does not surpise me that a Chat tool could cause vulnerabilities especially if it allows for file sharing.

Thank you for letting all of us know of what you have found!

I am always very leary about using any tool that allows the uploading of files. Sure seems like there needs to be some tool, like Norton or McAfee which can also inspect PHP and other uploaded files. But, somehow, the tools would have to allow site admins to do whatever they need to do.

Sure seems like there may be a nitch market that is not being met...

montego

Posted: Mon Mar 28, 2005 11:06 am

There was a somewhat un-herolded SPChat security issue a while back. I updated without really giving any thought to posting anything about it here.

Posted: Mon Mar 28, 2005 11:11 am

So are you saying that my issue was most likely caused by SPChat? I am just curious as to which one of the two it most likely was. I miss my Coppermine already! *LMAO*

Posted: Mon Mar 28, 2005 11:44 am

No I couldn't tell you which one was the culpurt. But it would be worth comparing the version # of your SPChat against what is the latest posted.

New Member Joined: Mar 29, 2005 Posts: 5

Slightly off topic - but you mentioned you had to change Email due to Spam. It would be worth looking at "One Time Only" Email addresses. It does not stop the Spam at source, but it is VERY effective in diverting it to useless email addys, leaving your box vertually spam free and clean.

Just a thought, its worked well for many people.

Zy

Posted: Tue Mar 29, 2005 9:36 am

Yes it would be. I visit a lot of sites to help debug login features or the ever annoying limited access areas for people. So my email addy gets on some strange lists once in while. But the recent rash of email worms was just too much. I was getting around 10-12 infected emails to every 1 valid one before creating a new identity for this purpose. But to create a one time address everytime would just be way to time consuming.

Posted: Tue Mar 29, 2005 10:03 am

You dont have to. I was very sceptical at first, but this really does work and is a very good practical solution.

Type in "Temporary Email" into any web search engine - Google / MSN give good results on this. The basic idea is that temporary emails are automatically set for you. When you give your email into a dubious or untried source (maybe a new website you want their products or registration, but are unsure of the security) you use a temp email addy. You will still get registration, communication with the site in question, but you trap any resulting Spam, and you find out where it came from - and can give the offending Site a "Thick Ear" Smile

I know it sounds complex & time consuming, but its not - its very neat, quick and elegent. Dozens of temp email addy Providers have sprung up, many are free, but with many of those who charge its dirt cheap.

Its worth a good read on this - it kills spam quickly, and when you do get it, it does not get in your way, your main email box remains free.

Its a very clever innovative solution, thats spreading rapidly because its so easy to use.

Zy

Posted: Tue Mar 29, 2005 10:29 am

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_LOVGATE.P

This worm runs on Windows OS so it's definatly not coppermine or spchat.
Maybe your computer is infected.

The only way to find out who send you the email is to look in the email headers.
The headers show you from which IP the email is send.
If the IP doesn't belong to the site you think it is then you must excuse yourself that a php-nuke site is the issue.

In windows cmd or command prompt you can "ping www.website.com" to find the IP.
on websites like ripe, arin, lacnic, etc. you can find out to whom the IP belongs.

Posted: Tue Mar 29, 2005 10:40 am

Quick addendum to the temp email / anti spam addy posted 2 above

Anyone interested take a look at http://www.spamgourmet.com - they give a good explanation on the principles, showing how easy it is to use, and they are known as one of the better providers of the genre.

Zy