[plug] Re: ? phishing attack

William Kenworthy billk at iinet.net.au
Fri Dec 28 15:53:53 WST 2007


Its unlikely to be a spybot on a linux computer - unless you are using a
windows machine instead (naughty naughty - you know why you shouldnt use
windows for personnel data :)  Are you running any windows programs via
wine? - this is a potential hazard.  Is it a dual boot machine with
windows able to access the linux data?

I think I read recently that Western Mail has some procedures that make
it easy for the phishers to get to your money - avoid!

A broken tripwire is not unusual - but it still should make you pause.
Can you still get to the data files and check them directly?

i.e., on my machine they are like this:
/var/lib/tripwire/report/rattus-20071228-101544.twr
see the tripwire docs on how to extract the data.

If you are worried, the only safe way is to wipe the whole machine and
reinstall

Some of the more paranoid around create a number of user accounts for
special purposes - one for general use, and one or more for banking,
ebay and the like, with very restrictive access and permissions set.
These accounts are only logged in and used WHEN needed.  Extreme, but
maybe needed if you dont trust the main account - only you know what you
are doing with it!

spam and email is a different question ...

BillK


On Fri, 2007-12-28 at 14:47 +0800, Richard Yellin wrote:
> On Fri, 28 Dec 2007 12:59:36 +0800,  wrote:
> 
> > I 've been on the net to shop for a new tablet computer and came across  
> > a ridiculously (<1/2 price) cheap price.  I started emailing this site  
> > for details and turns out it's not a shop but an address in England who  
> > want payment by Western Mail.
> >
> > I think they possibly have a spybot onto my computer and don't know how  
> > to detect it and block or remove it.
> > After the first two email exchanges went ok with the usual delay, the  
> > third email detailing payment came within 30secs (at least <60s) of my  
> > email asking for payment details and other questions (all answered).
> > This was pretty upsetting stuff.
> >
> > I also discovered on /var/spool/mail/root that my tripwire is broken,  
> > but now permission is denied.
> My mail is heavily contaminated with spam.
> 
> How do I restore my computer to normal?  Is this  a spyware attack? What  
> anti-spyware program, that is rel easy to use, can I use?
> I want to buy this device in the next few days using my credit card from  
> more genuine sites (such as  Compuserve or PCSuperTools or PROVANTAGE).    
> Is the credit card details more at risk than usual?
> 
> --regards Richard
> _______________________________________________
> PLUG discussion list: plug at plug.org.au
> http://www.plug.org.au/mailman/listinfo/plug
> Committee e-mail: committee at plug.linux.org.au
-- 
William Kenworthy <billk at iinet.net.au>
Home in Perth!



More information about the plug mailing list