Dear good folks of FPN,

A fair number of our folks are receiving messages purportedly from the fpnadmin gmail box, with a virus or worm attached to it.

This message does not originate from fpnadmin!

Do not, we repeat, do not, under any circumstances, click on the executable or any other attached file in that message.
Just delete it straight away.

This message does not originate from the FPN Admin Team, but very likely from an infected computer, which now is spreading itself by sending out emails to all addresses in the address book on that computer, and at least partly while pretending fpnadmin to be the sender. We received such a message ourselves, too, BTW, in the fpnadmin mailbox!

For the time being, we will send out messages from the FPN Admin Team by PM, in stead of using the gmail option, so do check your PMs on a regular basis when checking in to FPN.

We also noticed some database corruption problems, which we managed to fix. As a result, performance should be slightly better now.

Kind regards,

The FPN Admin Team.

Thank you, ADMIN TEAM, for taking care of this!

Bill

Thanks for taking care of this so quickly!

Thanks for the very efficient way in which you guys took care of the problem. BRAVO!!!!

Yes, I got mine. Nice to know what sort of people are visiting, isn't it.

Thanks!

I just got the e-mail... anything .exe in an e-mail is bad news

I use Yahoo for general e-mail use.
Very suprised they allow executables to get through.
Who's going to own up to opening it then?

Thanks for telling. my computer wouldn't let me open it. *phew*

Thanks for telling us. Glad my Mac doesn't know what an .exe file is .

Same here!

same here

Thanks for catching it !

Denis... whose PC does not know .exe either

Ah, Linux, thank you once again for not understanding those windows things.

Earlier I was going to email the admins and tell them of the spurious email I received (Mac also), but when I went to FPN, it was already down for repair. Good Job, quick work, up again quickly. Good Job!!

Jack

Thanks fine admins! You had it already shut down when I was going to report it - nice work!

Thanks, guys and gals.

Apart from the emails, we had a problem with the database as well. Superadmin Roy managed to locate the problem so we could all help fixing it. This is why the board was brought down for a short while.

The problems with the email and with the database were reported by some very vigilant folks here, so thank you all for keeping an eye on our board, and help us keeping FPN a pleasant experience!

Warmest regards, Wim

I love Macs! They just say no to viruses!

I think that was one exceptional operation by the admins !

This is the fastest ever i've seen a board come back up after an attack.

thanks guys!

I came to the URL and my AV s/w popped up a warning saying that this address was trying to d/l that same virus to my system. I was hesitant to come back.

I was going to send it to FPN's spoof e-mail address. Thanks for posting it out.

On my computer an executable (.exe) didn't come through the email. An Internet link to download the executable is what came through. If anyone clicked the link then they may have confirmed to whoever owns the traffall.biz domain that their email address is valid, and spam is probably on the way. I hope no one executed the file.

After a little Internet research I found this information.

Thanks FPN for catching it fast.It decided to show up while my wife was surfing and she didn't know any better.So far though,no problems.I have scanned and found nothing.Whew!!!

Handlebar Jim

I recieved an e-mail as well

Received the email as well. Glad to know you are on top of it. Good work guys!

I am kind of disappointed this happened. Perhaps user account information should have been encrypted, kept on a seperate computer, or just generally better protected with virus protection and firewalls. Now my email account has been compromised. Do you know what virus caused this?

On the other hand, this site provides lots of value at no cost, so I shouldn't complain.

Lesson learned.

I also got the email and saw the wierd site. I did not click anything but deleted it

Sam

Thanks for the quick fix, especially from those who need the FPN fix often

What Jack said. Thanks for your fast action. I really missed you when you were down.

Laura

yes, thanks for the fix. When I came home it was already fixed...

PS: i hope no one's computers were harmed

I am so happy that you caught it and fixed it Thank you :bunny1:

This was my experience as well. Norton Anti-Virus jumped in and deleted 2 files that downloaded from the web...not via email.

Thank you to the Admin Team for their vigilance.

Andy

Great job Admin!

BTW, I got the email too - looked funny, so I deleted it :bunny1: :bunny1: :bunny1: :bunny1: :bunny1: :bunny1:

thank goodness i read this post before checking my email.

I deleted it right away!

thanks

I also had the same thing happen to me as KCat. as soon as I opened the site, it tried to DL those two files, which were promptly detected by my AV... Then I got the email. click on an .exe file? I don't think so

Thanks admin team for taking care of things so quickly... I needed my fix

Thank you so much, FPN Admins!
Great job !! (as usual)

I got mine in the mail today and I almost opened it, but my sixth sense told me not to, so it was deleted. Hopefully, this problem will be taken care of shortly.

Everyone should update their anti-virus software and make sure its always on. I got a nasty virus last year that totally wiped out the contents on my hard drive. Thankfully, I was able to track down who sent it to me and they were able to get the problem corrected.

A BIG thank you to the FPN Admins!

Well I'm a sucker and when I get a mail from this place with the subject line 'help' I go right ahead and open it. Fortunately my AV picked it up and kicked it into oblivion. Full virus scan just to be sure and I am clean As clean as I ever was.

Well done to all the techie admins for doing...er... techie stuff I don't understand. xx

Thanks to the admins for sorting out the problems so quickly. I got an e-mail this morning after the site was back up, so maybe we need to be aware that it could still be e-mailing out.

Did anyone get the popup with the attempt to serve up a (presumably) dodgy .wmf file beforehand? This was my first indication that something was up with FPN. Firefox was busy trying to communicate with that .biz site so I just closed it down, thinking something was very wrong and I was right. Left it alone after that. Avoidance is the best virus protection of all, IMO.

Well done to the Admin team in getting the forum back up as quickly as they did.

Martin

I had the same experience as Andy. I went to FPN and Norton popped up that it had intercepted the virus. I never saw an email.

My Windows Picture and Fax Viewer opened each time I tried to access FPN but I just shut it each time. I don't know if this is similar to what you had?

I have no problems but I don't know if there is anything lurking there on my system. I do have an anti-virus program so hopefully that caught it.

Ron

[quote=RonB,May 31 2006, 05:18 PM] [QUOTE=twdpens,May 31 2006, 11:08 AM] Did anyone get the popup with the attempt to serve up a (presumably) dodgy .wmf file beforehand? This was my first indication that something was up with FPN. Firefox was busy trying to communicate with that .biz site so I just closed it down, thinking something was very wrong and I was right. [/quote]
Firefox blocked a popup for me just before the database went down and when I tried to access FPN it caused Firefox to crash.

Icevic - so how exactly has your e-mail been compromised? And why is it you imagine that this free board is responsible for protecting your PC? It aint. You are. If you feel your system has been compromised, maybe you should get some up to date AV software. Failing that, the only way to be completely safe from this kind of virus attack is to get intimate with the 'off' button on your pc.

I had My gmail account come up through firefox so i guess it blocked it as well

Sam

Yes, your picture and fax viewer was trying to open the .wmf (Windoze Meta File - a file format used for pictures and diagrams in many popular pieces of s/w eg Word and Excel). Fortunately for you I don't think that a fax viewer is capable of executing any macro that may have been hidden in the file, but don't quote me on this (see links below). If I'd have had my wits about me I should have saved the file for analysis.

There's a bit more about it here and here. Since the trojan has been around since December then you should have had a patch for it by now. However, good advice is to never open any attachments. Ever. Second best is only open ones that you are expecting and are from a trusted source. However, even trusted sources can get virii which is why you need protection. Even in this case, never open any executable file received by e-mail even if you do have AV s/w.

Me, If I could get the wireless LAN to work on this 'puter I'd be back in Linux land .

Martin

Hi Icevic,

This was caused by something external in the first place, so things like these are very difficult to prevent. We could have a more stringent policy regarding new users, but even that won't make things foolproof.

The reason for the email attack is quite simply because viruses tend to scam to all email addresses on someone's computer, and that could have been any computer used by any of our members. So I don't see how a thing like this can be stopped easily.

Don't forget that although these messages seemed to be generated by the fpnadmin mailbox, they weren't. We actually received a message like this ourselves, after we had received several warnings from different members here.

The only way to stop this, and even that isn't 100% foolproof, is to install a decent firewall on your computer, configured the right way, combined with a good anti-virus package, and preferably aided by a hardware firewall as well.

That is the set-up I have, and although I received a similar message via email, the .exe was removed from it, and my firewall wouldn't allow me to check the trojan site either.

I use ZoneAlarm Pro, with Norton Antivirus, on all of my Windows computers in my home network, and I have a router with a hardware firewall, which is set to block ports 0-1024, so that only a computer on my own network can initiate external access.

Actually, as a result from this set-up, I never even noticed myself that anything was wrong out there in the world, unlike many other people.

So I reckon this is one of the best $70 a year or so I spend on computer stuff.

Regarding the virus: Sidney did some footwork, and in a message a bit further back in this thread Sidney actually came to the correct conclusion regarding this particular virus. Just check that message.

Warmest regards, Wim

edit: here is the link to Sidney's message

Thanks Admin Team for taking care of this!

I did get the email but gmail had automatically deleted it (I think... hmmm now I don't remember if gmail did or if Norton AV did). So there was nothing to exe on my system in terms of email. It was only when I went to the URL that it tried to zap me again.