| View previous topic :: View next topic |
| Author |
Message |
Slick74
Trooper
Joined: Jan 23, 2005
Posts: 10
Location: Australia
|
|
| Back to top |
|
 |
Oldfrog
Special Response Team
Joined: Jun 27, 2004
Posts: 8576
Location: Deep in the Heart of Texas
|
 Posted: Mon Jan 24, 2005 2:20 pm Post subject: |
|
|
You could certainly track the IP number using a whois search and this is done all the time. A good general tool for checking things like this is http://www.dnsstuff.com/
In this case the first link that you show is a legitimate e-gold address. The second is a bogus address but seems to have already been shut down.
In future, if you will enclose links like these in single quotes they will not show as a clickable link.
_________________
 MS MVP Security 2006-2008
|
|
| Back to top |
|
|
laura90059
Cadet
Premium Member
Joined: May 18, 2004
Posts: 3
Location: USA
|
| Posted: Sat Feb 19, 2005 8:33 pm Post subject: Unfortunately I clicked the link! |
|
|
I got this same message, unfortunately I do have an egold account and having heard of all the hacking going on there I clicked the link to check and see if my egold profile had been changed.
Dowloaded a version of I-Worm/Bofra to my puter, and I can't fix all the problems I have as a result of my stupidity!!!
Now I have to search the forum for the proper place to post my plea for help, just stopped here first to warn everyone.
|
|
| Back to top |
|
|
Ikeb
Special Response Team
Forums Admin
Joined: Apr 20, 2003
Posts: 16536
|
| Posted: Sat Feb 19, 2005 11:00 pm Post subject: |
|
|
| Oldfrog wrote: | | In future, if you will enclose links like these in single quotes they will not show as a clickable link. |
Perhaps create a topic for such useful reminders and place as a sticky? Might be argued that same thing applies to other forums but inadvertent browsing to pharming links posted here could be particularly dangerous.
|
|
| Back to top |
|
|
OJ_did_it
Major
Premium Member
Joined: Nov 13, 2004
Posts: 1059
|
| Posted: Sun Feb 20, 2005 6:59 am Post subject: |
|
|
| RIPE wrote: |
inetnum: 213.114.120.0 - 213.114.127.255
netname: BB-BISP-LUL90-SE
descr: B2 customer network
country: SE
remarks: <INFRA-AW>
admin-c: BR3045-RIPE
tech-c: BR3045-RIPE
status: ASSIGNED PA
mnt-by: B2-MNT
mnt-routes: B2-MNT
changed: **********@bredband.com 20040303
source: RIPE
route: 213.114.0.0/15
descr: Broadband Customers in Scandinavia
descr: Please report improper use to *****@bredband.com
origin: AS8642
notify: ***@bredband.com
mnt-by: B2-MNT
changed: **********@bredband.com 20040618
source: RIPE
role: Bredbandsbolaget Routing Registry
address: Box 47645
address: 117 94 Stockholm
address: Sweden
e-mail: ***@bredband.com
trouble: *********************************
trouble: Abuse related issues is reported
trouble: to *****@bredband.com
trouble: phone +46 586 65485
trouble: Abuse issues sent to other e-mail
trouble: adresses will be discarded
trouble: *********************************
admin-c: TN2809-RIPE
admin-c: JN1883-RIPE
admin-c: EB78-RIPE
admin-c: NE102-RIPE
admin-c: ARL1-RIPE
tech-c: TN2809-RIPE
tech-c: JN1883-RIPE
tech-c: EB78-RIPE
tech-c: NE102-RIPE
tech-c: ARL1-RIPE
nic-hdl: BR3045-RIPE
mnt-by: B2-MNT
notify: ***@bredband.com
changed: ************@bredband.com 20020418
changed: ************@bredband.com 20020425
changed: ****************@bredband.com 20021004
changed: ***********@bredband.com 20030813
changed: **********@bredband.com 20040603
changed: **********@bredband.com 20041209
source: RIPE
|
|
|
| Back to top |
|
|
laura90059
Cadet
Premium Member
Joined: May 18, 2004
Posts: 3
Location: USA
|
| Posted: Mon Feb 21, 2005 8:07 pm Post subject: Got another one today |
|
|
I got another one of theses e-gold emails today, so I am posting it wih full headers in hopes someone will be keeping a database of thes jerks.
X-Apparently-To: XXXXX@yahoo.com via 206.190.37.155; Mon, 21 Feb 2005 01:37:17 -0800
X-YahooFilteredBulk: 195.70.10.40
Authentication-Results: mta347.mail.scd.yahoo.com from=e-gold.com; domainkeys=neutral (no sig)
X-Originating-IP: [195.70.10.40]
Return-Path: <webserver@dfinet.ch>
Received: from 195.70.10.40 (EHLO localhost.localdomain) (195.70.10.40) by mta347.mail.scd.yahoo.com with SMTP; Mon, 21 Feb 2005 01:37:17 -0800
Received: from localhost.localdomain (hosting [127.0.0.1]) by localhost.localdomain (8.12.8/8.12. with ESMTP id j1L9bGRE026762 for <laura90059@yahoo.com>; Mon, 21 Feb 2005 10:37:16 +0100
Received: (from www@localhost) by localhost.localdomain (8.12.8/8.12.8/Submit) id j1L9bGQq026758; Mon, 21 Feb 2005 10:37:16 +0100
Date: Mon, 21 Feb 2005 10:37:16 +0100
Message-Id: <200502210937.j1L9bGQq026758@localhost.localdomain>
X-Authentication-Warning: localhost.localdomain: www set sender to webserver@dfinet.ch using -f
To: XXXXXXX@yahoo.com
Subject: Notification of e-gold account update
From: "AccountRobot_donotreply@e-gold.com" <AccountRobot_donotreply@e-gold.com> Add to Address Book
Content-Type: text/html; charset=windows-1251
X-Priority: 3
Content-Length: 995
** e-gold Account Information Update Notice **
”https://www.e-gold.com/acct/login.html”
This automatic email notice lets you know that modifications have been made to the Account Information settings for your e-gold account. The current settings for your account can be viewed and modified at the e-gold website by choosing the Account Info menu selection while accessing your account.
If you did not make a change to your account before receiving this email message, you should immediately contact e-gold using the contact instructions available at the e-gold web site.
(For your security, never click a link in an email message to get to the e-gold web site.)
Please do not reply to this automatically generated email message.
|
|
| Back to top |
|
|
|
|
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
just do a Google search for the terms "hack e-gold" and you will see what I mean. It's pretty SCARY! 
Is there any way of tracking the IP number or should I just report it to E-Gold and leave it in their hands?
