We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
IMPORTANT! Have you received an email to your forum username?
Options
Comments
-
Not according to Microsoft. This Virus comes in various aliases and is classified by MS as severe.Just google it, it,s there;Now it,s been ID,d, I missed Stummpy,s post, one knows what ones dealing with.It,s a Dropper, and they are not to be ignored.
You misunderstood me. I wasn't trying to imply it wasn't dangerous.0 -
,
Hi Gerbil, sorry if I misunderstood you, BUT, all the info regarding this Trojan is not good, and some go so far as to claim is not removable, but I believe Stumpy has done so.My bone of contention is that as soon as Trojan was id,d. Martins team should have put more effort into informing forumites, who inadvertently downloaded this, indirectly as a fault of MSE",HOW "to detect and get rid, not amass loads of unnessesary crap of who has it and who hasn,t.That,s not putting forumites mind at rest, they want a CURE, not to be left to fend for themselves.MSE,s warning was very poor,and they have offered no technical support as far as I can see.We entrusted them with our data, the onus is on them to protect it, and if, as happens, a breach occurs,then help the victims to sort it, they have enough resources to do so.Martin seems to be implying, "not my fault GUv, you sort it"1000 posters want HELP;;;;MARTIN.SORT IT.YOU don,t get Trojans off radio and tv, otherwise, the longstanding reputation of this site is at risk.You are good at knocking others.The_Gerbil wrote: »You misunderstood me. I wasn't trying to imply it wasn't dangerous.0 -
tinkerbell28 wrote: »I think it is linked I had truck loads of spam since getting that email, I knew, just knew something had been hacked by spammers somewhere as it was an unreal level of spam coming to my inbox.
I reported them all as phishing scams and junk and it's slowed down now, the site I presume has been shut down. Don't forget I opened it so the spammers would have known it was an active address with a read notification even if I didn't download the virus by clicking on the link. (Which I didn't). They harvested active addresses.
Hi
I think it very unlikely that you have received a massive increase in spam on the back of this - if so you are being targetted for some strange reason in a way we havent' really heard of anyoen else being so. Let me take a little time to explain to you and others reading where we are on this...
We are very upset this has happened. Though again we are starting to think less and less there's been a new breach- we still have nothing confirmed from 2010 joiners (and we've had more people send info, but all have had the similar they joined earlier or wrong email issues of others).
While this is very upsetting. It's important to understand that this type of thing is much more common than it seems. Yesterday we received an email from an 'email marketing company' specialist who's database had been hacked with a trojan that then gets sent to their clients and effectively hacks their database too (we don't use it - so its unrelated).
The reasons so many know about this one therefore it seems bigger are
1. The forum names were used - had they not been, it would've been tougher to have identified it
2. We've been communicating this - having PM'd every user, put it top of the forum and in the weekly email. Many people affected have only found it in the spam boxes after checking for it.
3. As its forum related, people have a place to collect and communicate this collectively. When most sites are hacked (and it is sadly something that is part of the internet) people don't have the ability to do so, so it remains brushed under the carpet. We haven't done that.
Spam and malware attempts are a part of being on the web sadly. Now don't think that's me saying "we dont care" its the opposite, over the last year we've brought in external security experts to try and close down any holes and think we've got most of them. Yet even so this is an ongoing battle, when we improve, they improve, no system is perfect.
This website is a 'write' site ie users can contribute to what's on it, that means we have to allow people access to the database on some level and in itself that is a security flaw - but its impossible to avoid while running a forum.
That's why we try and keep minimal info necessary on people - primarily just email addresses.
We are continuing to investigate this but are coming up against a brick wall that nothing new has happened, and this is a resend of the earlier breach.
Why not publicise it more
A few people above are asking why we haven't done more. Actually I think we've done a huge amount.
To be honest Im worried we've slightly over publicised it, making it seem more than it is and scaring people unnecessarily - the balance is tough. Let me address some of the specifics
Someone above says it was only half way down the weekly email. That's not true, it was in the centre of the 'ones not to miss section' and in the first email we've sent since the breach.
Yet do remember this is a FORUM members issue (ie to people who write on not just read in the forum), the huge majority of the weekly email recipients aren't members of the forum (there are 700,000 forum members, and 5.4m email recipients and the venn diagrams don't necessarily cross over).
That's why we chose to focus on the forum, putting it at the top of every page, PMing EVERY member, and putting it on the home page. We included it in the weekly email in the "ones not to miss" section, in a prominent place primarily as a back up to that, not a core method.
We also considered emailing all our forum members on this, yet the advice we had was that to "send an email about a spam malware looks like spam malware" as that's how spammers operate. And even though we send a PM, which is on our own system, there are still people above saying "I wont open it because I'm worried".
Therefore there are big communication challenges out there with this type of thing.
As for doing it in the press, we've not hidden this, its on our home page - but this only affects MSE forum users. As noted above this type of thing does sadly happen all the time, it simply isn't a story.
While its on our home page, in the email, in the forum - thousands of journalists use all of those all the time and constantly pick up stories. And so far none have chosen this as an issue to cover, we've received no calls.
As for those suggesting I do it on daybreak, well apart from the fact Ofcom rules don't allow me to mention the site on air, I would've been laughed out of school had I suggested doing a story on one specific email thats been sent to a discrete indentifiable user group.
What Im saying is some sense of proportionality is needed. Yes it is a big MSE issue, but it is not a big issue for wider society, it is a drop in the Ocean of spam and malware that happens everywhere. Yet even one drop from this site is too many for me, so we are working to the best of our ability to stop it ever happening again.Martin Lewis, Money Saving Expert.
Please note, answers don't constitute financial advice, it is based on generalised journalistic research. Always ensure any decision is made with regards to your own individual circumstance.Don't miss out on urgent MoneySaving, get my weekly e-mail at www.moneysavingexpert.com/tips.Debt-Free Wannabee Official Nerd Club: (Honorary) Members number 0000 -
MSE_Martin wrote: »
To be honest Im worried we've slightly over publicised it, making it seem more than it is and scaring people unnecessarily
[snip]
What Im saying is some sense of proportionality is needed. Yes it is a big MSE issue, but it is not a big issue for wider society, it is a drop in the Ocean of spam and malware that happens everywhere. Yet even one drop from this site is too many for me, so we are working to the best of our ability to stop it ever happening again.
I have to agree TBH, it is difficult to warn people to be aware without scaring them and judging by some of the reactions in this thread you would think that everyone's PC is now trashed!
If this is the worst event to happen to members computers then they are very lucky indeed!
0 -
Hi, Thanks for the update, much appreciated.However, again, no advice given for those unfortunate people, not computer savvy, how to sort the problem, if they inadvertently exe.d the link, and imported the Trojan.You left it to others to ID it, and give guidance.In the grand scheme of things, it may be Minor, to you, but, there are some who will be worried stiff,if they opened it, and their security has not detected it, wondering what awaits them.I am not scaremongering, but the sheer number of concerned posters, should at least prompt you to give advice on finding, and curing said Trojan.Which you to my knowledge didn,t name.There are loads of companies offering, at a price to rid the Trojan, it,s been stated on here, it,s bypassed many AV,s and anti-malware suites.The horse has bolted now, but give some assistance to those who downloaded it, to sort it.They are worried, even blaming extra spam, it,s becoming a feeding frenzy.If you don,t know what to reccomend to cure it, say so.You haven,t mentioned it above.It won,t go away on it,s own.MSE_Martin wrote: »Hi
I think it very unlikely that you have received a massive increase in spam on the back of this - if so you are being targetted for some strange reason in a way we havent' really heard of anyoen else being so. Let me take a little time to explain to you and others reading where we are on this...
We are very upset this has happened. Though again we are starting to think less and less there's been a new breach- we still have nothing confirmed from 2010 joiners (and we've had more people send info, but all have had the similar they joined earlier or wrong email issues of others).
While this is very upsetting. It's important to understand that this type of thing is much more common than it seems. Yesterday we received an email from an 'email marketing company' specialist who's database had been hacked with a trojan that then gets sent to their clients and effectively hacks their database too (we don't use it - so its unrelated).
The reasons so many know about this one therefore it seems bigger are
1. The forum names were used - had they not been, it would've been tougher to have identified it
2. We've been communicating this - having PM'd every user, put it top of the forum and in the weekly email. Many people affected have only found it in the spam boxes after checking for it.
3. As its forum related, people have a place to collect and communicate this collectively. When most sites are hacked (and it is sadly something that is part of the internet) people don't have the ability to do so, so it remains brushed under the carpet. We haven't done that.
Spam and malware attempts are a part of being on the web sadly. Now don't think that's me saying "we dont care" its the opposite, over the last year we've brought in external security experts to try and close down any holes and think we've got most of them. Yet even so this is an ongoing battle, when we improve, they improve, no system is perfect.
This website is a 'write' site ie users can contribute to what's on it, that means we have to allow people access to the database on some level and in itself that is a security flaw - but its impossible to avoid while running a forum.
That's why we try and keep minimal info necessary on people - primarily just email addresses.
We are continuing to investigate this but are coming up against a brick wall that nothing new has happened, and this is a resend of the earlier breach.
Why not publicise it more
A few people above are asking why we haven't done more. Actually I think we've done a huge amount.
To be honest Im worried we've slightly over publicised it, making it seem more than it is and scaring people unnecessarily - the balance is tough. Let me address some of the specifics
Someone above says it was only half way down the weekly email. That's not true, it was in the centre of the 'ones not to miss section' and in the first email we've sent since the breach.
Yet do remember this is a FORUM members issue (ie to people who write on not just read in the forum), the huge majority of the weekly email recipients aren't members of the forum (there are 700,000 forum members, and 5.4m email recipients and the venn diagrams don't necessarily cross over).
That's why we chose to focus on the forum, putting it at the top of every page, PMing EVERY member, and putting it on the home page. We included it in the weekly email in the "ones not to miss" section, in a prominent place primarily as a back up to that, not a core method.
We also considered emailing all our forum members on this, yet the advice we had was that to "send an email about a spam malware looks like spam malware" as that's how spammers operate. And even though we send a PM, which is on our own system, there are still people above saying "I wont open it because I'm worried".
Therefore there are big communication challenges out there with this type of thing.
As for doing it in the press, we've not hidden this, its on our home page - but this only affects MSE forum users. As noted above this type of thing does sadly happen all the time, it simply isn't a story.
While its on our home page, in the email, in the forum - thousands of journalists use all of those all the time and constantly pick up stories. And so far none have chosen this as an issue to cover, we've received no calls.
As for those suggesting I do it on daybreak, well apart from the fact Ofcom rules don't allow me to mention the site on air, I would've been laughed out of school had I suggested doing a story on one specific email thats been sent to a discrete indentifiable user group.
What Im saying is some sense of proportionality is needed. Yes it is a big MSE issue, but it is not a big issue for wider society, it is a drop in the Ocean of spam and malware that happens everywhere. Yet even one drop from this site is too many for me, so we are working to the best of our ability to stop it ever happening again.0 -
tinkerbell28 wrote: »Bloody furious. I have got truck loads of spam, and I mean loads since this email I got. I wondered why as I couldn't figure it out, I'm pretty good with spam and I was wondering if one of my accounts had been hacked for details. Now I know there was a hack it was here, come across this by chance after logging in and getting a PM, I got an email and then a shed loads of spam, coincidence? Think not.
I have to disagree.
The "MoneyExpert" email was a deliberate attempt to infect your PC with a virus. This suggests to me that our email addresses were stolen for malicious reasons rather than to be sold on to spammers trying to sell you Viagra etc!
It has been suggested that the email addresses were stolen a while ago. Why wasn't the list of email addresses made available by the thieves immediately? This suggests to me that they were stolen specifically to target MSE users with a virus. Why would you suddenly be receiving spam email now?
We're on the same spammers list now. I've not seen any unusual spam emails or an increase in spam. I doubt spammers are selective when they acquire a list of email addresses!tinkerbell28 wrote: »Haven't read the thread but this is disguting for such a big site.
Sites get hacked. MSE is more vulnerable than most sites because hackers know that they'd get access to millions of email addresses.
You should really only be disgusted with MSE if they've been negligent in their security.0 -
Hi, Thanks for the update, much appreciated.However, again, no advice given for those unfortunate people, not computer savvy, how to sort the problem, if they inadvertently exe.d the link, and imported the Trojan.You left it to others to ID it, and give guidance.In the grand scheme of things, it may be Minor, to you, but, there are some who will be worried stiff,if they opened it, and their security has not detected it, wondering what awaits them.I am not scaremongering, but the sheer number of concerned posters, should at least prompt you to give advice on finding, and curing said Trojan.Which you to my knowledge didn,t name.There are loads of companies offering, at a price to rid the Trojan, it,s been stated on here, it,s bypassed many AV,s and anti-malware suites.The horse has bolted now, but give some assistance to those who downloaded it, to sort it.They are worried, even blaming extra spam, it,s becoming a feeding frenzy.If you don,t know what to reccomend to cure it, say so.You haven,t mentioned it above.It won,t go away on it,s own.
I have to disagree completely with what you are saying. In my opinion, it would be foolhardy for the MSE staff to attempt to advise their users beyond what they have already done in the news bulletin: which is to suggest any infected user seek professional advice. MSE are not computer security experts and less so, computer clean-up experts (an even more specialised field). What you are suggesting, if you will allow me an analogy, is expecting the postman to treat you for 'flu because he was the one that sneezed on you. What he should be doing is making sure he does not sneeze on anyone else and telling you to go to the doctor. Reverting to the real world, this is what I believe the MSE team are doing.
Even if MSE had the requisite skills or hired them in, generic advice would not be advisable. You do not need to be an expert to do the maths to realise this. Taking available figures: there are 700,000 forum users and potential recipients. The poll to this thread has just over 1,000 respondents as I write this, so there around 1,000 known emails sent. If MSE contacted every respondent and got every Trojan email back, the first thing they would have to do is analyse everyone to see if they were the same before investigating possible clean up actions and moving on to give some advice. But... Even if they got a 100% response rate, their sample size would be less than 0.15% of potential (700,000) infections. It is impossible to draw any conclusions or cleanup advice based on such a small number, other than "no conclusions can be drawn". This would all take a lot of time and effort to do and the final advice would be "If you think you might have run this malware: seek professional advice." This is exactly what has already been stated.
I was extremely careful when writing my cleanup steps to emphasize the dangers and the limitations inherent within them and explain some of my methodology to try and let people make an informed decision whether or not to follow the steps. Even then, I was in two minds about posting it. I was persuaded to post because I am not part of the chain of responsibility for this site nor could be linked to my (former) professional capacity. If I were in anyway affiliated with MSE, I definitely would not have posted. If acting in a professional capacity and being asked to clean up a machine, the first thing I would start with is a watertight, legally binding contract that absolved me from all blame should I do any damage. And despite that, I'd still have liability insurance. And I certainly wouldn't conduct my cleanup through the medium of a public forum.
SPCome on people, it's not difficult: lose means to be unable to find, loose means not being fixed in place. So if you have a hole in your pocket you might lose your loose change.0 -
I guess those less technically minded will not have given due consideration to this, hence why MSE have so far not responded to my questions asking what MSE will do if users request posts be deleted to help protect themselves.
I am slightly confused by this, which is why no one has answered - users have the ability to delete their posts - always have done.Martin Lewis, Money Saving Expert.
Please note, answers don't constitute financial advice, it is based on generalised journalistic research. Always ensure any decision is made with regards to your own individual circumstance.Don't miss out on urgent MoneySaving, get my weekly e-mail at www.moneysavingexpert.com/tips.Debt-Free Wannabee Official Nerd Club: (Honorary) Members number 0000 -
Disagree you may, your analogy is not the same.MSE obviously found the Trojan, or was informed of it by a forumite???As to advice, as it was forumites confidential e-mails and usernames that were HACKED, then I think MSE had a duty of care to inform all forumites the Trojan ID and let them seek proffessional advice,on how to detect/rid of it.It helps if you know what you are dealing with.This Trojan is being picked up by Hijackthis, on other forums, it,s not exclusive to this site, and it,s not new.Ignorance is not bliss.You yourself admitted it bypassed malwarebytes and certain Av,s, so IF I had not had the nous to not open it, I could have it and still not know, as my default anti-malware is malwarebytes.and Avast.As you know, all Trojans are not the same,and this is a "Dropper", just waiting to sneeze, but I bet the postman would have told you he had a cold after sneezing on you.unlike the Trojan.Most forumites know the risk they run, but don,t expect their data being hacked.that,s why it,s never posted.All I know is that, my g-mail address is now in someone elses hands.All the platitudes in the world cannot alter that.PS.I can only thankyou for ID,ing it, and posting it, but that was MSE,s duty, and if your advice worked for anyone who had it, I thank you on their behalf.That,s what makes this forum, tick, BUT as you know, they can use another Trojan tommorrow, now the,ve got our e-mails::StumpyPumpy wrote: »I have to disagree completely with what you are saying. In my opinion, it would be foolhardy for the MSE staff to attempt to advise their users beyond what they have already done in the news bulletin: which is to suggest any infected user seek professional advice. MSE are not computer security experts and less so, computer clean-up experts (an even more specialised field). What you are suggesting, if you will allow me an analogy, is expecting the postman to treat you for 'flu because he was the one that sneezed on you. What he should be doing is making sure he does not sneeze on anyone else and telling you to go to the doctor. Reverting to the real world, this is what I believe the MSE team are doing.
Even if MSE had the requisite skills or hired them in, generic advice would not be advisable. You do not need to be an expert to do the maths to realise this. Taking available figures: there are 700,000 forum users and potential recipients. The poll to this thread has just over 1,000 respondents as I write this, so there around 1,000 known emails sent. If MSE contacted every respondent and got every Trojan email back, the first thing they would have to do is analyse everyone to see if they were the same before investigating possible clean up actions and moving on to give some advice. But... Even if they got a 100% response rate, their sample size would be less than 0.15% of potential (700,000) infections. It is impossible to draw any conclusions or cleanup advice based on such a small number, other than "no conclusions can be drawn". This would all take a lot of time and effort to do and the final advice would be "If you think you might have run this malware: seek professional advice." This is exactly what has already been stated.
I was extremely careful when writing my cleanup steps to emphasize the dangers and the limitations inherent within them and explain some of my methodology to try and let people make an informed decision whether or not to follow the steps. Even then, I was in two minds about posting it. I was persuaded to post because I am not part of the chain of responsibility for this site nor could be linked to my (former) professional capacity. If I were in anyway affiliated with MSE, I definitely would not have posted. If acting in a professional capacity and being asked to clean up a machine, the first thing I would start with is a watertight, legally binding contract that absolved me from all blame should I do any damage. And despite that, I'd still have liability insurance. And I certainly wouldn't conduct my cleanup through the medium of a public forum.
SP0 -
Yes but It is very time consuming for a user to have to delete each post one by one, especially for users with thousands of posts going back a number of years, even when the site is working with adequate performance. That is why I asked what MSE would do if a user requested MSE to delete ALL of their posts, in view of the current "situation".
Then there are posts that cannot be deleted because they are in "closed threads" etc.
Users can delete posts - if they have any specific difficulties relating to doing so that they can't surpass, the best thing to do is email [EMAIL="abuse@moneysavingexpert.com"]abuse@moneysavingexpert.com[/EMAIL] and the team will try to help see what can be done. I really don't see where you're going with this hypothetical - rather than just trying to create an issue.
If you would like your account deleted please do email abuse@ Im sure they'll be more than happy to help.Martin Lewis, Money Saving Expert.
Please note, answers don't constitute financial advice, it is based on generalised journalistic research. Always ensure any decision is made with regards to your own individual circumstance.Don't miss out on urgent MoneySaving, get my weekly e-mail at www.moneysavingexpert.com/tips.Debt-Free Wannabee Official Nerd Club: (Honorary) Members number 0000
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.2K Banking & Borrowing
- 253.2K Reduce Debt & Boost Income
- 453.7K Spending & Discounts
- 244.1K Work, Benefits & Business
- 599.2K Mortgages, Homes & Bills
- 177K Life & Family
- 257.5K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards