The Arcive of Official vBulletin Modifications Site.

GSeybold · #1 09-29-2008, 09:52 PM

I don't know if I can post this here but I thought I would alert you. I'm sure this has already been discussed some where but a lot of forums have been hit with this over the past few days.

Spammer with user name "Jessie" or "Patricia" PM members with the following- No post counts over a two week registration account.

Hi,
I'm new here, how's it going?

"Buddhism has the characteristics of what would be expected in a cosmic religion for the future: it transcends a personal God, avoids dogmas and theology; it covers both the natural & spiritual, and it is based on a religious sense aspiring from the experience of all things as a meaningful unity" - Albert Einstein

---
Patricia
http[colon]//patricia2.t35.com

IP id 209-59-46.129

IP Data
OrgName: Global Tac, LLC
OrgID: GTL-30
Address: 7454 Lancaster Pike #500
City: Hockessin
StateProv: DE
PostalCode: 19707
Country: US

NetRange: 209.59.32.0 - 209.59.63.255
CIDR: 209.59.32.0/19
NetName: GLOBETAC1
NetHandle: NET-209-59-32-0-1
Parent: NET-209-0-0-0-0
NetType: Direct Allocation
Comment:
RegDate: 2005-12-16
Updated: 2007-04-02

OrgTechHandle: ADMIN1003-ARIN
OrgTechName: Administrator
OrgTechPhone: +1-302-352-1751
OrgTechEmail: ****@globetac.net

Virus

--------------------------------------------------------------------------------

Malware type: Backdoor

Aliases: Backdoor.Win32.mIRC-based (Kaspersky), IRC/Flood.gen.e (McAfee), Backdoor.IRC.Bot (Symantec), Troj/Mirchack-A (Sophos),

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No
Overall risk rating:
Low

--------------------------------------------------------------------------------

Reported infections:
Low
Damage potential: High
Distribution potential: Low

--------------------------------------------------------------------------------

Description:

This backdoor may be dropped by other malware. It may arrive bundled with malware packages as a malware component. It may be downloaded unknowingly by a user when visiting malicious Web sites.

It creates folders. It drops files/components.

It creates registry key(s)/entry(ies) as part of its installation routine.

Again, I hope this is okay to post here. I'm just so pissed right now. Like I have time for this chit.

Linda

SVTCobraLTD · #2 09-29-2008, 10:33 PM

I got this person on my site at one time. Banned right away.

GSeybold · #3 09-29-2008, 10:43 PM

How did you know to ban right away? Was there signs I need to watch for? I stopped her/it at about 8 PMs in. Probably more.

SVTCobraLTD · #4 09-29-2008, 10:48 PM

I pay attention to all new registrants. My site is specific to a US State so its kinda obvious when someone is not from the area. I now made a user group named "New Member" because of this, the groups first post is moderated except ones posted in the introduction forum. Plus they are unable to send PM's. Once they make one post, they are moved to the Junior Member group where it is not so restrictive.

GSeybold · #5 09-29-2008, 10:50 PM

Ah Okay. THank you very much for this.

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.05295 seconds Memory Usage 2,200KB Queries Executed 13 (?)
More Information
Template Usage: (1)SHOWTHREAD (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)ad_showthread_beforeqr (1)ad_showthread_firstpost (1)ad_showthread_firstpost_sig (1)ad_showthread_firstpost_start (1)footer (1)forumjump (1)forumrules (1)gobutton (1)header (1)headinclude (1)navbar (3)navbar_link (120)option (5)post_thanks_box (5)post_thanks_button (1)post_thanks_javascript (1)post_thanks_navbar_search (5)post_thanks_postbit_info (5)postbit (5)postbit_onlinestatus (5)postbit_wrapper (1)spacer_close (1)spacer_open (1)tagbit_wrapper Phrase Groups Available: global inlinemod postbit posting reputationlevel showthread	Included Files: ./showthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/functions_bigthree.php ./includes/class_postbit.php ./includes/class_bbcode.php ./includes/functions_reputation.php ./includes/functions_post_thanks.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_postinfo_query fetch_postinfo fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete showthread_start showthread_getinfo forumjump showthread_post_start showthread_query_postids showthread_query bbcode_fetch_tags bbcode_create showthread_postbit_create postbit_factory postbit_display_start post_thanks_function_post_thanks_off_start post_thanks_function_post_thanks_off_end post_thanks_function_fetch_thanks_start post_thanks_function_fetch_thanks_end post_thanks_function_thanked_already_start post_thanks_function_thanked_already_end fetch_musername postbit_imicons bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete postbit_display_complete post_thanks_function_can_thank_this_post_start tag_fetchbit_complete forumrules navbits navbits_complete showthread_complete
Messages:

The Arcive of Official vBulletin Modifications Site.

It is not a VB3 engine, just a parsed copy!