Slashdot Mirror
Spam That Delivers a Pink Slip
alphadogg wrote in with a Network World story that begins: "Last week, a handful of employees at Dekalb Medical Center in Decatur, Ga., received e-mails saying they were being laid off. The subject line read 'Urgent — employment issue,' and the sender listed on the message was at dekalb.org, which is the domain the medical center uses. The e-mail contained a link to a Web site that claimed to offer career-counseling information. And so a few employees, concerned about their employment status and no doubt miffed about being laid off via e-mail, clicked on the link to learn more and unwittingly downloaded a keylogger program that was lurking at the site. Score another one for spammers."
Clever, because we all know our soulless corporations would do that.
Slashdot: Failed Car Analogies. Amateur Lawyering. Anecdote Battles.
Evil too, of course, and I wouldn't be particularly sad if those responsible were raped to death by manatees. But still pretty fucking hilarious.
So would downloading the keylogger count as a breach in the company's acceptable use policy, therefore warranting them an actual pink slip?
Disclaimer: Any errors in spelling, tact or fact are transmission errors.
(Not really.)
There was a notice on the internal site for _ntel last week about this, but IT was catching it. With the layoffs there, they were a ripe target.
Heh, while some people actually spend money to CURE people of paranoia, it would be (at least) useful to have paranoia CLASSES thought as part of any "PC operator" course ;)
By reading this signature you agree to not disagree with the post you just read.
Cornered....like a rat...danger at every turn!
Darwin's List seems assured of a good genetic pool to recruit candidates from.
Down With Slashdot BETA!!! I've been around the corner and seen the oliphant; you can only abuse me from your perspecti
My favorite virus email was the "I Love You" virus. Since I worked for a French company at the time, the entire executive staff triggered the virus and the entire company got spammed by it. That was funny since you got emails from the CEO that he loved you. But the cure hurted more when it kicked in. For every email that was deleted from the server, Norton sent out a notification email that the email was deleted. The network grind to a halt because of the notification emails instead of the actual virus emails. Go figure.
In Soviet Russia, spam deletes you!
Curiosity was framed. Ignorance killed the cat.
phishers, especially when they get caught, tried, convicted and imprisoned?
Keyloggers do transmit to certain IP addresses.
--- Grow a pair, liberals... stop letting the Republicans bully you!
so you're saying the server.... surrendered?
Step 1. Date or make friends with someone in HR systems who runs the Peoplesoft/Oracle/SAP HR system. Help them out with database work (like complex batch jobs).
Step 2. Pay attention to the kinds of queries they need help with.
Step 3. If they begin compiling seniority studies / benefits calculations for projections IN THE FUTURE (red flag!) or estimate retirement dates if your company has a defined pension benefit, see step 4.
Step 4. Put up resume on dice.com and start "disappearing" during lunch to return headhunter phone calls.
Hint: Almost everyone stupid enough to click the link without confirming first would be using (Possibly un-updated) Win32 and IE6, with a non-updated firewall, if they had one at all. Not everyone has enough brains to figure these things out... Just today, I had to put the "Internet Explorer" icon back on someone's desktop, which I did in 3 clicks. After that, I told someone you have to click inside a text box before the text will go in. As sad as it is, not everyone can be a nerd.
I would not accept being fired by some nonconfrontational method like this.
Just pretend you never got it. and ignore it, go about your day. Apparently the boss is already too much of a pussy as to actually fire you in the fire place, so what is the chance he will say anything. Hell come back the next day, then cause a small scene making them look like idiots.
THey are afraid of confrontation, make that fear a realization (in a calm way, but put it all on them)
The phrase "more better" is acceptable English. suck it grammar Nazis
But does the keylogger work on Linux?
\
I thought, getting a "pink slip", was slang for taking the loser's car off his hands after a street race.
And "getting your walking papers" meant getting fired...
Someone enlighten me? Yank doesn't always make sense to me.
> no, yes, maybe (tagging beta)
And if everybody ran 10 miles before breakfast, we'd all be unbelievably fit! WTF is your point? Get back on your knees, Bill is not a patient man.
This kind of stories will end with really stiff laws and high-profile enforcement. Hacking also used to be a harmless pastime of C.Sci students until a bunch of assholes caused real damage. Spammers should just stick with their p3n1s 3nlargm3nt creams and continue to enjoy their status as a pests, but not real villains.
If only people used digital signatures, impersonating senders would be a lot harder.
Please correct me if I got my facts wrong.
The companys email filter should have stopped that. It would not have worked here.
I have to ask: why is it relevant that the company was French, and in what way do you think that the fact, that it was French, make the executive staff more likely to trigger the virus?
Note: English is my third language, and I may just not have understood that particular sentence correctly. Also, I am not French or from anywhere closely associated with France, so my question is not due to hurt sensibilities or anything like that.
I guess the point is; getting annoyed at people for using the most popular operating system (which obviously is the one keyloggers are going to target) is just about the most pointless thing you can do. By basic definition everyone can't be part of the minority.
Forgive me if I'm being stupid, but how do you get the IE icon back in 3 clicks? (without keyboard navigation). I thought that to get the actual IE icon back you needed TweakUI anyway, or the registry editor, although I spose you could just make a standard shortcut to iexplore.exe
That's what you get for using an insecure OS (*cough* Windows)/browser (*cough* IE)/configuration/whatever. Too bad the IT department often doesn't learn about security until there's a bigger breach.
OK, so who clicked the "unwittingly downloaded a keylogger program" link in the article without having second thoughts?
;)
A double whammy for the phishers if it linked to the keylogger infected file in question.
biopowered.co.uk - catalytically cracking triglycerides for home automotive use since 2008. Just say no to big oil!
In Soviet Russia, spam junks YOU!!
Aikon-
WHY don't all these moron CTO's and VP's of IS get their asses canned, paying MS for their shit?
Because they're infinitely more likely to get sacked for refusing to provide & support a platform on which the company can run the software it feels it needs to than they are to get sacked for providing it and it so happens that it's not terribly secure.
Business drives IT, not the other way around.
Besides which, with a suitably locked-down network and a suitably paranoid mail relay, it's not really a problem. If, however, neither of those exist - yeah, someone does deserve at least a little talking to...
Subjects lines like this would work well too:
Subject: Newsletter: Pay Freeze Continues. Inside, managements weekend on-board the companies new Luxury yacht.
Body: Click here to view the photos and eye witness accounts of the tragic sinking of the company yacht in force 10 gales off the Cornish coast. 5 still missing, presumed dead. RNLI claims lack of planning, insufficient investment in crucial safety equipment and communication difficulties with the Azerbajani crew to blame.
Because the French are such a loving people.
In XP there is an option in display properties, pretty sure that is at least five clicks though (maybe more, i can't remember if the option is visible immediately you click on the correct tab or not).
note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
Yeah, I got one of these too. Since I've been self-employed for over 23 years, it looks like I would have already heard about this layoff. Sigh. I'm always the last to know!
Their SMTP gateway should have detected a server outside of their network was trying to send a message with an internal email address as the sender and blocked it. It never would have worked in my company. Plus if someone in my company received a message like this which would have had an external email address as a sender, someone would have called me right away. I then would have blocked the site, blocked similar emails, seen who was sent a similar message and spoke with them to find out who visited the site and scanned and/or reloaded all the recipients' computers anyway.
:-/
If it was sent by a computer internally, I think I could see that also (I'll have to check on that) and get that computer/employee taken care of.
We had a similar social engineering test recently. A small number of people but still more than I'd like followed the instructions in the email, a similar number notified me or another employee that could help them make sense of the message, and I had the email blocked and the ISP of the sender on the phone within minutes. It was only after that I was informed about the test. I know I passed. I'm sure a few others failed.
Your technology has to protect your organization to a certain point but your employees MUST be trained to not fall for this kind of stuff. Unfortunately, some will never learn because they think it's IT's job to keep this stuff from happening. Why did I choose this career again?
But why is the rum gone?
Its a phish attack, not spam.
I want to delete my account but Slashdot doesn't allow it.
A well planned keylogger placement should be undetectable, no? This farce raises attention, and seems likely to garner further investigation.
SF author Larry Niven actually used something very like that idea in his "Known Space" future history. The idea was that society had decided that anyone who was the least bit violent/aggressive was "ill" and gave them meds to make them a happy little camper. Not mindless zombies, just very passive. (That's a difference of degree, of course.) But there was still a need for a police force, to protect against threats both from within and outside human space. So the the police force -- the ARM (Amalgamated Regional Militias) -- were taken off their meds, or even given other meds to make them more paranoid. Only during the work week, of course -- on days off, they took their non-paranoid meds instead.
dragonhawk@iname.microsoft.com
I do not like Microsoft. Remove them from my email address.
Where is the link?
I would like to see this site they went to.
My Sig indicates the end of the comment I posted.
Normally I don't care, but I'd like to know how the parent is a "Troll" here?
How do you go about "unwittingly downloaded a keylogger program"? Even if you run Win OS and use IE at default settings it takes unpatched exploit and/or click of OK. After that keylogger needs to get past firewall to ring home to be of any use. So can someone explain how this can happen on a properly maintained computer?
The people who downloaded it were upset, and certainly not as aware as they should be. The firewall issue is separate, and I'd suggest that the fact it's a medical center makes it even more of a concern, but most users are just trying to do their job. "Properly maintained" is another matter. Users should not have the ability to download or install anything; that's why we call them "USERS" and not administrators.
There were multiple failures here.
The difference between a Miracle and a Fact is exactly the difference between a mermaid and a seal. (Mark Twain)
Different time zones. My office was located in the Pacific Time Zone and France is on the other side of the Eastern Time Zone. So the virus was in full swing by the time my co-workers got into the office. Besides, French or not, the executive management team has always been clueless and/or loveless. :)
This also explains why the french gene pool is the most diversified in the world.
Any email virus checker that sends any kind of "This email had a virus but I removed it" email either to the recipient or to the listed sender is broken IMO (except in the case where its got both a virus and genuine content in which case the virus should be removed, a note inserted into the email next to the genuine content and it sent on to the recipiant)
As a recipiant of email, I dont care that I got a virus in my mail, I just want it gone. The listed sender probobly doesnt care since its likely fake anyway.
Will if administrators are slow in pushing out the windows updates then a user can install spyware by just going to a website.
Nono, there are two types of people in this world, those who:
1) Start their arrays with one;
1) Start their arrays with zero.
Proof by very large bribes. QED.
I'm the Information Security Analyst at DeKalb Medical Center. The article isn't exactly right, it mixes up two different stories that my boss told the reporter.
"Pink Slip" email: A few employees received an email from "John.E" (John.T@chenpr.com) saying that they had insider knowledge that the email recipient would be getting fired soon. The email went on to say that there were some "folks who helped" his brother, and gave a phone number in Alabama that has been disconnected. The domain name belongs to a company in Massachusetts, so this may be a Joe Job on them or someone just forging their address to make their services look legit. Others have received this Spam, too.
"Keylogger" email: This was just a regular SPAM email, but was forged to be from a legitimate email address in our company. It had a link to an executable on a website in China, but was disguised using html to make it look like the link went to our domain. There was no keylogger in the payload of this trojan, only a SPAM virus that we quickly detected and removed. This email got through because it was forged from a specific email address that we allow to come from the internet with a forged "From" address.
Hope that helps clear things up.
1. Right click on desktop
2. Left on properties
3. Left on Desktop tab
4. Left on Customize desktop
5. Left on the IE checkbox (here you
might call it done...)
6&7. Left on OK of both open windows.
How can one do it in 3 clicks?
There are one types of people in this world, those who: 1) Start their arrays with one; 1) Start their arrays with zero.
Slow Down, Cowboy! It's been 60 minutes since you last successfully posted a comment.
Seriously, how many people really get legitimate e-mail from the major spam havens like China, Korea and Brazil? Until these ISPs start filtering port 25 traffic from their broadband customers, I don't see much of a reason to accept any smtp traffic from their wholesale IP space.
...For browsing the internet with IE. An IT department that lets employee do that is inviting trouble, period.
I used to be all compassionate and sympathetic with victims, but now I am just tired of the overall cluelessness, carelessness and inertia in 90% of IT departments out there.
If fishermen were behaving like an IT department, they'll slather themselves with fish offals, then jump in shark-infested water.
--
Mad science! Robots! Underwear! Cute girls! Full comic online! http://www.girlgeniusonline.com/
I used to live there (still live in the county over). Based on my experiences with Atlanta, I wouldn't be the least bit surprised if this is somehow related to a larger problem.
I'm hoping that it's just coincidence it happened a week before election week.
Don't think that a small group of dedicated individuals can't change the world. It's the only thing that ever has.
I hate to sound cynical, but this story is not news. There is nothing new here. There have been thousands of different attacks like this, and there will be thousands more.
We (the slashdot community, the IT world, the rest of the world) have to make a choice here:
1. Easy, 1-click executability of untrustworthy active content in emails and the like is a serious bug which must be aggressively stamped out.
2. Having people get pwned like this is an unfortunate fact of life, like disease and bad weather. We may be able to ameliorate it somewhat, but it's not a problem we can ever meaningfully solve, so we should stop complaining, stop treating every new socially-engineered email virus vector as "interesting", and learn to live with it.
Now (being as how I've already admitted I'm in a cynical mood), I can say that I do realize full well that (1) will never happen, and that we've already gone wholeheartedly with option (2).
We've all had this discussion a thousand times before, so to save time, let's just skip it with some of the predictable, defensive responses. Don't say, "but there are good uses for easy, 1-click executability, it's a feature users need and want." All you're really saying is, let's go with option (2). Don't say, "Removing 1-click executability wouldn't help, because stupid users would just download and save the attachments and execute them manually." If you believe that disallowing clickability wouldn't help (wouldn't make the spread of email viruses a thousand times less rampant), all you're really saying is, let's go with option (2).
1.left click start
2.right click on internet explorer
3.left click on send to desktop
I know Sharon very well. The true story is a number of users received email about employment it had a link to a phishing site. There was no keylogger involved. I know the media doesn't want the facts to get in the way of a good story but sheesh
In my old company, it was one of the members of the (very snooty and self-righteous) IT staff that propogated the "I Love You" virus.
If you are not allowed to question your government then the government has answered your question.
Labour law is a funny thing. You need a job to live -- even the best welfare program is pretty lousy compared to the worst minimum wage job. You definitely need a job to thrive. Employment -- not just access to employment -- would seem to be a basic human right, at least unless technology obviates both labour AND scarcity, and we end up defaulting to some kind of socialism (robotic socialism, as its sometimes called). And yet the more you try to protect peoples' jobs, the more you restrict the ability of businesses to do their thing. You decrease their ability to cherry pick employees and maximize their efficiency. If you give business the freedom to fire incompetent employee WITHOUT the two verbal warnings, two written warnings, and a disciplinary meeting (that's the process here in British Columbia anyway), you're also giving them the freedom to fire employees for nonsense reasons like their religion or drinking a different brand of beer than the CEO.
GOOD businesses don't need any regulation of course -- my job sucks, but my manager is fantastic. Time off when you need it, encouragement for what you do right, helpful advice on how to improve, no flak about sick days, etc. I had no intention doing more than the bare minimum necessary to keep the job and pay for classes and coffee. Now I actually kind of care, and do my best to excel (to whatever extent it's possible to excel at working a cash register, anyway).
Conversely, a bad manager will find some dumb excuse to fire you no matter what. That's not to say you can't come out ahead in a labour hearing, but it's so difficult and such a hassle that it rarely occurs. I know so many people that have had to work 2 and 3 hour shifts (illegal in BC -- you HAVE to pay employees for at least four hours of work no matter how long they're actually there). Restaurants are particularly bad about this. It's just the opposite for people in unions of course, since they have the union reps to make sure that their rights are enforced, no matter how monstrously shitty the employee in question. Teachers who flirt with students and have to be "firewalled" because it's so difficult to fire them are practically a cliche. I dated a woman who did HR for a hospital -- her entire job was described as "interpreting the collective agreement". The hospital had a staff of twenty people who dealt entirely with handling union issues, completely aside from the effort of actually HIRING and FIRING people, running benefit programs, etc. Ironically, the HR staff were not themselves unionized, and earned less than half of what a newly-hired nurse would. It's a good thing that people who get into HR do it because they love the work.
I'd say that finding the balance between employer rights, employee rights, the right to work, how to deal with bad employees, how to deal with bad managers, etc, is definitely a work in progress. It's definitely one of the challenges involved in getting capitalism "right", that is, not something that makes life miserable for people. Employers deserve the freedom to run their businesses the way they like, but employees deserve to have confidence that they can get as much work as they need and to be treated reasonably. It makes it easy to see why some people like the idea of socialism so much -- when everyone receives the necessities of life automatically, it frees them up to treat labour as a true commodity, one that can be bought or sold freely at whatever prices the market will bear. As it is, we essentially HAVE to sell our labour, other than those few who get the opportunity to be entrepeneurs.
Is this infected PC the company's property or the employee's? If it belongs to the company, and they infected their own machines, who cares!?! Good for a grin, I say.
Goddamned kids! Get off my lawn!
Yeah, like I am so going to help the people who just fired me. Let 'em burn!
Goddamned kids! Get off my lawn!