Please Be Advised Not to Open the Email

[Chisoxfn]

That email contains two malicious links. The site was hacked for the 2nd time in 3 days. It looks like I've found the potential hole they were getting through, but I'm going to be keeping a close eye.

 

Everything will be revamped on the site security was ASAP. This is the first time the site has ever been hacked.

 

We apologize and if anyone sees anything strange coming up from Soxtalk in the next few days, please ignore it. We do not send out emails nor do we have any sort of spyware or downloads that are required to view pages on the site.

[Balta1701]

I blame the Cubs.

[Heads22]

I will say that we are not taking this lightly at all. Anyone found to be undermining the security of the site and most of all doing ANYTHING that will hurt our members will be dealt with.

 

There's no other goddamn reason for Gage and I to be on this late otherwise.

[Chisoxfn]

You all might as well know, but if you ever plan on hacking this site. We will not take it lightly. I may be a moron when it comes to computers and may not be the most technologicaly savy web developer out there.

 

But I have gotten enough evidence on this hacker and it will be reported to the authorities who will hopefully be in contact with him/her.

[Jordan4life_2007]

It was me. What you gonna do about it?

[Heads22]

You all might as well know, but if you ever plan on hacking this site.  We will not take it lightly.  I may be a moron when it comes to computers and may not be the most technologicaly savy web developer out there.

 

But I have gotten enough evidence on this hacker and it will be reported to the authorities who will hopefully be in contact with him/her.

 

I echo what Jason says and I'm sure guys like Kap who spend hours working on this site do too. We've invested too much time and money in this website, as well as all the people that visit, to allow this crap to happen.

[BFirebird]

Some people just have too much time on their hands to go and mess up what other people create....I don't get it.

[drowninginflame]

yea, that sucked, I opened that email thinking I had a pm or something

[Heads22]

It should probably appear to be from my MCHSI email. The Soxtalk email is now switched to Jasons, but anything from a*****@mchsi.com is using my email as the reply-to addy. But, rest assured, I didn't do this.

[Cali]

I did it cause I hate Jason and Orange County.....

 

You bastard. You got what was coming to you!

[RME JICO]

Also, if you use IE, you might want to scan your comps for the following files if you visited the site within the last 24 hours:

 

Normally in TEMP or Temporary Internet Files: xpladv553.wmf

Hidden file: C:\WINDOWS\system32\avload32.dll

Hidden file: C:\WINDOWS\system32\wnlogow.sys

 

Those were the files that my system intercepted and they are related to or directed to this website: http://traffdollars.biz/dl/adv553.php

 

WHOS IS info:

whois.melbourneit.com]

Domain Name:                                 TRAFFDOLLARS.BIZ

Domain ID:                                   D12368913-BIZ

Sponsoring Registrar:                        TLDS INC.

Sponsoring Registrar IANA ID:                320

Domain Status:                               clientTransferProhibited

Registrant ID:                               6510555-SRSPLUS

Registrant Name:                             Jason Coffman

Registrant Organization:                     Private person

Registrant Address1:                         908 Alder St

Registrant City:                             Philadelphia

Registrant State/Province:                   PA

Registrant Postal Code:                      19147

Registrant Country:                          United States

Registrant Country Code:                     US

Registrant Phone Number:                     +1.74952171179

Registrant Email:                            [email protected]

Name Server:                                 NS1.TRAFFDOLLARS.BIZ

Name Server:                                 NS2.TRAFFDOLLARS.BIZ

Created by Registrar:                        TLDS INC.

Last Updated by Registrar:                   TLDS INC.

Domain Registration Date:                    Tue Feb 07 18:01:52 GMT 2006

Domain Expiration Date:                      Tue Feb 06 23:59:59 GMT 2007

Domain Last Updated Date:                    Tue Feb 07 19:25:25 GMT 2006
 

Edited March 4, 2006 by RME JICO

[DBAHO]

Thanks for the info there RME JICO. Probably a good idea for everyone to do.

[RME JICO]

Thanks for the info there RME JICO. Probably a good idea for everyone to do.

 

No prob, it seems like this Jason Coffman guy of Philadelphia didn't like the Thome trade.

 

I hope the admins can gather enough information to pursue this guy.

[THEWOOD]

I really hope you guys pursue this asshole. You have no idea how pissed off I was thursday morning when I couldnt get my soxtalk fix before work.

[RME JICO]

Also,

I don't know if this has anything to do with the problem, but when you go to:

 

http://www.soxtalk.com/forums/

 

it asks you to save a file called forums. This was the same thing that happened when the forums were down. It might just be a bug, but normally if you go to the / of site, it defaults to the index.php, but it is not doing that here.

 

Just FYI.

[THEWOOD]

Also,

I don't know if this has anything to do with the problem, but when you go to:

 

http://www.soxtalk.com/forums/

 

it asks you to save a file called forums.  This was the same thing that happened when the forums were down.  It might just be a bug, but normally if you go to the / of site, it defaults to the index.php, but it is not doing that here.

 

Just FYI.

 

That was what I kept getting Thursday morning. It kept telling me to DL something...I was ummmm should I...I dont know?!?!? And then I tried to go straight to the forums and that didnt work either so I figured it was a glitch. I called a friend had them try to get in later in the morning and they said they got a page saying forbidden.

[kapkomet]

That was what I kept getting Thursday morning.  It kept telling me to DL something...I was ummmm should I...I dont know?!?!?  And then I tried to go straight to the forums and that didnt work either so I figured it was a glitch.  I called a friend had them try to get in later in the morning and they said they got a page saying forbidden.

That was unrelated... the Thursday morning incident wasn't us being hacked, it was the server. We then change the opening page to reflect the "forbidden" so not as many people would get that.

 

We'll get this (other issue) fixed this weekend.

[Middle Buffalo]

I got the email (2 actually). One said don't open this, open the previous one. So, I deleted the first and opened the one I was "supposed" to open, but I didn't click on the link. Can someone tell me if I need to be worried?

[iWiN4PreP]

Thanks for the info, and good luck to you guys.

[SSH2005]

I got the email. The subject of the email is "hello my dear friends ( From Soxtalk.com )." It has a link to some Spyware crap in it.

[Middle Buffalo]

I got the email.  The subject of the email is "hello my dear friends ( From Soxtalk.com )."  It has a link to some Spyware crap in it.

If you open it, but don't click on the link, are you at risk?

[iWiN4PreP]

I dont think I got hte email. but i may have deleted it already.

[Kalapse]

I didn't get an email.

[SSH2005]

I didn't get an email.

<{POST_SNAPBACK}>

Do you want me to forward it to you?

Edited March 4, 2006 by SSH2005

[Chisoxfn]

If you open it, but don't click on the link, are you at risk?

No