Categories
The Spyware Whodunnit
Okay, we have ourselves a situation here. Picture the scene - you're sitting there, quietly minding your own business, when something crazy falls into your lap. So crazy, that you need to ask the visitors to your site for their thoughts on...well, see for yourself (and click the images to enlarge, you mucky pups).
I have an email account. Nothing amazing there - but it's a SECRET account. Ooh! The excitement. Anyway, nobody knows about this account except people I know. I don't even check it that much - well, one day I do, and I see something odd (quick! Click the picture above!)
Yep, looks like I went and bought a picture of some hot chick from Getty Images. Except....I didn't. And this guy (we'll call him Mr Teh Dude) has his name, address and email in the missive to the left.
I took the liberty of drawing the woman in the photo, rather than just pasting in the original as I don't fancy some getty-themed legal mumbo jumbo plopping through the letterbox. The original is here - as you can see, I went all out to capture her innate beauty.
Anyway, I put it down to a misfired Email...happens to the best of us.
And off I went, back to not checking my mails for a while.
Then I logged in a few days ago, and saw this:
Okay, Usernames and Passwords?!
Weirdness city, here we come.
I open up the email, and find what looks like a bunch of seriously fake login details. One or two look genuine, but some are completely screwball. For example, there's one there that would be off a forum (Newsarama), yet the registered user simply does not exist there.
Another (the CNET) password is written like this: "******" which makes no sense whatsoever. Yes, I'll remember login details by writing my password as a bunch of stars. I'm not insane, no sir.
Yahoo Exodus ID? What the hecky-fump is that?
In some cases, another username is given as a password - whoops - and something smells incredibly funny about how they lead in with OOH! LOOK! CREDIT CARD LOGIN DETAILS!!!
Finally, the cryptic message at the bottom:
"Your robot holocaust simulator".
WTF, BBQ?
A pile of Googling later took me to this, but it's not particularly useful. Doh.
One more oddity - one of the domains mentioned in the email contains the word "Paperghost". Strange co-incidence? I'm not so sure. I go off and do some digging on this domain and (lo and behold) - can you guess who the owner is?
That's right, it's MR TEH DUDE!
At this point, I realise the sender's email address matches TEH DUDE's email address too - so now I have the rather odd scenario of:
Some guy, apparently letting me know he bought a picture of some woman from Getty (but choosing to send me nothing else), then a few days later, sending me his entire lifesworth of real / fake / don't know login information...which also happens to contain a Paperghost-themed domain.
Then to top it off, I was informed yesterday about this thing (warning - weirdo song and vaguely creepy pictures. Though I quite like the song). I don't think it's related to the above, but it's kind of funky anyway.
Is this the worst piece of attempted "go on, log in with my details so I can get you into trouble" scam you've ever seen? Is someone genuinely firing me misdirected emails (though I can't see how?) Have they possibly been hax0red and the crappiest password mailer of all time has kicked into wheezing, creaking life? Or is there another, more sensible explanation for this?
It's no secret that bad-guys will try and nobble security researchers. Sometimes those schemes are pretty good - other times, they suck like there's no tomorrow. This one gets +1000 points for creativeness, and a further +5 modifier for being so damn weird.
I'm currently attempting to contact as many of the above websites as possible (on the off chance this guy is being scammed in some way), but a shiny ROFLcopter to the person that works this one out before I do.
