Thank you to forum member Diner - Pointing out a .png Spammer

[Mike PhillipsMike Phillips is verified member.]

Thank you to forum member Diner - Pointing out a .png Spammer


Last week we had a .png Spammer on the forum and one of our forum members, Diner noticed it and brought it to our attention.


Thank you Diner


For those of you that don't know what a .png Spammer is and does, here's some screen shots I took to show you what this is...

Here's a post by a forum member posting under the name of tedfy

Looks normal huh?

But behind the WYSIWYG interface, here's what their post looks like in code view.

Note the hidden image?

IMPORTANT: Do not go to the website you seen in the image code. It's likely a malware website.




I did a little research and couldn't find anything that shared how this type of hidden image can cause any type of issue for anyone reading a thread where a .png file is hidden. Just the same, when discovered we remove the hidden images and ban the Spammer.


So thank you Diner for your due diligence.

To all our forum members, anytime you see a "New" member posting gibberish comments that don't really seem to be conversational in the context of the thread topic or discussion. And the posts are a single one line reply. And if you click on their name and read their posting history and see that that's the norm for all their posts, then it's likely you have discovered a .png Spammer.

You can tell by using the QUOTE feature in vBulletin and then after quoting their post, look at the message in code view. If you find a .png Spammer, report them and in the message box make sure to note you think they are a .png Spammer.


Thank you!

 

[Hammer77]

Thanks for the tip Mike, and thank you Diner for help keeping this filth off this forum! I don't know what is lately, but seems every time I log in here there are a few names in yellow, for the spammers reading this GET A JOB. I belong to a lot of different forums for various hobbies, we get some trolls every now and then, but the SPAM here lately, I have never seen on forums. Well that's the way things are these days, thankfully we have smart members who see thru the BS, and great MODS who get rid of it. Keep up the good work!

 

[LSNAutoDetailingLSNAutoDetailing is verified member.]

Sounds like you are going to have to add Internet Security Specialist to your title Mike!
5 books, countless videos and years of being a world leading automotive surface prep specialist and trainer, now Internet Security Specialist.

Thanks Mike, I'll keep a heads up for posts like this as well.

 

[PaulMys]

Subscribed. This seems like a very interesting thread............... Lmao


That's cool info, and thanks to Diner.

 

[LEDetailing]

I think AG owes Diner a dinner

I'm still waiting for my passport and fake ID. BOGO sale please.

These cyber criminals are an odd bunch. I picture foreigners at Internet cafes, or abandoned warehouses. The domestic variety are probably 30 plus years old in their parent's basement, spamming, scamming, and playing World of Warcraft

 

[Paul A.]

Yes, additional thanks to Mike and Diner! I was not aware of this type of hidden motive and will be on the lookout myself.

God, i love this place.

 

[Setec Astronomy]

Yes, additional thanks to Mike and Diner! I was not aware of this type of hidden motive

But did we ever figure out what the motive is, for putting an invisible file in a post? I know this came up a couple of years ago, but I don't remember if it was ever agree what the purpose of doing this was.

The only thing I can think of is there are other forum software where perhaps the file would automatically extract, or perhaps would show up and someone might click on it.

 

[Mike@ShineStruck]

Since we're kind of on the subject..
Everyone should have a spyware remover
Spy bot search and destroy, adaware.etc

 

[expdetailing]

Subscribed! This thread is awesome and wax is great!

[IMG-hiddenhttp://Donate$toEXPDetailing.com-IMG.png]

 

[JeffM]

This might be similar to what they were doing

https://securelist.com/blog/virus-watch/74297/png-embedded-malicious-payload-hidden-in-a-png-file/

 

[Setec Astronomy]

This might be similar to what they were doing

https://securelist.com/blog/virus-watch/74297/png-embedded-malicious-payload-hidden-in-a-png-file/

Yeah, except that's completely different...that's an email with a .pdf attachment which has a link in it which when you click the link downloads malware that looks like a .png file. In our case, a link is invisibly added to a post...how is anybody going to click an invisible link? Methinks these spammers are pretty bad at what they do, or as I previously speculated, their scheme works for some other forum software but not for vBulletin..which again, makes them pretty bad at what they do if they don't know/realize that.