(Topic ID: 145690)

Pinballlife.com


By maxwell

3 years ago



Topic Stats

  • 307 posts
  • 71 Pinsiders participating
  • Latest reply 3 years ago by Wolfmarsh
  • Topic is favorited by 8 Pinsiders

You

Topic Gallery

There have been 23 images uploaded to this topic. (View topic image gallery).

update.jpg
rick-james-cold-blooded-300x299.jpg
java_installed_on_my_desk.jpg
toooooonnnnnnnny.jpg
HTP.gif
7a7b83bb-999b-438a-8cdf-1e5f350b2c21.jpg
yahoo.jpg
Java.jpg
haxor.jpg
hacked2.png
science-dog1.jpg
image.jpg
image.png
expert.jpg
litter.jpg
Computer_Buttons.jpg

There are 307 posts in this topic. You are on page 1 of 7.
18
#1 3 years ago

I normally just read other people's post and don't start topics of my own but I thought this was worth putting out there since a quick search didn't pull anything up and I thought this may save some people a headache. I went to go on pinballlife.com and I didn't type enough L's in the web address and caught a fairly critical virus on my computer. I typed pinballife instead of pinballlife. The virus I caught was Rogue:JS/Fakecall.D. It's a virus that brings up a webpage that instructs you that you have a virus and the only way to get rid of it is to call the number on the screen where a person sits on the other end of the line and tries to convince you that you have to give them control of your computer in order to fix it and at that point they wreak havoc in your computer stealing information if you fall for it. The page that comes up looks like its from Microsoft but it's not. It got passed Microsoft Security Essentials so I got another Malware program to get rid of it. Maybe if you have better Antivirus than Security Essential it would catch it. I got it all straight now but thought this post might prevent others from doing what I did by accident. If this is not in the right forum then mods feel free to move it.

Doug

#2 3 years ago

Thanks for the heads up - will double check my typing next time I visit.

#3 3 years ago

Thanks for the warning....

20
#4 3 years ago

Let me test it on my MAC...

#5 3 years ago

I just tried it and it did not install a virus - BUT I do not have Java installed.

NEVER install Java on your computer, and always disable it if you somehow have it.

Check here if you have Java, if you do, kill it.

https://www.java.com/en/download/installed.jsp

#6 3 years ago

Thanks vid...guess I don't know enough about computers because I do have Java and it's enabled because it always says that some websites need Java to be viewed correctly and it provides a better internet experience. Thanks, I'll disable it.

#7 3 years ago
Quoted from o-din:

Let me test it on my MAC...

Let me test it on my Linux...

-6
#8 3 years ago
Quoted from maxwell:

Thanks vid...guess I don't know enough about computers because I do have Java and it's enabled because it always says that some websites need Java to be viewed correctly and it provides a better internet experience. Thanks, I'll disable it.

As far as I can tell, Java is only used to install malware on computers .

#9 3 years ago

Thanks for that vid, I'm disabling it now.

18
#10 3 years ago
Quoted from vid1900:

As far as I can tell, Java is only used to install malware on computers .

This is ridiculous advise that no one should follow. Every single trading institution, bank, and most governmental municipalities use Java applets on their pages as do tons of cots software. What you need to be cognizant of is WHAT site you are on and whether or not the Java app is properly signed by which company and if the signing matches the company domain.

Sticking your head in the sand isn't a valid method of security. At all.

You might as well go remove:

Flash,
Adobe reader,
Shockwave,
Chrome plugin execution,
Firefox plugin execution,
Nss-api,
Npapi,
Etc. as they all have identical if not more attack vectors.

Java at least provides not one, not two, but 3 confirmation requests before running an application and denies by default if the app isn't at least running a valid SSL certificate.

If you don't know what you are running, Java or not isn't going to fix that.

#11 3 years ago
Quoted from Syco54645:

Let me test it on my Linux...

It was fine on my ZX81.

rd

10
#12 3 years ago
Quoted from Pinchroma:

This is ridiculous advise that no one should follow. Every single trading institution, bank, and most governmental municipalities use Java applets on their pages as do tons of cots software. What you need to be cognizant of is WHAT site you are on and whether or not the Java app is properly signed by which company and if the signing matches the company domain.
Sticking your head in the sand isn't a valid method of security. At all.
You might as well go remove:
Flash,
Adobe reader,
Shockwave,
Chrome plugin execution,
Firefox plugin execution,
Nss-api,
Npapi,
Etc. as they all have identical if not more attack vectors.
Java at least provides not one, not two, but 3 confirmation requests before running an application and denies by default if the app isn't at least running a valid SSL certificate.
If you don't know what you are running, Java or not isn't going to fix that.

Even your other favorite security risk, Adobe Flash, will soon be no longer.

People are generally not computer experts and will make mistakes like typing in the wrong url.

Normal people: Make sure you kill off Java- Virtual Virus Machine. (if some porno website says you need the Java plug-in, go to xhamster.com instead.....)

#13 3 years ago
Quoted from vid1900:

Even your other favorite security risk, Adobe Flash, will soon be no longer.
People are generally not computer experts and will make mistakes like typing in the wrong url.
Normal people: Make sure you kill off Java- Virtual Virus Machine. (if some porno website says you need the Java plug-in, go to xhamster.com instead.....)

Completely incorrect. Please don't speak authoritatively. "Normal" people can read. You aren't giving people enough credit. Java isn't the largest purveyor of viruses. Far far far from it.

Also since Windows 7 and the proper implementation of UAC (which I'm sure you disabled too) aside from the massive amounts of warnings and big red X's you get from an unsigned app and the fact it won't even execute on an improper url, UAC prevents browser based file execution unless you explicitly allow it with yet another massive prompt. So basically what you are telling people is don't cross the street at all in lieu of just watching for the "don't walk" sign.

Living in a bubble isn't a valid mechanism for security especially since the number of vectors for entry ahead of Java are in the hundreds. The amount of sites that use Java validly are in the hundreds of thousands whereas the number using it maliciously is probably 1% of that. Maybe you just browse some sketchy material?

If you are apt to take Vids advice I recommend you go back to using a piece of slate, hammer, and chisel because that's the only way you will be able to communicate without fear .

11
#14 3 years ago
Quoted from vid1900:

I just tried it and it did not install a virus - BUT I do not have Java installed.

NEVER install Java on your computer, and always disable it if you somehow have it.

Here's a simple solution that I use:

I have Firefox installed with "NoScript" plug-in. It only runs javascript on sites that I OK.

So, Pinside is OK'd, but google-analytics.com is NOT (which pinside uses).

That also means if I go to a new website, the javascript is off by default, until I OK it.

#15 3 years ago
Quoted from Pinchroma:

This is ridiculous advise that no one should follow. Every single trading institution, bank, and most governmental municipalities use Java applets on their pages as do tons of cots software. What you need to be cognizant of is WHAT site you are on and whether or not the Java app is properly signed by which company and if the signing matches the company domain.
Sticking your head in the sand isn't a valid method of security. At all.
You might as well go remove:
Flash,
Adobe reader,
Shockwave,
Chrome plugin execution,
Firefox plugin execution,
Nss-api,
Npapi,
Etc. as they all have identical if not more attack vectors.
Java at least provides not one, not two, but 3 confirmation requests before running an application and denies by default if the app isn't at least running a valid SSL certificate.
If you don't know what you are running, Java or not isn't going to fix that.

Having java (and other plug-ins with known vulnerabilities) installed and active is like leaving your front door to your house unlocked. Sure, in some suburban areas or cow towns you can do that, but in some place like the middle of detroit, it's probably quite unsafe.

Better to lock down the hatches and not have to worry about anything getting inside in the first place.

I havent really seen any financial institutors use java/flash/Shockwave plug-ins in at least a decade.

(Also, note there is a huge difference between Java and javascript. Ham is to hamster as java is to javascript)

#17 3 years ago

wow...all of this is over my head. I'm just an average internet user, not a computer geek. I'm married and don't use our computer for porn. We do online banking so I wouldn't want to risk getting a virus and information getting out so I don't visit seedy or untrustworthy websites. I made the mistake in typing pinballlife and had this happen. I don't know anything about java/flash/shockwave or any of those plug-ins and whether they should be enabled. I thought they were good but I don't know.

#18 3 years ago

This is interesting as I played around with that site and it appears to mimmic pinball life very well!

I even went to order something. I went to log in, obviously using fake username and password, fully expecting it to say "you logged in!" and snarf up my username/password for some additional attack... but it said the pair was incorrect.

Then again, it may have snarfed up my fake username/password and just said it was wrong. I hope it did as my username was a nasty message to them.

#19 3 years ago

Just to throw it out there, Malwarebytes is a good program to run if you think you may have any nasty bugs! Even if you don't think you do run it you might be shocked what it finds! Oh and it's free.

12
#20 3 years ago

I went to it and it redirected me to a DirecTV site. The rates look favorable! I'm all in!!

#21 3 years ago
Quoted from vid1900:

I just tried it and it did not install a virus - BUT I do not have Java installed.
NEVER install Java on your computer, and always disable it if you somehow have it.
Check here if you have Java, if you do, kill it.
https://www.java.com/en/download/installed.jsp

Quoted from altan:

This is interesting as I played around with that site and it appears to mimmic pinball life very well!
I even went to order something. I went to log in, obviously using fake username and password, fully expecting it to say "you logged in!" and snarf up my username/password for some additional attack... but it said the pair was incorrect.
Then again, it may have snarfed up my fake username/password and just said it was wrong. I hope it did as my username was a nasty message to them.

Quoted from Erik:

I went to it and it redirected me to a DirecTV site. The rates look favorable! I'm all in!!

Does anybody find this amazing....one person goes on it and it does nothing, another goes on it and it mimics pinball life, another goes on it and gets redirected to a directTV site, I go on it and get a virus. Is that weired?

#22 3 years ago

I don't even remember the last time I entered a url directly into the address bar, I just type the site name into my google toolbar search box and then click on it. After the first time, I can then enter just the first few letters into the address bar and press return.

#23 3 years ago

I went to the misspelled address from a safe machine and it's definitely malware clickbait. It's got a loop that throws up alert pop-ups over and over, plays warnings, tells you to call a number, etc....

It's actually almost an impossible page to close without killing the browser process.

The abuse email for the host can be reached at: abuse@ovh.net

I'd recommend dropping them an email letting them know the site is being used to propagate malware. I emailed, but the more that do will help.

An example email would be:

Hello, I am writing to let you know that one of the domains you are hosting, pinballife.com, is attempting to infect visitors with malware and viruses. Could you please investigate and shut it down if you find it in violation of your TOS? Thanks!

#24 3 years ago
Quoted from Erik:

I went to it and it redirected me to a DirecTV site. The rates look favorable! I'm all in!!

What was the contract length?

#25 3 years ago

Your exactly right Wolf, I had to completely shut down my computer because I couldn't close the windows like you said. But after I restarted the computer and ran a scan is when I found the virus installed on the computer. So even though you got the browser to close if you haven't run a scan and removed the virus I would bet it's still on the computer you used to access it.

#26 3 years ago
Quoted from maxwell:

Your exactly right Wolf, I had to completely shut down my computer because I couldn't close the windows like you said. But after I restarted the computer and ran a scan is when I found the virus installed on the computer. So even though you got the browser to close if you haven't run a scan and removed the virus I would bet it's still on the computer you used to access it.

The computer has already been destroyed. It was a virtual machine running in Azure.

#27 3 years ago
Quoted from Wolfmarsh:

The computer has already been destroyed. It was a virtual machine running in Azure.

oh...ok. glad someone else got to see what happened to me. Hopefully it'll keep someone else from making the mistake I made.

#28 3 years ago
Quoted from centerflank:

What was the contract length?

That's what's amazing! Apparently it's as long as I want! Can't believe my luck

#29 3 years ago
Quoted from Erik:

That's what's amazing! Apparently it's as long as I want! Can't believe my luck

NFL full access included?

#30 3 years ago
Quoted from Pinchroma:

If you are apt to take Vids advice I recommend you go back to using a piece of slate, hammer, and chisel because that's the only way you will be able to communicate without fear .

Forget your fear, just uninstall Java.

I have not had Java installed in 2 years. Every normal website works fine.

The few sites I've seen that want the Java Plug-in installed, I skip.

When I went to the fake url for Pinballife.com, nothing happened. No redirecting, no malware installed, no fake pop-up telling me that Windows has detected a virus and do I want to clean it. Nothing.....and that's a good thing.

Even the Department of Homeland Security has told users to uninstall Java way back in 2013 - it is a needless security risk.

-

Flash is next. Kiss that sonobitch goodbye and good riddance !!!!!!!!!!!!!!!!!!!11

#31 3 years ago
Quoted from rotordave:

It was fine on my ZX81.
rd

Haha. Now you are being ridiculous. Linux is a great OS as long as you use a desktop environment.

#32 3 years ago

Funny, I just spent two hours the other day at my mothers house fixing her laptop.

Why? Because she got the infamous pop up "Your computer is infected, do not shut down or close this window or you will loose yours files!!!" And of course it had a number to call to remove that nasty virus,,,,,,,..

I found out two days later AFTER she had called the number AFTER she let them on her machine for a few hours to 'clean' her machine AFTER they con'd her into $199 for 1 year warranty on their work.

I had her contact her bank and cancel her credit card. Luckily they caught and stopped the charge from 'James' out of some company in India.

Reason she caught the virus written but the folks who clean viruses,,, my sister updated her to Win 10 and never reinstalled Norton. /facepalm

FWIW, I've always had Java installed (need it for some work I do), never been burnt, never had to reformat a hardrive... Just just gots to not be stupid.

Gee how convenient for this virus warning to pop up AND include a place to call to fix it!!!

#33 3 years ago

I just get a VIRUS FOUND bullshit page with a SCAN NOW button on the bottom. Like I'm going to click it. What am I? Some sort of dumbass? Now if it had been labelled "Do not click" then I probably would have.

#34 3 years ago
Quoted from Patofnaud:

Gee how convenient for this virus warning to pop up AND include a place to call to fix it!!!

That's the social engineering aspect to many of the scams.

You are in a hurry to finish that spreadsheet, presentation or paper. Your computer puts a big stress upon you, suddenly being locked up. Then almost by magic, the solution pops up, right in front of your eyes.

-

Same as when people get the phone call that they skipped jury duty and now the county is issuing a warrant for their arrest.

Scammer: This is Sheriff Kickass with the Dale County sheriff department, is this Joe Average?
Joe: Yes. What can I help you with?
Scammer: It is my duty to inform you that a bench warrant has been issued for your arrest for not reporting to jury duty.
J: But....I...never got any notice!!!!
S: Sorry, you chose to ignore two notices, now you get to appear before the judge, but on the other side of the table. Maximum penalty is 15 days in jail and or $1500 fine.
J: What???? I never got a single notice. I was out of town for a few weeks and my neighbor was collecting my mail. Maybe she lost it or something, she's 90 years old !!!! Maybe my wife thought it was junk mail.....!!!!
S: Sorry, you should not have ignored the law.
J: I ALWAYS go to jury duty when chosen. There must be some crazy mistake!
S: Well, you have attended jury duty in the past?
J: Yes, absolutely.
S: Hmmm...let me see if I can manually update your jury status....OK.....Yep....here it is....Let me verify your information....date of birth?
J: 1/15/1960
S: Current address?
J: 666 Mockingbird Lane
S: Social Security number?
J: 492-11-1113
S: Finally for security verification, your mother's maiden name?
J: Smith.
S: OK, Joe, I've changed your Jury status to active again. You should expect a new notice of duty in the next few weeks. I suggest you take it seriously this time.
J: Yes, sir. I'll report the moment I get it. Thank You so much!!!!!!!!

^ true story how a guy at work got his identity stolen. He got stressed out, then was flustered enough to give out all his personal information without resistance.

19
#35 3 years ago

I couldn't get it to work on my Apple but I did find that hamster porn site.

#36 3 years ago

Global warming my arse, they need to find these folks and shave their nuts and shellac them, then cover them in honey and tied them squat over a fire ant hill. But thats just me...

#37 3 years ago
Quoted from vid1900:

As far as I can tell, Java is only used to install malware on computers .

This is one of the most ridiculous/uneducated/incorrect statements I've ever heard. Java is a platform that runs apps from the Java programming language and they're not all malware. Generally, you're a good source of knowledge. But I guess computer software and operations isn't one of your known topics.

To the OP: I have typed that in many times by accident and have never caught a virus from that page. I have Java installed and use chrome as a browser not internet explorer / edge.

12
#38 3 years ago
Quoted from markmon:

This is one of the most ridiculous/uneducated/incorrect statements I've ever heard. Java is a platform that runs apps from the Java programming language and they're not all malware.

Obviously I was being sarcastically outrageous.

But almost all web based malware is installed through Java.

Java is crap, just uninstall it.

Chrome got rid of it 6 months ago, did anybody miss it?

#39 3 years ago
Quoted from markmon:

This is one of the most ridiculous/uneducated/incorrect statements I've ever heard. Java is a platform that runs apps from the Java programming language and they're not all malware. Generally, you're a good source of knowledge. But I guess computer software and operations isn't one of your known topics.

Will all of the exploits for java he isnt far off. Perhaps he was being a bit facetious. Not sure if I have it installed on the old *nix. Not really a use for it in the browser any more, those days are long past us.

#40 3 years ago
Quoted from vid1900:

^ true story how a guy at work got his identity stolen. He got stressed out, then was flustered enough to give out all his personal information without resistance.

Sorry you work with stupid people.

13
#41 3 years ago
Quoted from vid1900:

As far as I can tell, Java is only used to install malware on computers .

Quoted from Pinchroma:

This is ridiculous advise that no one should follow.

I'm not sure which of these is funnier--the original joke, or the fact the the joke got completely missed.

Quoted from Pinchroma:

Every single trading institution, bank, and most governmental municipalities use Java applets on their pages as do tons of cots software.

Every one, huh?

Quoted from Pinchroma:

Please don't speak authoritatively.

But you feel free to go ahead and do so.

Quoted from Pinchroma:

You might as well go remove:
Flash,
Adobe reader,
Shockwave,
Chrome plugin execution,
Firefox plugin execution,
Nss-api,
Npapi,

Alas, finally some good advice.

#42 3 years ago
Quoted from Fifty:

I just get a VIRUS FOUND bullshit page with a SCAN NOW button on the bottom. Like I'm going to click it. What am I? Some sort of dumbass? Now if it had been labelled "Do not click" then I probably would have.

Yup I got one of those a couple of weeks age, just laughed and dumped it.

#43 3 years ago
Quoted from SirScott:

I'm not sure if the which of these is funnier--the original joke, or the fact the the joke got completely missed.

Every one, huh?

But you feel free to go ahead and do so.

Alas, finally some good advise.

Next, in his infinite knowledge will say leg levelers cant be painted and will ruin your carpet.

https://pinside.com/pinball/forum/topic/will-painted-levelers-permanently-stain-your-carpet-lets-find-out-together

#44 3 years ago
Quoted from spidey:

Sorry you work with stupid people.

Yeah, when he told me about his "Close call with being arrested for skipping Jury Duty" I was like WTF, let's call the Sheriff's office and see why a sheriff's time is being used for a job that could be done by a $7 a hour temp worker.

Needless to say, no one at the Sheriff office knew anything about it.

About a month latter it was on TV about how many people had been taken by the scam.

#45 3 years ago
Quoted from o-din:

I couldn't get it to work on my Apple but I did find that hamster porn site.
hamstersinheat.jpg1

Well, "O-din, Pinside member" (if that is your REAL name), experts claim hamster porn is the #1 malware vector today.

#46 3 years ago

Jury Duty is a scam to begin with. You've got judges and lawyers making 6 figures, you've got someone being sued for millions of dollars, and they want to pay you what, $15 a day? I'm calling BS on that!

#47 3 years ago
Quoted from centerflank:

Next, in his infinite knowledge will say leg levelers cant be painted and will ruin your carpet.

Yeah, that was another classic.

The master had spoken.

#48 3 years ago
Quoted from Pinchroma:

You might as well go remove:
Flash,
Adobe reader,
Shockwave,
Chrome plugin execution,
Firefox plugin execution,
Nss-api,
Npapi,
Etc. as they all have identical if not more attack vectors.

Thanks for the advice. I will get busy removing all those virus enablers, along with Java of course.

#49 3 years ago

Oh wait, is it that time again?

torches-and-pitchforks.jpg

#50 3 years ago
Quoted from maxwell:

I'm married and don't use our computer for porn.

Which computer do you use then?

Promoted items from the Pinside Marketplace
$ 38.00
Playfield - Other
ModFather Pinball Mods
$ 154.00
Cabinet - Toppers
Id Rather Play Pinball
$ 48.00
Cabinet - Other
ModFather Pinball Mods
$ 229.99
Lighting - Other
Lighted Pinball Mods
$ 30.00
$ 229.00
Cabinet - Toppers
Tilttopper
$ 60.00
Playfield - Toys/Add-ons
Whitewater pinball mods
€ 159.00
Cabinet - Toppers
FlipperLED
$ 12.00
$ 89.95
Cabinet - Shooter Rods
Super Skill Shot Shop
$ 55.00
Gameroom - Decorations
Pinball Photos
$ 159.99
Lighting - Other
Lighted Pinball Mods
$ 369.00
Cabinet - Decals
Mircoplayfields
$ 175.00
Lighting - Interactive
Professor Pinball
$ 29.99
Cabinet - Sound/Speakers
Lighted Pinball Mods
$ 38.00
Cabinet - Sound/Speakers
ModFather Pinball Mods
$ 59.99
Hardware
Chroma Pinball
$ 22.00
Cabinet - Sound/Speakers
ModFather Pinball Mods
$ 103.00
£ 99.00
Playfield - Toys/Add-ons
PinballToys
$ 5,799.00
Pinball Machine
Flip N Out Pinball
From: $ 42.00
Cabinet - Shooter Rods
ModFather Pinball Mods
$ 99.00
Lighting - Under Cabinet
Rock Custom Pinball
$ 33.50
There are 307 posts in this topic. You are on page 1 of 7.

Hey there! Got a moment?

Great to see you're enjoying Pinside! Did you know Pinside is able to run thanks to donations from our visitors? Please donate to Pinside, support the site and get anext to your username to show for it! Donate to Pinside