the aim of email spam and dodgy registrations is the same
play on somones interest (ipads for £50) or insecurity (enlargment or engorgement)
use the hard sell to get them to click a link, what they see is a sales and payment process spiced up with emotive content and proces to purchase
what happens is at each step of the way to the none existant purchase a jigsaw is put togther on the unspecting customers PC
just by visting the link they know
browser version, operating system version, service pack level, all addins for your browesr that are active, the IP address of at least your router, and possibly the version and update level of your virus scanner and firewall
this info may be sold on...i.e the next part of the process just says page not found as they are done with you, to hacker with better skills who can compromise this Pc
or if you look like a soft touch they will continue and slowly compromise your PC with each link you click
or they may just plant a cookie that lies dormant until you visit a legit website that they have better compromised and they go to town on you when months later you visit it.
but either way they keep going until they have either
planted a spamming process which sends their mails for them
planted a key logger to get all your acount details your intrenet banking pay pal etc or access to your shared folders
set you up as part of a virus network or denail of service attack to be activated at some time in the future.
all of tghis is adminstered on your PC from the comfort of their own cave
message board access is great for this
once they have a legit account its easy to run scripts to harvest all email addresses from the user list page
if they are clever they read up on the version of the messagebaord, work out the secuirty issues with it and plant hidden script in perhaps the signature of their posts to do all of the above.
none of these processes are particlularly visible to the unsupecting PC owner
some of the rubbish ones are obvious
there is a common one about at the mo.
you as a cencerned interbnet user look up virus software
you install a free scanner top of the list in google
this installation alters a few of the main windows system files, which beause they are windows system files never rise suspicion
from that point on when 10-15 minutes in to any internet session a box will pop up that looks like "my computer" and a fake virus scan runs finding 15,0000000 things wrong
click yes to fix
click no
click the cross on the box to close it
all take you to a website for a product that is a virus scanner but costs 35 bucks. if you install it it also takes over your PC further, and on top of that where have your card detils gone...!!!.....install it and every web page you go to ends up triggering pop ups and pop overs for stuff you do not want and you find that this software has mamnaged to open up both outgoing and incoming ports in your firewall software
legit scanners see this scanner as a virus or advertsing malware as they call it
if so-called legitimate organisiations do this (i.e regisstered as software vending companies)
you can just imagine what the criminals are up to...
spybot search and destroy is a tool everyone should have
but only download this version
http://www.safer-networking.org/en/download/
or the version from sourceforge...google search is filled with fakes
RUbotted works as well
http://free.antivirus.com/rubotted/
If a messagboard suddenly gets a lot of interest from the undesirbales
1) has a security issue with it been recently dicovered
2) has one of the members PCs been compromised which has flagged its existance up to a group who would normally not take notice
3) are the memebers of this board active on another that has been compromised because many sites log where you go next as you leave
Mmmm
Dave
