So i was watching a MFC model, and she mentioned in public chat that someone send her a link in PM and said that they had recorded her.
She said that she opened the link and something started downloading, i quickly told her to STOP the download !
So i got her to message me the username and the link of the person who send her it.
The username was - amelyie
and the link was - www.tiny.cc / recordcams
** SHORT VERSION **
Turns out the link is to a website, that automatically downloads a file called video.rar which contains a file called video.msi, which is an installer for LogMeIn, LogMeIn is a program used for Remote administration. e.g. if you want to fix someones computer/laptop but they live miles away, you can use this tool to connect to their computer and then control their computer from yours. Typically the user must install it on their computer before you can do this, but there is installers which will silently install it in the background without the user having to go through the installation. Which is what happens in this case.
Whenever it is opened, it is secretly installed, and auto connects to the person who wants to control the model's pc.
** Time to investigate ** :evil:
the link is a shortened link, which they have used to hide the real link and to try and make things more convincing, e.g. they have chosen to make the shortened link recordcams
to try and make the model curious as to whether they really have been recorded or not.
Using a website called http://www.getlinkinfo.com, we can enter the link and find out that the original link is http://www. radyonisan .com/video.rar
It seems to be some random indian website, looks like someone made it themselves, very amateur looking. ( Don't go to it )
So anyway if you opened the tiny.cc link, the sceenshot below is what you will see, a blank page and the video.rar file will automatically start downloading, this is what is known as a drive-by download.
You are not asked if you want to down the file or anything, no popups or messages are shown either.
So this file is a rar file, definitely not a video file :naughty: most people will now just delete the file, but for those still curious, they will extract the contents of the rar file, and if we do, we can see we get a file called video.msi This is not a video file either but as you can see from the explorer window, it is an installer for something !! :snooty:
If we open the video.msi file, we get a weird message, and at the top we see LogMeIn, BINGO !!!
And using a program for looking at running program, i can see that the program opened is called msiexec.exe ( often installers are called this)
LogMeIn is a program used for Remote administration. e.g. if you want to fix someones computer/laptop but they live miles away, you can use this tool to connect to their computer and then control their computer from yours.
So we close the popup message or hit ok like a normal user would do, and everything seems normal, There is nothing oncreen, nothing in the windows list, or in the tray down to the right of the desktop. So are we OK ?
Eventually after a couple of minutes, we are asked to run the video.msi again but this time with administrator rights, ( this allows the installer to install stuff and do more things to the computer)
So we accept and still nothing is shown onscreen
** Users who aren't tech savvy or nerdy lol , will probably just assume everything is OK and just go about using their computer like they usually would.
If i look at the connections to and from the computer, i can see a process called LogMeIn and it is connected !!!
My test computer is Test-PC and it is connected to a LogMeIn server. Meaning i am now connected to the LogMeIn service, allowing the person who created the video.msi the ability to connect to my computer if they want to !!.
I only stayed connected for a couple minutes, before resetting everything before i ran the video.msi file.
But i am guessing that whoever is on the other site of the connection could now control my pc if they wanted to.
Also they could now send files to my computer without me knowing of course,
these files could be viruses, keyloggers for logging what i type, password stealers for stealing passwords stored in Browsers and they can also send files from my pc to theirs.
** Most models & users will be aware not to open links that look suspicious, but there are those who won't be, and when someone posts a link like this, it can be very easy to fall for it out of curiosity.
So please be careful ladies and make other models aware of this
She said that she opened the link and something started downloading, i quickly told her to STOP the download !
So i got her to message me the username and the link of the person who send her it.
The username was - amelyie
and the link was - www.tiny.cc / recordcams
** SHORT VERSION **
Turns out the link is to a website, that automatically downloads a file called video.rar which contains a file called video.msi, which is an installer for LogMeIn, LogMeIn is a program used for Remote administration. e.g. if you want to fix someones computer/laptop but they live miles away, you can use this tool to connect to their computer and then control their computer from yours. Typically the user must install it on their computer before you can do this, but there is installers which will silently install it in the background without the user having to go through the installation. Which is what happens in this case.
Whenever it is opened, it is secretly installed, and auto connects to the person who wants to control the model's pc.
** Time to investigate ** :evil:
the link is a shortened link, which they have used to hide the real link and to try and make things more convincing, e.g. they have chosen to make the shortened link recordcams
to try and make the model curious as to whether they really have been recorded or not.
Using a website called http://www.getlinkinfo.com, we can enter the link and find out that the original link is http://www. radyonisan .com/video.rar
It seems to be some random indian website, looks like someone made it themselves, very amateur looking. ( Don't go to it )
So anyway if you opened the tiny.cc link, the sceenshot below is what you will see, a blank page and the video.rar file will automatically start downloading, this is what is known as a drive-by download.
You are not asked if you want to down the file or anything, no popups or messages are shown either.
So this file is a rar file, definitely not a video file :naughty: most people will now just delete the file, but for those still curious, they will extract the contents of the rar file, and if we do, we can see we get a file called video.msi This is not a video file either but as you can see from the explorer window, it is an installer for something !! :snooty:
If we open the video.msi file, we get a weird message, and at the top we see LogMeIn, BINGO !!!
And using a program for looking at running program, i can see that the program opened is called msiexec.exe ( often installers are called this)
LogMeIn is a program used for Remote administration. e.g. if you want to fix someones computer/laptop but they live miles away, you can use this tool to connect to their computer and then control their computer from yours.
So we close the popup message or hit ok like a normal user would do, and everything seems normal, There is nothing oncreen, nothing in the windows list, or in the tray down to the right of the desktop. So are we OK ?
Eventually after a couple of minutes, we are asked to run the video.msi again but this time with administrator rights, ( this allows the installer to install stuff and do more things to the computer)
So we accept and still nothing is shown onscreen
** Users who aren't tech savvy or nerdy lol , will probably just assume everything is OK and just go about using their computer like they usually would.
If i look at the connections to and from the computer, i can see a process called LogMeIn and it is connected !!!
My test computer is Test-PC and it is connected to a LogMeIn server. Meaning i am now connected to the LogMeIn service, allowing the person who created the video.msi the ability to connect to my computer if they want to !!.
I only stayed connected for a couple minutes, before resetting everything before i ran the video.msi file.
But i am guessing that whoever is on the other site of the connection could now control my pc if they wanted to.
Also they could now send files to my computer without me knowing of course,
these files could be viruses, keyloggers for logging what i type, password stealers for stealing passwords stored in Browsers and they can also send files from my pc to theirs.
** Most models & users will be aware not to open links that look suspicious, but there are those who won't be, and when someone posts a link like this, it can be very easy to fall for it out of curiosity.
So please be careful ladies and make other models aware of this
