ایمیلی با عنوان و متن زیر دریافت کردهام که از طرف ایمیل خود من به خودم ارسال شده است.
- چگونه چنین چیزی ممکن است؟
- آیا رایانه من هک شده است؟ آیا ایمیل من هک شده است؟
- آیا سیستم من به تروجان آلوده شده است؟
- چه کاری باید انجام دهم؟
نمونه یک Subject: <firstname.lastname@example.org> is hacked From: <email@example.com> To: <firstname.lastname@example.org> Hello! My nickname in darknet is taddeo38. I hacked this mailbox more than six months ago, through it I infected your operating system with a virus (trojan) created by me and have been monitoring you for a long time. If you don't belive me please check 'from address' in your header, you will see that I sent you an email from your mailbox. Even if you changed the password after that - it does not matter, my virus intercepted all the caching data on your computer and automatically saved access for me. I have access to all your accounts, social networks, email, browsing history. Accordingly, I have the data of all your contacts, files from your computer, photos and videos. I was most struck by the intimate content sites that you occasionally visit. You have a very wild imagination, I tell you! During your pastime and entertainment there, I took screenshot through the camera of your device, synchronizing with what you are watching. Oh my god! You are so funny and excited! I think that you do not want all your contacts to get these files, right? If you are of the same opinion, then I think that $522 is quite a fair price to destroy the dirt I created. Send the above amount on my BTC wallet (bitcoin): 19D67Tgb3neJiTHd8pZDEBYmUn2qSjxEeB As soon as the above amount is received, I guarantee that the data will be deleted, I do not need it. Otherwise, these files and history of visiting sites will get all your contacts from your device. Also, I'll send to everyone your contact access to your email and access logs, I have carefully saved it! Since reading this letter you have 50 hours! After your reading this message, I'll receive an automatic notification that you have seen the letter. I hope I taught you a good lesson. Do not be so nonchalant, please visit only to proven resources, and don't enter your passwords anywhere! Good luck! نمونه دو Subject: Change your password immediately. Your account has been hacked. From: <email@example.com> To: <firstname.lastname@example.org> I greet you! I have bad news for you. 11/08/2018 - on this day I hacked your operating system and got full access to your account email@example.com It is useless to change the password, my malware intercepts it every time. How it was: In the software of the router to which you were connected that day, there was a vulnerability. I first hacked this router and placed my malicious code on it. When you entered in the Internet, my trojan was installed on the operating system of your device. After that, I made a full dump of your disk (I have all your address book, history of viewing sites, all files, phone numbers and addresses of all your contacts). A month ago, I wanted to lock your device and ask for a small amount of money to unlock. But I looked at the sites that you regularly visit, and came to the big delight of your favorite resources. I'm talking about sites for adults. I want to say - you are a big pervert. You have unbridled fantasy! After that, an idea came to my mind. I made a screenshot of the intimate website where you have fun (you know what it is about, right?). After that, I took off your joys (using the camera of your device). It turned out beautifully, do not hesitate. I am strongly belive that you would not like to show these pictures to your relatives, friends or colleagues. I think $813 is a very small amount for my silence. Besides, I spent a lot of time on you! I accept money only in Bitcoins. My BTC wallet: 17vzpL7n29egdeJF1hvUE4tKV81MqsW4wF You do not know how to replenish a Bitcoin wallet? In any search engine write "how to send money to btc wallet". It's easier than send money to a credit card! For payment you have a little more than two days (exactly 50 hours). Do not worry, the timer will start at the moment when you open this letter. Yes, yes .. it has already started! After payment, my virus and dirty photos with you self-destruct automatically. Narrative, if I do not receive the specified amount from you, then your device will be blocked, and all your contacts will receive a photos with your "joys". I want you to be prudent. - Do not try to find and destroy my virus! (All your data is already uploaded to a remote server) - Do not try to contact me (this is not feasible, I sent you an email from your account) - Various security services will not help you; formatting a disk or destroying a device will not help either, since your data is already on a remote server. P.S. I guarantee you that I will not disturb you again after payment, as you are not my single victim. This is a hacker code of honor. From now on, I advise you to use good antiviruses and update them regularly (several times a day)! Don't be mad at me, everyone has their own work. Farewell. نمونه سه Subject: emailaddress From: <firstname.lastname@example.org> To: <email@example.com> Hello, I am a spyware software developer. Your account has been hacked by me in the summer of 2018. I understand that it is hard to believe, but here is my evidence (I sent you this email from your account). The hacking was carried out using a hardware vulnerability through which you went online (Cisco router, vulnerability CVE-2018-0296). I went around the security system in the router, installed an exploit there. When you went online, my exploit downloaded my malicious code (rootkit) to your device. This is driver software, I constantly updated it, so your antivirus is silent all time. Since then I have been following you (I can connect to your device via the VNC protocol). That is, I can see absolutely everything that you do, view and download your files and any data to yourself. I also have access to the camera on your device, and I periodically take photos and videos with you. At the moment, I have harvested a solid dirt... on you... I saved all your email and chats from your messangers. I also saved the entire history of the sites you visit. I note that it is useless to change the passwords. My malware update passwords from your accounts every times. I know what you like hard funs (adult sites). Oh, yes .. I'm know your secret life, which you are hiding from everyone. Oh my God, what are your like... I saw THIS ... Oh, you dirty naughty person ... 🙂 I took photos and videos of your most passionate funs with adult content, and synchronized them in real time with the image of your camera. Believe it turned out very high quality! So, to the business! I'm sure you don't want to show these files and visiting history to all your contacts. Transfer $966 to my Bitcoin cryptocurrency wallet: 1KzMDhZLokkNd1kcxs2mgwXm97pVvnfRBC Just copy and paste the wallet number when transferring. If you do not know how to do this - ask Google. My system automatically recognizes the translation. As soon as the specified amount is received, all your data will be destroyed from my server, and the rootkit will be automatically removed from your system. Do not worry, I really will delete everything, since I am 'working' with many people who have fallen into your position. You will only have to inform your provider about the vulnerabilities in the router so that other hackers will not use it. Since opening this letter you have 48 hours. If funds not will be received, after the specified time has elapsed, the disk of your device will be formatted, and from my server will automatically send email and sms to all your contacts with compromising material. I advise you to remain prudent and not engage in nonsense (all files on my server). Good luck! نمونه چهار Subject: Account compromised - Password change required (firstname.lastname@example.org) From: <email@example.com> To: <firstname.lastname@example.org> Hey! I compromised your account and gained full access to it. As proof, I just sent this email from your account only (notice the from email address is email@example.com). Let me tell you exactly how did this happen. You visited a compromised adult website sometime back, and you got infected, and then I observed every action of yours. It gave me access to all of your contacts, browsing history, your passwords, your webcam, and even your microphone. I noticed you were trying to please yourself by watching one of those nasty videos, well my son, I recorded your actions (thanks to your webcam) and even recorded your screen (the video you were watching). Now, if you do nothing, then I will send this video to all of your email, social media and messenger contacts. You have the option to prevent me from doing all of this. All you need to do is to make the transfer of $969 to my bitcoin address. If you don't know how to make the transfer, search google for "buy bitcoin." It is quick and easy. Trust me. My bitcoin address to which you need to transfer is 1LupWwgsFXjfHVeeorePjrYQgMNuHzsKLs Once I receive the transfer (i.e payment), I will delete your video and everything I have about you, and you will never hear a word from me again. My malware will also self destruct itself once I get the payment. You have 48 hours to make the payment. As I mentioned earlier, I have full access to your system. Now I know that you have read the email, so your time starts now. If you are thinking about filing a complaint, save your efforts, since it will not result in anything. This email is untraceable, remember it been sent using your account only? Don't think about sharing this message either because in that case, I will send your video to all of your contacts. Bye! نمونه پنج Subject: firstname.lastname@example.org has been hacked, change your password ASAP From: <email@example.com> To: <firstname.lastname@example.org> Hello, As you may have noticed, I sent this email from your email account (if you didn't see, check the from email id). In other words, I have fullccess to your email account. I infected you with a malware a few months back when you visited an adult site, and since then, I have been observing your actions. The malware gave me full access and control over your system, meaning, I can see everything on your screen, turn on your camera or microphon and you won't even notice about it. I also have access to all your contacts. Why your antivirus did not detect malware? It's simple. My malware updates its signature every 10 minutes, and there is nothing your antivirus can do about it. I made a video showing both you (through your webcam) and the video you were watching (on the screen) while satisfying yourself. With one click, I can send this video to all your contacts (email, social network, and messengers you use). You can prevent me from doing this. To stop me, transfer $997 to my bitcoin address. If you do not know how to do this, Google - "Buy Bitcoin". My bitcoin address (BTC Wallet) is 1NU15tokRymh45uiMU2GfnSwZavXmEXvJJ After receiving the payment, I will delete the video, and you will never hear from me again. You have 48 hours to pay. Since I already have access to your system I now know that you have read this email, so your countdown has begun. Filing a complaint will not do any good because this email cannot be tracked. I have not made any mistakes. If I find that you have shared this message with someone else, I will immediately send the video to all of your contacts. Take care
اخیرا کاربران زیادی ایمیلی مشابه ایمیل بالا را دریافت کردهاند. این ایمیل معمولا در دامنههای سایتهای سازمانی/اداری و غیر شخصی دریافت میشود. دلیل دریافت این ایمیل اشکالی در تنظیمات ایمیلسرور شماست، ولی به معنی هک شدن آن نیست.
شاید باور این مساله سخت باشد، اما به همان سادگی که نویسنده ایمیل مجاز است هر عنوان و متنی را انتخاب و ارسال کند، در انتخاب آدرس فرستنده نیز کاملا مختار است. علت این است که طراحی پروتکلهای انتقال ایمیل به دهه ۱۹۸۰ میلادی و زمانی که کلاهبرداری و ارسال اسپم و … وجود نداشت برمیگردد و از پست کاغذی الهام گرفته شده است. به همین علت درست مانند یک نامه کاغذی که آدرس فرستنده در آن قابل چک کردن نیست، برخی موارد به ظاهر مهم و بدیهی در این پروتکلها وجود ندارد.
در سالهای اخیر تلاشهایی برای جلوگیری از کلاهبرداری و امنسازی پروتکل ایمیل انجام شده است که یکی از مهمترین آنها SPF یا Sender Policy Framework است. اگر ایمیل بالا را دریافت کردهاید به احتمال بالا مشکل میلسرور شما عدم استفاده و احراز هویت SPF است. نحوه تست و رفع این مشکل در ادامه شرح داده میشود.
نحوه تست و راهاندازی SPF برای دامنه
فلسفه SPF این است که صاحب نام دامنه، اعلام میکند که از نظر وی کدام آدرسهای IP اجازه ارسال ایمیل از طرف دامنه وی را دارند. به عنوان مثال اگر ایمیل شما email@example.com است، صاحب نام دامنه amnpardaz.com اجازه دارد سرورهای ارسال ایمیل خود را تعیین نماید.
چگونه وجود SPF را تست نمایم؟
فرض کنید که دامنه ایمیل شما amnpardaz.com است و میخواهید وضعیت SPF آن را چک کنید:
- خط فرمان ویندوز (cmd) را اجرا کنید.
nslookup -type=txt amnpardaz.comرا اجرا کنید.
- خروجی دستور چیزی مشابه زیر خواهد بود:
Non-authoritative answer: amnpardaz.com text = "v=spf1 mx -all"
- عبارتی که به صورت درشت نوشته شده مقدار SPF دامنه شماست. اگر عبارتی با عنوان
text=را در خروجی نمیبینید به این معنی است که دامنه شما فاقد تنظیمات SPF است.
غیر از وجود SPF صحیح بودن آن نیز مهم است. برای این منظور میتوانید از سرویسهای آنلاین چک SPF کمک بگیرید.
به علاوه دقت کنید که در انتهای SPF معمولا باید عبارت
-all قرار بگیرد تا موثر باشد. بدون وجود این عبارت، سایر آیپیها و سرورها همچنان اجازه ارسال ایمیل از طرف شما را خواهند داشت.
نحوه تنظیم SPF برای دامنه
جهت تنظیم SPF باید به پنل نام دامنه (DNS) خود مراجعه کنید. این پنل بسته به جایی که از آن نام دامنه را خریداری کردهاید متفاوت است و در صورت لزوم باید با سرویسدهنده خود تماس بگیرید. دقت کنید تنها کسی اجازه تنظیم SPF را دارد که صاحب نام دامنه است.
برای تنظیم SPF باید یک رکورد DNS از نوع TXT روی دامنه خود تنظیم نمایید. بدین منظور یکی از دو عبارت زیر در اکثر کاربردها کافیست:
v=spf1 mx -allیا
v=spf1 ip4:220.127.116.11 -all(که در آن 18.104.22.168 را با آیپی سرور خود جایگزین کردهاید)
- در موارد معدود، اگر از یک سرویسدهنده دیگر (مانند جیمیل یا …) جهت ارسال ایمیل استفاده میکنید ممکن است نیاز به تنظیمات پیشرفتهتر داشته باشید که باید در مستندات سرویسدهنده خود به دنبال آن باشید.
برای آشنایی با مفهوم عبارت داخل SPF و انجام تنظیمات صحیح مستندات مستندات SPF را بخوانید. اگر هر مشکلی در انجام این تنظیمات دارید از سرویسدهنده DNS خود یا متخصصین مربوطه کمک بگیرید.
مرحله آخر: تنظیم سرور ایمیل
تا اینجا شما موفق شدید که جلوی ارسال ایمیل جعلی از دامنه خودتان به دیگران را بگیرید. ولی آیا میلسرور خود شما SPF را رعایت میکند؟
در آخرین مرحله، سرور ایمیل شما باید تنظیم شود تا برای ایمیلهای وارده SPF را چک کرده و ایمیلهای جعلی را دور بیاندازد. این تنظیم برای هر نوع میلسرور متفاوت است و باید به مستندات میلسرور خود مراجعه کنید.