G.S. Hargrave A Victim Of Scam

On May 29th I made a post about the email scam from gshargrave.com. I sent an email to Mr. Hargrave regarding my findings and found his reply to be rather sincere. I want to offer him the courtesy of an explanation; following is his response:


I just saw your letter below for the first time. My gmail account is set to auto-forward mail to my POP3 service, and this one either didn't make the trip or was inadvertently discarded. I only found it after accidentally running across your Spam Me Not entry last night, which prompted me to go to my gmail account. Your Spam Me Not post came up as I was doing a Google search on my own name, out of simple curiousity concerning how easily it might locate my website.

What I read in your post came as a very unpleasant shock indeed. Believe me, I have nothing but contempt for spammers and the purveyors of malware, and couldn't quite believe what I was reading. I quickly noted, however, that the webhost you mentioned was in fact my own. I also noted that the link you posted was a variation on that which leads to my legitimate website, the obvious difference being the "versa1" prefix; the first part of the address to my legit website begins only with my name.

As created, my website consisted only of topical text, a few photographs, links for internal page navigation, and a couple of relevant external links. There was absolutely no other content of any kind--most certainly nothing malicious. I even posted my contact address as an image file, so as to provide nothing that would attract the attention of spidering spamming software.

Perhaps unwisely, I clicked on the "versa1" link you posted. That took me to what is essentially a clone of my own legitimate website--with the apparent addition of some sort of mechanism that downloads malware. I immediately knew something was up last night because I'm on a slow dial-up connection. While my pages were designed to download fairly quickly over such a connection, the "versa1" clone just kept on running, evidently having started an unauthorized download in the background. Worse still, I could not close or navigate away from the page in a normal fashion, and was unable to shut down Internet Explorer via the CTRL/ALT/DEL command. Each time I shut down the program a new instance of Explorer would open, with the download continuing. Finally I simply killed the power with the surge protector switch, and then booted back up, dumped my temporary internet cache, and ran a full system virus scan. That fortunately revealed no problems. I was probably only able to interrupt what was undoubtedly a malware installation by virtue of having a slow connection. On broadband all of that probably would have been completed before I could have reacted--or even suspected. I was nearly a victim of "my own" website!

First thing this morning, I checked my website folders on my internet host. Sure enough, password protection nothwithstanding, I'd been hacked. There was a "versa1" folder that I never created, containing duplicates of my legit site files, and--although I can't ID it--presumably something to facilitate the transmission of malware. I immediately contacted my webhost and got a prompt reply. He told me quite a few of their other customers had the same problem. This has been coming to light as people on their customers' own mailing lists have slowly figured out the likely source of their increased volumes of spam mail. Unfortunately, they couldn't detect which sites were infected until such reports came in.

I'm going to pull all of the "versa1" files from the server ASAP. Hopefully that will plug the breech. Then I'm going to migrate my legitimate site along with my webhost service to his own new service provider. The fact that he's moving his entire operation may suggest that he has his own clear suspicions about the initial source of the malware.

Though none of this has resulted from any deliberate action or particular carelessness on my own part, I do sincerely apologize for any trouble it has given you. It's a helluva thing on my own end: I'd set up that site with the intention of furthering my efforts as a writer. Instead, I picked up a d-mn parasite that can create serious problems for anyone clicking on the wrong link, with all of that being directly associated with my own good name. I actually own you a thanks, because had I not run across your Spam Me Not page I might not have become aware of the problem for a very long time. Who would have considered the existence of an infected clone of one's own website, that is unknowingly associated with your own good name on Google? I don't often review the content of each file on my host server. I generally only pay attention to what I'm working on, and I've only worked on things rarely.

I can't say that I blame you at all for concluding that I personally had something to do with all of this. In your situation, I would likely have concluded exactly the same thing.

Sincerely,
G.S.Hargrave