Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

EMail sent out a malware link to everyone on contact list


  • Please log in to reply
9 replies to this topic

#1 Kabo0m

Kabo0m

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:01 PM

Posted 16 January 2010 - 12:21 AM

An email address of mine sent out a malware link in an email to everyone on my contact list on January 5th 2010. This email address is NOT one that I use on any forums EVER as it was created and only used for job searches (yahoo account). Because of this I have my suspicion that the problem started with a computer training place I took classes at in the first 2 weeks of Jan 2009 which has my email (yahoo) on their contact list. I had gotten a similar email from them in December. I opened the email but I did NOT click the link in the email. I reported it as spam and moved on. I did however reply (it just occurred to me how stupid this was) as the sender is someone I know and I asked if they are aware they are sending out malware. It never occurred to me that their account might be hijacked. Not until yesterday when my account just sent out an email to everyone on my contact list (just like theirs had). The only way I found out that mine did this was because I have my other email (gmail that I use for forums) account on the contact list and it sent to that. The thing is, I opened it in that account (gmail) and saw it was spam from myself. I logged into my other account (the job search one - Yahoo) and changed the password in it. Is that enough?

What i want to know is, is that enough to stop the problem? Is there anything else I can do? How does this happen? Can just replying to someone on my contact list whose account might have been hijacked be enough for them to be able to hijack my account or did they just do what I have seen some spam emails do and appear to send from my email but really didn't?

Need advice as I don't understand all of this yet.

Here is the header of the email (yahoo):

[ No Subject ]
Friday, January 15, 2010 3:30 PM
From **My job search email** Fri Jan 15 20:30:09 2010
X-Apparently-To: **My Job Search Email** via 67.195.13.195; Fri, 15 Jan 2010 12:30:10 -0800
Return-Path: **Job Search Email**
X-YahooFilteredBulk: 67.195.13.203
X-YMailISG: 4xQFd.EWLDuL8.0McbXCWDWSVm8ClBcTera3cA.qJMsNa5TEwHh7tbcH8J1PmAPFVOcCQJqUBZOUpQ_yROQeFG8vmSXej2Q17MPfXPXxasCR2qig0qUkkf_AnEKyRjEn6DGyh1qWUFvbTEgad_Uh_HiSej5T6o8g9bQLiwBlm9EajfLDR4VanNvoWoVzS2RpNgtGDqCFFwxG5ahVftT2hSh7xDdq.NdS17BVyzZjDOjU3pHqUToJNozF_UV5CAgFNs5rQ.8gx14tPndM1PfMRjfNAo64H8v_ZW3HQz00w_dC2vmrsxNHEpqmpIcVQacaDqkVK6YnQyWYumUPRJT6JoalbQUvf.PRbUj1xBOzoL9NCckVVsL6yVE-
X-Originating-IP: [67.195.13.203]
Authentication-Results: mta1044.mail.sp2.yahoo.com from=yahoo.ca; domainkeys=pass (ok); from=yahoo.ca; dkim=pass (ok)
Received: from 127.0.0.1 (HELO web110612.mail.gq1.yahoo.com) (67.195.13.203) by mta1044.mail.sp2.yahoo.com with SMTP; Fri, 15 Jan 2010 12:30:10 -0800
Received: (qmail 91814 invoked by uid 60001); 15 Jan 2010 20:30:09 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.ca; s=s1024; t=1263587409; bh=a1zUdqTUiE5NxwEzAJptMcyS8/tkz9MCgNaZO4vERHk=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:To:MIME-Version:Content-Type; b=NzLk/9Ljyat9anfXW/eA4Ww+alqs1xMemeAzU1YA72s3o4nlYpeghheIsD9AaklFfkoSPuld+fXzpInP0Pr+Ak2v94t/Rm8jjqCtcWBUqzjXhkxjQlh9nyX58Toq9+CSk7FkOX+v8sG29IdqYV5eTpFSQUVdR1ZQJYle4lobmKs=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.ca; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:To:MIME-Version:Content-Type; b=Cf6kdkbtYfDzMXrnB6MExKbkQjgdNoEbLcAB0FtZ9MWcyvlLHf4LoT83ibOC5ckJd6YPXgiRk+qDdwaaAMp0mVGhfyNGTMGhwWjb3EHwqwsVWlf19kGylQQo/63Ts2erpf1L1FijDh/nnOj5L9sO3VhlmNHYrYD9+t4916ja7Yg=;
Message-ID: 108764.90679.qm@web110612.mail.gq1.yahoo.com
X-YMail-OSG: xJD.ZGsVM1lwyqcU0V8R22gxVlc2quDulqTs4BC8_2Jp7FeWCa6p_prVDfNAX_qXoXTzdZUQ0XMQokw8Lntml1oj8q53Wpxv7VsVx6NHiWs2AfKlTG.DzupaSsFG9Br9BIWWuJxNEc6Tt6WF9GAOFjwfYsEXNKRsP8CyKgy2m.vpB13udr9eXtY_FO3FoQDZ.zMGdLLPUVPagr06CeJE5QRnwD103SUPAO_dx1CXCrZI0BN_VTGgNQnMMY1X2EPzdzSQI_Wz6b__DmY26rMjMuP.MlPAhWW39pznzQGWBgU4OTRcPJsQGRnjrvfoNQE1hNHpTpzlovgT_TaSHqpS7dZWkSyFgTSbzpHNYSEtmhbIF.iQ6YstCGmhTvI5uoJ8_NrlO8ev5kBQEe.ayG4DyRMNXylORMRKrAFhMkrc25Mk
Received: from [187.13.93.69] by web110612.mail.gq1.yahoo.com via HTTP; Fri, 15 Jan 2010 12:30:09 PST
X-Mailer: YahooMailClassic/9.1.10 YahooMailWebService/0.8.100.260964
Date: Fri, 15 Jan 2010 12:30:09 -0800 (PST)
From: This sender is DomainKeys verified
**My Job Search Email**
To: **My whole contact list**
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Length: 322

Edited by garmanma, 16 January 2010 - 04:12 PM.

DESKTOP - Main Rig:   Passmark & Mobo  (Manual) &  my Speccy (Video card is Radeon 7770) & 4Gb DDR2 RAM
NETBOOK:   PC: Acer Aspire ONE (D250 10.1")    //   CPU: Intel® Atom CPU N270 @ 1.60GHz   RAM: 2.0 GB  DDR2
Video Card: Intel® GMA 950 (256Mb)     OS:   Windows 7 Starter 32-bit SP1


BC AdBot (Login to Remove)

 


#2 hillbillygreek

hillbillygreek

  • Members
  • 397 posts
  • OFFLINE
  •  
  • Location:SC
  • Local time:01:01 PM

Posted 16 January 2010 - 10:17 PM

Yahoo's help section has a lot of useful information you should look at.

Go here >> Yahoo! Mail Help Topics : Spam, Viruses, and Other Abuse

If this continues to be a problem, and you find that you can do without that specific Yahoo account, you should close it. You can always open another one if you need a separate account for job searches.

#3 Kabo0m

Kabo0m
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:01 PM

Posted 17 January 2010 - 12:03 AM

Yahoo's help section has a lot of useful information you should look at.

Go here >> Yahoo! Mail Help Topics : Spam, Viruses, and Other Abuse

If this continues to be a problem, and you find that you can do without that specific Yahoo account, you should close it. You can always open another one if you need a separate account for job searches.



Hmm.. okay I read all of the links in that topic but none of it was very helpful. Just basic stuff I already know already. :flowers: :thumbsup:

It is not so much about the yahoo email. I can login to every job search place I am associated with and update to a new email address. But I want to know more of if there is any risk I should know about and if everyone on my contact list that got the email is now in danger or not. As long as they didn't click on the link in the spam email they should be fine I figure. Should I worry? I scanned and it looks as if nothing is on it but I still wonder how someone could email my whole contact list from my own email account. The only thing I could figure was my password was too easy so I changed it.

I kinda want to know how this could have happened in the first place. I do not take part in forwards. I do not have that email on any forums at all but use a separate email for forums. I do not have a long contact list or accept emails from anyone I do not know there. The only thing I could think of was that one email I got from the person I do know (job search counselor and computer teacher). But I didn't click the link in that email neither. I just replied to the person asking why they sent me spam.

Could simply replying have put me at risk? Did they hack into my email? Did changing my password fix the problem and my contact list should be safe now?

Those answers are not on that link on the Yahoo help page..

Edited by kabo0m the spam, 17 January 2010 - 12:09 AM.

DESKTOP - Main Rig:   Passmark & Mobo  (Manual) &  my Speccy (Video card is Radeon 7770) & 4Gb DDR2 RAM
NETBOOK:   PC: Acer Aspire ONE (D250 10.1")    //   CPU: Intel® Atom CPU N270 @ 1.60GHz   RAM: 2.0 GB  DDR2
Video Card: Intel® GMA 950 (256Mb)     OS:   Windows 7 Starter 32-bit SP1


#4 hillbillygreek

hillbillygreek

  • Members
  • 397 posts
  • OFFLINE
  •  
  • Location:SC
  • Local time:01:01 PM

Posted 17 January 2010 - 07:38 PM

All of the steps you mention above could possibly have caused your account to be hacked. It could have been any one of those actions, or a combination of all of them. There is no real surefire way to tell when an account gets hacked because they happen at such random times and because of varying circumstances. Plus there is no set time-frame as to how or when people actually do realize there account has been hacked in the first place. There is, unfortunately, no set information that can be given.

Changing you password to something more complicated was a good move on your part. It would also be a good idea to change your passwords often.

How Often Should I Change My Password?

As to whether or not your contacts are safe, only time will tell. Keep watching your accounts closely to see what may or may not transpire.It might not hurt to send out an email to all of your contacts making them aware of what happened. There is no need to give out too much info about it. Just simply tell them your account was compromised and offer up an apology.

Email spam is an unfortunate by product of using email. It's happens more often, and to more people, than one would like to believe. You are not the first person that this has happened to and you probably are not going to be the last.

As to how it happened in the first place, there is an endless amount (more than I could possibly go into here) of detailed information about email spam on the internet that you should probably take some time to read through and educate yourself on the subject matter.

Here are several examples:

E-mail spam (From Wikipedia)

Spam (electronic) (included this to illustrate other forms of spam)

FTC - Spam -Homepage

Spam and How to Get Rid of It

Spam Prevention: Don't Let Spammers Find You!


If you are interested to learn about how to read email headers:

Tracking The Source of Email Spam

More Info on Reading Email Headers and Spam (includes several links that you can follow)

Edited by hillbillygreek, 17 January 2010 - 08:59 PM.


#5 Kabo0m

Kabo0m
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:01 PM

Posted 22 January 2010 - 03:14 PM

Since changing my password I haven't had an issue since. I was worried that I had a keylogger or something but was confused how since I am smart enough to never fall for phishing attempts and never click on links I don't know and always mouse over them and check into things I get in email on snopes and delete all forwards.. etc.

All I can figure is that when I got an email from a teacher whose account was obviously hacked, I did not realize it was hacked and replied (something I never do but I wasn't thinking that someone other than her would receive it). Since I didn't click on any links they couldn't do much else other than try many many passwords from a list (a friend of mine showed me a list of passwords tried and I saw mine was on there so I figured this out that it would be easy to hack and I had been meaning to change it like all other passwords I had but I forgot about this account's password oops).

Just goes to show you that making a secure password is very important. One thing that disappoints me about Yahoo's password system however is how limited it is. Max 8 characters and can only be letters and numbers..

DESKTOP - Main Rig:   Passmark & Mobo  (Manual) &  my Speccy (Video card is Radeon 7770) & 4Gb DDR2 RAM
NETBOOK:   PC: Acer Aspire ONE (D250 10.1")    //   CPU: Intel® Atom CPU N270 @ 1.60GHz   RAM: 2.0 GB  DDR2
Video Card: Intel® GMA 950 (256Mb)     OS:   Windows 7 Starter 32-bit SP1


#6 ThunderZ

ThunderZ

  • Deactivated
  • 4,454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:01 PM

Posted 22 January 2010 - 03:42 PM

8 characters minimum is widely accepted as secure. Using upper & lower case increases the strength. Never use a common name\spelling of a name, or a word that can be found in the dictionary.

Edited by ThunderZ, 22 January 2010 - 03:43 PM.


#7 hillbillygreek

hillbillygreek

  • Members
  • 397 posts
  • OFFLINE
  •  
  • Location:SC
  • Local time:01:01 PM

Posted 22 January 2010 - 11:57 PM

One thing that disappoints me about Yahoo's password system however is how limited it is. Max 8 characters and can only be letters and numbers..


It's a minimum of 6 and maximum of 32.

Use 6 to 32 characters, and don't use your name or Yahoo! ID. To make your password more secure:
- Use letters and numbers
- Use special characters (e.g., @)
- Mix lower and uppercase

You may want to read through either of these for future reference:

How To Create Strong Passwords That You Can Remember Easily

The Ultimate Guide for Creating Strong Passwords


Nonetheless, I'm glad there have not been any more issues. :thumbsup:

#8 Kabo0m

Kabo0m
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:01 PM

Posted 23 January 2010 - 11:29 AM

One thing that disappoints me about Yahoo's password system however is how limited it is. Max 8 characters and can only be letters and numbers..


It's a minimum of 6 and maximum of 32.

You may want to read through either of these for future reference:

How To Create Strong Passwords That You Can Remember Easily

The Ultimate Guide for Creating Strong Passwords


Nonetheless, I'm glad there have not been any more issues. :thumbsup:



Ah yes thank you. It was mindspring that disappointed me with the password strength. Sorry I was thinking about how Yahoo and the signature and forgot it was mindspring that had the password limit. Thx for correcting me. :flowers:

DESKTOP - Main Rig:   Passmark & Mobo  (Manual) &  my Speccy (Video card is Radeon 7770) & 4Gb DDR2 RAM
NETBOOK:   PC: Acer Aspire ONE (D250 10.1")    //   CPU: Intel® Atom CPU N270 @ 1.60GHz   RAM: 2.0 GB  DDR2
Video Card: Intel® GMA 950 (256Mb)     OS:   Windows 7 Starter 32-bit SP1


#9 Layback Bear

Layback Bear

  • Members
  • 1,880 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Ohio
  • Local time:01:01 PM

Posted 24 January 2010 - 10:00 AM

I have read all this and don't think I see the internet security you are using. Some thing like a key logger should not get in your computer with the proper protection. I would run security scans and see what comes up. If you change your pass word and a bad thing is in your system it will learn your new password. Does any one else have access to your computer?

#10 Kabo0m

Kabo0m
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:01 PM

Posted 24 January 2010 - 10:40 AM

I have read all this and don't think I see the internet security you are using. Some thing like a key logger should not get in your computer with the proper protection. I would run security scans and see what comes up. If you change your pass word and a bad thing is in your system it will learn your new password. Does any one else have access to your computer?



No I live alone and no one uses my computer. I won't even let my mom use it if she visits.

I have run various scans. Nothing comes up. My computer is clean.

No incidences have happened since that one time.

DESKTOP - Main Rig:   Passmark & Mobo  (Manual) &  my Speccy (Video card is Radeon 7770) & 4Gb DDR2 RAM
NETBOOK:   PC: Acer Aspire ONE (D250 10.1")    //   CPU: Intel® Atom CPU N270 @ 1.60GHz   RAM: 2.0 GB  DDR2
Video Card: Intel® GMA 950 (256Mb)     OS:   Windows 7 Starter 32-bit SP1





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users