Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Yahoo Account Compromised, possible system compromised


  • Please log in to reply
5 replies to this topic

#1 Chuck_Tree

Chuck_Tree

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 19 September 2010 - 05:21 PM

Esteemed Forum Members,

This is my first posting here. I am a Java programmer/developer. And I look forward to participating. Although I generally find that I learn more from reading the posts of the knowledgeable folks here than with me talking.

My current question is to see if anyone knows any more about a computer affliction that has affected two friends in the past week. (They are in different groups, so these are separate "afflictions".)

The two are remarkably similar so I am hypothesizing that they are basically the same attack. I suspect that if I have bumped into two of these cases, you folks may have already been there and done that.

As I don't have access to either of their computers, and as they are rather naive MSWindows users, it might be difficult for me to run the various diagnosic tools on their systems.

Basically the symptom is that they received an email from a known source. (Yeah, I know...) And clicked on a link to one of the {canxhealth health24x medhealthx xmedx } dotcom websites. The result is that, at a minimum, their Yahoo email account was compromised and an email was sent out to all of their contacts. The sent email has no subject and contains only the link to the malware website.

Googling through the web, I see suggestions ranging from changing the email account password through reformatting the hard-drive and resetting external routers. I also see claims that none of the major anti-virus/firewall applications detect this malware, although all seem to detect the website as problematic.

Has anybody actually figured out what malware is doing this, and what else the attack is doing? Or any suggestions where I could check? My only other thought is that I might be able to set up a honeypot and pester people to assist me with traces. But I am guessing that folks here may already have some familiarity with this particular affliction.

Thoughts? Suggestions?

TIA!

Chuck

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,567 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:58 PM

Posted 19 September 2010 - 07:42 PM

Hello Chuck, First i will move you one forum down to Am I Hacked.
Please read the first pinned topic there, Who To Contact If Your Yahoo Webmail Account Is Hacked

Next follow tese instructions,also a pinned topic there How to receive help in the Am I Hacked? forum
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Chuck_Tree

Chuck_Tree
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 19 September 2010 - 08:40 PM

Thanks boopme!

My apologies for posting in the wrong forum.

I have forwarded the link of the pinned topic on Yahoo to the "afflicted" folks.

I will also forward the link about TCPView on to one of the afflicted folks as she will be working with a professional tomorrow.

Both sets of info are good to know.

If I get anything back from them, I'll let folks know. Unfortunately, I am not likely to be in physical proximity to either system this coming week.

Chuck

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,567 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:58 PM

Posted 19 September 2010 - 08:59 PM

No problem. We'll keep this open. :thumbsup:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Chuck_Tree

Chuck_Tree
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 24 September 2010 - 12:11 AM

A bit of an update...

Fwiw, I talked to one friend who got hacked. She basically turned it over to the professional, got reassurance, and didn't want to know more about the issue. (The "Don't Worry, Be Happy" solution.) Oh well...

Also, two mailing lists (a local FreeCycle and a Java User Group) to which I subscribe have also received these emails from subscribers.

Hopefully it's dying down, been shut down, or the pwners have all the 'bots they need.

Chuck

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,567 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:58 PM

Posted 24 September 2010 - 03:29 PM

Thanks for letting us know.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users