Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware sending out emails


  • Please log in to reply
8 replies to this topic

#1 cobra5000

cobra5000

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:pittsburgh, pa
  • Local time:07:12 PM

Posted 07 September 2012 - 11:37 AM

Hi,
I am looking for information on malware or virus that is sending out email that appears to be from a person in my address book.
but when i open it,
the body fo the email says something like Hi(my name),, take a look at this opportunity, (and there is a link to click on.)

i have received these from two friends in the last 5 weeks.
the one friend looked in the sent folder but found no sign of emails being sent. and yet it was her name in the "from" in the email.
also, if i hit reply, the return addy i saw wasnt hers.
and the emails do end up in junk folder, which tells me that hotmail is aware they are suspicious.
my friend was able to change her pw, with no problem.
i know my one friend said she has apple, and the other friend may well also,(he never replied back)

i even changed my email pw thinking i was infected. but had not problem changeing it.

so can anyone say what infection this is? is it only hitting apple?
how to disinfect, etc?
thanks

Edit: Moved topic from Breaking Virus & Security News to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 cobra5000

cobra5000
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:pittsburgh, pa
  • Local time:07:12 PM

Posted 07 September 2012 - 01:53 PM

Ok, so you moved the thread. I was actually asking to see if anyone knew of this type of malware. I am not asking for personal advice nor to i have anymore imformation to give.

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,440 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:12 PM

Posted 08 September 2012 - 10:20 AM

Hello, is this a MAC??

It appears you have Spoofed/Forged Email
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 cobra5000

cobra5000
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:pittsburgh, pa
  • Local time:07:12 PM

Posted 08 September 2012 - 02:04 PM

Hi, again it isnt my computer that sent out the email, it was my friends, and she has a MAC. so yes, it was a mac.

yes, somekind of spoofing going on.

**************
this is a copy of the link that was in the email. the link was the only thing
http://maisfm.pt/exaggeratebomb/stuartyoung18/?/bc9e3e7/

*****************

#5 cobra5000

cobra5000
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:pittsburgh, pa
  • Local time:07:12 PM

Posted 09 September 2012 - 06:28 PM

Yes, i just got an email from my friend with the mac virus.
she said she reset the password on wednesday, and it worked until this morning,
when her password to her email had been changed.
i guess she was able to get access to her account because she emailed me.

i would appreciate a response to this for a knowledgable person.

she is asking what is the best av software to get?

i dont know if it is a virus trojan, or if someone got her private info and is able to change her pw that way.

#6 cobra5000

cobra5000
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:pittsburgh, pa
  • Local time:07:12 PM

Posted 09 September 2012 - 07:02 PM

Ok, and this is the source detail of the infected email that my friend sent me. i only changed the my email address and her name below for privacy.
the email address that was put in place of hers was, yena_06@yahoo.com.

so as i said in my last post, her pw was hacked this morning AFTER she had changed it last week when i told her i got a strange email from her.

so what is the most likely way someone could do that???????????????????????????????

she said she had trentmicro but that it had expired.
is there a good av for mac?
is ad-aware,spybot, malwarebytes work on mac?




x-store-info:4r51+eLowCe79NzwdU2kR3P+ctWZsO+J
Authentication-Results: hotmail.com; sender-id=none (sender IP is 98.138.90.86) header.from=yena_06@yahoo.com; dkim=pass (testing mode) header.d=yahoo.com; x-hmca=pass
X-SID-PRA: yena_06@yahoo.com
X-SID-Result: None
X-DKIM-Result: Pass(t)
X-AUTH-Result: PASS
X-Message-Status: n:n
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MjtHRD0yO1NDTD00
X-Message-Info: o9rlR4nWDTdAvwKKkW+ebvQ2CTmfO6wg9VhSoy6vrRYOED+ObPsRHCB/DgBuT21Q8GT14UEdt85KIrg33WJX/fyKo3XuY2LZ8lWBSAe9cA4C+BBKbin06vlucUn30jSlhGWhsM8fDYE=
Received: from nm23.bullet.mail.ne1.yahoo.com ([98.138.90.86]) by COL0-MC2-F34.Col0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4900);
Thu, 6 Sep 2012 07:17:11 -0700
Received: from [98.138.90.55] by nm23.bullet.mail.ne1.yahoo.com with NNFMP; 06 Sep 2012 14:17:11 -0000
Received: from [98.138.89.250] by tm8.bullet.mail.ne1.yahoo.com with NNFMP; 06 Sep 2012 14:17:11 -0000
Received: from [127.0.0.1] by omp1042.mail.ne1.yahoo.com with NNFMP; 06 Sep 2012 14:17:11 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 372124.13484.bm@omp1042.mail.ne1.yahoo.com
Received: (qmail 56181 invoked by uid 60001); 6 Sep 2012 14:17:11 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1346941031; bh=2ffTdnj/5YJwlPl0QKK7ncD9+hwpipHMxBS5KmYqC5c=; h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Reply-To:To:MIME-Version:Content-Type; b=icZULRUnpOs6slw5KRXew9hvP7DML9n4BI8LmLsNTG33Ms5rrDk1rPIzYblJIJGticGSV6jTLaGqRfYk8StuCwxQQLRF9p4UZmZj8jOqCkRRI+NT1C9E4x8oHXMD6LbLB55wMkYEoFkxV0uUGCE0wDqdImBVnbGWwYEs0PGbupg=
DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=yahoo.com;
h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Reply-To:To:MIME-Version:Content-Type;
b=gVm/7YbUnVioAlGmuR89FZDy61hXvPFZNnbJzC2YpslVo6m4FbxPO+Owhs9U7bHapilSvuo1+NWxvtM7F/SlvP96xNrqwi0hY8qYPviwZ7nH3pC+8pJKP4eVePl44v2QCn3fUcYNuGRjZq70ZxrLzccmyyQKHlVndCnk/N4i/pk=;
X-YMail-OSG: WEi9918VM1lXYcutbYnV4hWJuJjnaOiimTMe4HjWe5TbKDn
ZqvE2RnKyFb35wL6xNeUU6HhGhToqUJu14g2xLfLAH3LyPgEvw8nufj9z5Fe
4lQXEJvyJR1DlTsSWocw_21BQab528I2Wd7bboUKtVb7PGJWAlyRounjvEf5
pkIZinl8J6vjGym57sS4X3.7MV87wD1sp.9rUCSkc665bpnZPdpsXunas3a9
DsZIUEcjH5fogfSy8VR0dLb0_2iPCUzn7nlpepIKHP6sGxI6CFZzE44w1dJg
moIUNxxF.S33f5KIviZ23S933MxI2B8c5MY2I7ogLKHRdMGE2GftpoOQNc2w
ZIjexnDiYd_BDx.jG2cgVkx4qlr_DNKmgxEbbIF5Y_L2xt._bmfX7.r.Gk4i
84XRfxqVWvK1m_r.WSTTNz7K80GXjy_Fx5P2kZKAV_yLkcvm2k.G69FRVrqc
onEWatNGtxR.PX1qt4IToFCVuN3pCFLpJub2SDCGdK7xRCJxMbbDMpwNAcXl
20.oKh6IqPyN1tPnDpEZtf_suH._jDM6UL3pifPFC3ayvSSszzg--
Received: from [219.48.188.22] by web122301.mail.ne1.yahoo.com via HTTP; Thu, 06 Sep 2012 07:17:11 PDT
X-Mailer: YahooMailWebService/0.8.121.416
Message-ID: <1346941031.53772.YahooMailNeo@web122301.mail.ne1.yahoo.com>
Date: Thu, 6 Sep 2012 07:17:11 -0700 (PDT)
From: Laura blank, <yena_06@yahoo.com>
Reply-To: yena_06@yahoo.com
To: "blank@msn.com" <blank@msn.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Return-Path: yena_06@yahoo.com
X-OriginalArrivalTime: 06 Sep 2012 14:17:11.0752 (UTC) FILETIME=[4E8DCC80:01CD8C3A]

http://maisfm.pt/exaggeratebomb/stuartyoung18/?/bc9e3e7/

9/6/2012 7:14:24 AM

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,440 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:12 PM

Posted 10 September 2012 - 07:45 PM

Helo, if they ghad the passwird they most likely were still inthere until the whole system cycled.
Now if she is on a router,wireless and it is not set up encrypted then they are sharing it with some one with out her k owing and that should be done,

AV for MAC
http://www.avast.com/free-antivirus-mac
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 cobra5000

cobra5000
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:pittsburgh, pa
  • Local time:07:12 PM

Posted 14 September 2012 - 10:24 AM

I talked to person at CERT at Carnegie Mellon.
He said it was probably Phishing.
there could have been a group email sent from an email list that had my name/email and my friends name,
and the phisher, then substitutes their email in for my friends email, but with her name,
then i would see her name, think it was from her, and click on the link in the body of the email,
taking me to some bogus website, either for advertisement or that would try to deposit malware on my machine.
But that her machine probably wasnt infected per se.

sound logical to you?

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,440 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:12 PM

Posted 14 September 2012 - 12:41 PM

Yes phishng or spoofing. that's why I said to change your passwords.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users