Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Explanation Please


  • Please log in to reply
8 replies to this topic

#1 sikntired

sikntired

  • Members
  • 1,086 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:14 PM

Posted 29 January 2014 - 03:40 PM

Yesterday when checking my email (att.net powered by Yahoo) I came across "Mailer-Daemon Failure". It seems that an email had been sent out to all of my contacts. I did not initiate this. Below is the content of this email.

Hello,


Please view the document i uploaded for you using Google docs.

Follow Here to sign in with your email to view the document,its very important.

Thank you.

 

Has anyone else had a similar instance? Being a member here at BC I am well aware of how Malware can be introduced to infect an OS. I do not visit questionable sites and do have WOT installed as well as Spywareblaster. MSE is my stand-a-lone and use MBAM and SAS as on-demand scanners which I do regularly.

 

Since I became aware of this I changed my email password and ran "full scans" with both MBAM and SAS. The results were negative.

 

I'm scratching my head trying to figure out how this happened. Security updates are set to automatic. I have Secunia installed to ensure that programs are the latest versions.

 

I have not installed or downloaded any new programs nor any significant changes to my Win7x64Pro

 

Thoughts?? ( I should add that I got the Mailer-Daemon Failure due to one contact having an incorrect address ) otherwise I might not have ever discovered this.


Edited by sikntired, 29 January 2014 - 03:43 PM.


BC AdBot (Login to Remove)

 


#2 Netghost56

Netghost56

  • Members
  • 973 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:07:14 PM

Posted 29 January 2014 - 04:51 PM

Your account could be hacked offsite, meaning that they wouldn't need to access your computer if you are using AT&T's email service.

 

That's why I don't use ISP based email (AOL, Verizon, Cable One, AT&T, etc). To date I have worked with at least 2 clients who had emails hacked, one by a Nigerian scammer who sent out mass emails impersonating the client and claiming they were stranded in the Caribbean and needed money wired...

 

If you have any important emails saved, I would recommend either forwarding them to another address or printing off a hard copy. Hacked accounts are usually wiped out or archived messages forwarded onto other addresses.

 

Do you use Outlook?


Edited by Netghost56, 29 January 2014 - 04:56 PM.


#3 buddy215

buddy215

  • Moderator
  • 13,419 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:14 PM

Posted 29 January 2014 - 05:25 PM

Your first step should be to determine whether your email account--or your PC itself--is infected or compromised in some way. The most likely culprit is "spoofed" email headers, in which spammers change an email header's "from" address to make it appear as though the spam originated from your email account, and which in turn causes any bounced email alerts to go to your inbox.

 

You can read more about that spoofing here: Minimize Your Exposure to Email Spoofing | PCWorld


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#4 sikntired

sikntired
  • Topic Starter

  • Members
  • 1,086 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:14 PM

Posted 29 January 2014 - 06:28 PM

buddy215,

 

Thank you for your input and advice. I read the link provided and it was very informative. And after that I believe my email account "spoofed". As you stated my concern at this point is whether my PC or the email account is infected.

 

I have run Malware scans as previously posted. I have also checked LAN settings and Proxy Server is unchecked. Remote access is Not Enabled.

 

This tends to give some credence that the PC is not infected (unless you think there are some alternatives to utilize for a more in-depth search).

 

That would leave the email account itself. Would you have any further wisdom as to what steps to take?

 

BTW I do not use Outlook.

 

Thanks again for taking the time to assist.



#5 sikntired

sikntired
  • Topic Starter

  • Members
  • 1,086 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:14 PM

Posted 29 January 2014 - 06:38 PM

@Netghost56

 

Thanks for the info. Appreciate your response. I do not use Outlook.



#6 buddy215

buddy215

  • Moderator
  • 13,419 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:14 PM

Posted 29 January 2014 - 07:00 PM

Well....you read the advice on how to reduce your chances of being spoofed. I have received those emails and have

told the spoofed sender about them. Once, it was obvious that the sender's contact list had been compromised.

So it wasn't spoofing but a piece of malware that he or someone we both had in our contacts that was infected and harvested

the email addresses.

The problem is you never know if your email address was picked up from a website or forum you posted on or if someone

who has your email address in their contact list.

One thing I do when getting one of those emails after notifying the spoofed sender is to block them. Hot Mail/ Outlook makes that simple to do.

So, expect those receiving the spoofed emails to block you from sending them legit mail.

 

Another thing I do is I create 'aliases'. Open new email accounts when one is needed to use a website.

 

Whether the spoofer will continue spoofing your address for an extended period of time or not....no way to know for sure.


Edited by buddy215, 29 January 2014 - 07:04 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 jhayz

jhayz

  • BC Advisor
  • 6,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:14 AM

Posted 29 January 2014 - 08:06 PM

( I should add that I got the Mailer-Daemon Failure due to one contact having an incorrect address )

 

:notme:


Tekken
 


#8 sikntired

sikntired
  • Topic Starter

  • Members
  • 1,086 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:14 PM

Posted 29 January 2014 - 08:36 PM

@buddy215

 

Forgot to mention that I also sent an email to all contacts regarding this. Told them not to open any links or attachments with reference to Google as they were not legit.

 

Will act accordingly on the additional advice you gave.

 

As always really appreciate this forum and the assistance.

 

@jhayz

 

LOL :whistle:


Edited by sikntired, 29 January 2014 - 08:37 PM.


#9 sikntired

sikntired
  • Topic Starter

  • Members
  • 1,086 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:14 PM

Posted 30 January 2014 - 06:13 PM

Well an explanation is provided in this article posted on MSN.

http://money.msn.com/business-news/article.aspx?feed=AP&date=20140130&id=17308415

 

Thanks to all for taking an interest






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users