EcoModder.com

EcoModder.com (https://ecomodder.com/forum/)
-   The Lounge (https://ecomodder.com/forum/lounge.html)
-   -   Serious problem or harmless phishing? (https://ecomodder.com/forum/showthread.php/serious-problem-harmless-phishing-15610.html)

bdesj 12-29-2010 12:24 PM

Serious problem or harmless phishing?
 
Since I`m pretty out of touch with possibilities for electronic fraud, ID theft, etc, I`m hoping some of you more knowledgeable folks could explain a kind of scary situation to me. I`ve started getting spam that`s labeled in my "inbox" as though it came from my wife, even though she obviously has nothing to do with it. Well, I certainly HOPE she has nothing to do with it- haven`t asked her yet.

Hopefully, it`s just some new spammer method of getting my attention that isn`t a sign of a real problem, but I`m not sure. Does that necessarily mean that her email acct has been compromized somehow or that our computer has been zombied into sending stuff out to a zillion people? Another odd thing is that the emails are all addressd "to: former coworkers of my wife @ local school dist`s website"- hope my description makes sense. Anything I can do to check?

Not so important, but an extra irritation is that they`re written in the style of badly translated English. Since English isn`t my wife`s native language, and her writing sometimes has those same characteristics, it`d be possible and very uncomfortable if some of our friends and acquaintences read the spam and think it really did come from her.

trikkonceptz 12-29-2010 12:49 PM

Most of the time it turns out to be someone that has hacked your email address and spammed everyone in your address book. Best suggestion would be to change your passwords until it happens again ...

Unfortunately it happens more frequently than we would like to be comfortable with.

dcb 12-29-2010 12:50 PM

is she getting a lot of "undeliverable" returned messages? If so then her account was probably hacked. If not then probably someone is just spoofing her email addy.

kamesama980 12-29-2010 12:54 PM

Either way change the password to be safe

bdesj 12-29-2010 01:41 PM

Thanks for chiming in, gang.
Yes, she has a ton of undeliverable returns! (It just ocured to me to log onto her account, she won`t be home until this evening). But the sent folder doesn`t look unusual??? Weird.

I`ll let her know what`s going on and explain that she needs to change her password.

duane1 12-29-2010 03:28 PM

If the sent box does not show anything coming out of it; then someone spoofed her email address. There was no hack involved.

It's the equivalent of me calling you up and saying I am someone else so you can't call me back.

If you have the original email, there are ways of examining the email headers to find out the real sending address.

pounsfos 12-29-2010 03:49 PM

scan your computer for viruses. clear you temp folders
if it keeps happening then change her password.
if that doesnt fix it then analys the headers of the mail and find out where it is coming from.

Ryland 12-29-2010 04:09 PM

Either way changing your password seems like a good idea because even if they are not sending it from your computer (making it show up as "sent") but they are still getting in to copy your address book of Email address's so changing your password seems like a good first step.

Piwoslaw 12-29-2010 04:27 PM

Passwords should be changed every 1-2 months. Unfortunately, hardly anyone does it:(

A clean 'Sent' folder doesn't mean that the account wasn't hacked. I once had my account blocked because a bot cracked my password and started spamming. The admin reset my password and I noticed that the 'Sent' folder looked normal. He explained that it is possible in some cases to send without copying to 'Sent', or that the spammer (bot) deleted everything it sent to leave less traces.

Anyway, change your password NOW, and next month too.

bdesj 12-30-2010 05:19 AM

duane1: "If the sent box does not show anything coming out of it; then someone spoofed her email address. There was no hack involved."
Don`t all the "undeliverable" notices in her inbox indicate that the spam was actually sent from her account?

pounsfos: "scan your computer for viruses. clear you temp folders"
That sounds like a good idea. How do I go about it?

"if it keeps happening then change her password."
Already changed.

Piwoslaw: "Passwords should be changed every 1-2 months. Unfortunately, hardly anyone does it"
Guilty as charged, but will mend my ways- changed mine, too.

"He explained that it is possible in some cases to send without copying to 'Sent', or that the spammer (bot) deleted everything it sent to leave less traces."
Makes sense to me. For somebody with the skill to hack into an account in the first place, it should be a piece of cake to amend the program in such a way as to delite the "sent" files. Why leave more evidence to clue in the victim that something is amiss just so that he can start fixing the problem and put an end to all the spammer`s work?

pounsfos 12-30-2010 06:04 AM

i dont know what version of windows you are running
but open up your anti-virus (start, all programmes, *anti virus name here*
run a full scan

then find yourself the "run" box (usually start, run. *on windows xp )
then type %temp% into it. delete everything in that folder

doneburgers. :)

oh and dont do anything while it is scanning as it runs real slow and your computer lags like a mofo

if you dont have any anti virus grab yourself avg. its free and is amazing i use it on all my customers machines

AVG Anti-Virus Free Edition 2011 - Reviews and free AVG Anti-Virus Free Edition 2011 downloads at Download.com

bdesj 12-30-2010 08:40 AM

Thanks, P!
Except I guess the method is different depending on the system and age- I should have included that information. Our home computer is Apple, 10.4.11
My wife borrows a friend`s laptop for wordprocessing duty from time to time, but I`m pretty sure the machine and connection at home is the only internet access she uses regularly.

EDIT: I`ll Google around when I get home- I`m sure that`ll turn up a way to do what you suggest.
Thanks again :)

Arragonis 12-30-2010 12:31 PM

You may find that after scanning, fixing, rescanning etc. that it continues. It may not be your PC. Some email style viruses use addresses in their inbox and pretend to be sent from that person or any other addresses in the inbox - so whilst the emails say they come from your wife they may be someone else she has emailed who has a PC which is infected. It can even use addresses from emails such as those CC'd into emails sent from the infected PC - jokes are a good method of spreading them around.

My wife gets emails like this often from customers who work in local government but it turns out to be a relative or friend of theirs who have an infected PC at home doing the emailing instead. Easy to prove as their work PCs are locked out pretty securely as they work with children in education departments.

For this reason (and the reduced risk of info being leaked when you sell or lose your PC) I recommend switching to a web-based system such as Yahoo or Google as they scan messages for threats and those 'body enhancing' messages you would rather not see. Hotmail seems a little 'leaky' with info, your experience may vary.

Be careful of letting some places like The Tech Guys or the local PC store have your PC to fix unless you know them well as you don't know what they will decide to make a 'backup' of without your knowledge - perhaps your PayPal account details or your internet banking, family photos or details of your holiday - so they know when to empty your house the address of which is probably nicely presented to them as well.

Assuming you are on Windows you can get free virus and malware removers quite easily - AVG free is a good virus package (takes some time to find the totally free one) and AdAware (make sure the latter comes from Lavasoft, there is a similar package which INSTALLS cr@pware instead of removing it...). Crapcleaner (honest) is good for removing anything not needed.

Piwoslaw 12-30-2010 04:51 PM

Here is a trick I learned from my Mom, and I use it under both Linux and Windows:
Make one account called 'Admin' or 'Root', and then an account for each user. The main account should have all the privileges, while the users' accounts should have as little as possible. ALWAYS log onto your user account, use it for browsing or any other work. NEVER use the main account, except for updating, installing, etc., after which you immediately log out of it. If you use only the user account without privieges, then it is much harder for malicious software or hackers to do anything to your computer.

Also, DO NOT leave your computer on if you are not using it. Standby is not enough - computers can sometimes be remotely turned back on or booted up. If you're going to sleep or to work, and your machine isn't busy resequencing DNA or looking for extraterrestrial radio signals, then turn it off and unplug it. A power strip which turns off your monitor, speakers, etc., at the same time is the best thing to use.

cfg83 12-30-2010 05:06 PM

bdesj -

Same thing happened to my sister's soccer-mom friend. Someone used her e-mail address and address book to send stuff to my sister and somehow it got to me. This friend got the virus and I was receiving e-mails that looked like copies of what she had actually sent in the past, except there was a nefarious *attachment*. It was either a Windows EXE that contained a virus or some other malware. I think it was also associated with a school district website, which are notorious for having viruses (the kiddies share colds and computer viruses alike).

Changing passwords and scanning for viruses is good, especially if you opened an attachment and/or a URL that was contained in the e-mail.

CarloSW2

Cd 12-30-2010 05:56 PM

My dads computer is having a similar problem.
I used SpyBot and it found some maulware, but it is unable to remove it.
I get this error
" Unexpected error in fixing problems ( Cannot create file "C : /WINDOWS/System 32/drivers/etc/hosts " access is denied .)
I went to the host file and tried to move it, but that didn't help anything.
I also tried three or four programs - AVG , Avira and a maulware remover, but all thee are not seeing the maulware that SpyBot sees.
Weird.

cfg83 12-30-2010 06:37 PM

Cd -

Quote:

Originally Posted by Cd (Post 212114)
My dads computer is having a similar problem.
I used SpyBot and it found some maulware, but it is unable to remove it.
I get this error
" Unexpected error in fixing problems ( Cannot create file "C : /WINDOWS/System 32/drivers/etc/hosts " access is denied .)
I went to the host file and tried to move it, but that didn't help anything.
I also tried three or four programs - AVG , Avira and a maulware remover, but all thee are not seeing the maulware that SpyBot sees.
Weird.

One of the things I do is I remove the hard disk and attach it as an external USB hard disk. Then I hammer it with an antivirus program on my "clean" PC.

This does NOT solve all virus problems, but it allows you to attack the hard disk without the possibility that the virus will be interfering with what you are doing. The limitation to this is that the antivirus software on your "clean" PC can't see registry stuff that is loaded when the OS is loaded. It is the files that are on the disk only. The other benefit is that you can use different antivirus software to analyze the disk. In practice you don't want McAfee and Norton and ??? running on the same PC because they fight with each other.

Assuming your Dad's PC is XP, your malware may have installed a copy in the "C:\System Volume Information" folder. This will allow it to reinstall itself ad-infinitum.

CarloSW2

Cd 12-30-2010 06:54 PM

Thanks for that clever idea !
I'll have to try it next time I'm there for a visit.

euromodder 01-01-2011 08:42 PM

Quote:

Originally Posted by trikkonceptz (Post 211823)
Most of the time it turns out to be someone that has hacked your email address

No it's not.

Quote:

Originally Posted by dcb (Post 211824)
is she getting a lot of "undeliverable" returned messages? If so then her account was probably hacked.

Why would she ?
If spammers harvest your email address, they also use it to send out mails with.
Faking a sender email address is the easiest thing you can do.

Getting "undeliverable" returns in your inbox isn't proof your account was hacked, it merely means a mailserver is not filtering out the spam first.

You hardly get any such "undeliverable" mails anymore these days as admins have reconfigured their servers not to autoreply to spam anymore.

euromodder 01-01-2011 08:55 PM

Quote:

Originally Posted by bdesj (Post 212002)
Thanks, P!
Except I guess the method is different depending on the system and age- I should have included that information. Our home computer is Apple, 10.4.11
My wife borrows a friend`s laptop for wordprocessing duty from time to time, but I`m pretty sure the machine and connection at home is the only internet access she uses regularly.

Don't go making any system changes or whatever because of this.
Changing a password every now and then is not a bad habit though.

Anyway, this is harmless, and it's just the way spamming works.
They simply need an email address to send from, and it so happened to be your wife's.
And they need a subject line to trick people into opening their rubbish.

There's 27 spam mails in my spam box right now.
One of them is sent abusing an address of mine.

Arragonis 01-02-2011 07:15 AM

The writing (or not) to System32\Drivers\Etc may be because of the extra restrictions imposed by Vista and 7 - writing to any system or program files is restricted to Administrators. Unfortunately people either get fed up with agreeing to it all the time (Are you sure you with to allow this program to make system changes ?) that they turn the warnings off. Bad move.

XP Didn't have these restrictions until later Service Packs were installed.

If your PC is Windows and you suspect an issue another way to check is to run MSCONFIG from

1. A command prompt (Start, Programs or All Programs, Accessories)
2. The Run command in the Start Menu (if you have this enabled)
3. Task manager - right click on the task bar, select Task Manager, then File, Start New Task

MSConfig shows you which programs are scheduled to start with Windows in the Startup tab. You can clear out anything dodgy here - the programs stay in the list so you can restore anything you do by accident later. When you save changes it will ask you to restart to test the changes and it will come back up when you log in.

Another thing to check is in the registry (yes scary). Run Regedit and search for RunOnce. This section tells Windows to run the indicated programs once only on a restart and is meant to be used by installs which need a restart to unlock files. You will need to search for RunOnce repeatedly as there is one for each profile (and all profiles - i.e. user accounts).

A final one is to check for added toolbars and other add ins to your browsers. Each browser is different but they all have such options and lots of programs like to add little extras in there so that your browser goes to them when you search for whatever they do.

I'm surprised nobody has started the "why not use Linux" debate yet. I'm not starting it by the way, just saying (I use both so I'm an advocate of neither :D )

bdesj 01-02-2011 02:31 PM

You guys have left me in the dust with a lot of these posts, but I think I got the information I needed. It sounds like some of you Advanced Placement kids are getting good stuff too in the parts that fly over my head, so a good deal for all :)
Thanks to everyone who offered solutions, advice, and prevention suggestions.

order99 01-02-2011 03:52 PM

Quote:

Originally Posted by Arragonis (Post 212479)

I'm surprised nobody has started the "why not use Linux" debate yet. I'm not starting it by the way, just saying (I use both so I'm an advocate of neither :D )

Well, my Main box is currently a Mac running OSX and my other box plays with various Linux distros as I like-But my Mac was $10.00 on Ebay and Linux distros tend to be free, so...:D

Run whatever you like and take the right precautionary measures-nothing is unhackable(with the remote possibility of a scratchbuilt OS based on no previous OS-and the minute you share it with somebody it's toast just like the rest). So, run whatever and enjoy...

Arragonis 01-02-2011 06:49 PM

Quote:

Originally Posted by order99 (Post 212516)
So, run whatever and enjoy...

Agreed 100%

I spent a week recently trying to get an elderly couple into email.

Thats it, just email. They tried a Windows PC - nope. Linux. Nope. I didn't have an Apple one but I think it would be the same issue.

I showed the lady of the house an iPad and she was hooked. She has taken to it like a liner across the Atlantic.

Only problem is I don't have one, have never used one.

So we are both learning...:thumbup:


All times are GMT -4. The time now is 03:58 PM.

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2021, vBulletin Solutions Inc.
Content Relevant URLs by vBSEO 3.5.2
All content copyright EcoModder.com