1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

weird

Discussion in 'Computer Security' started by greenbrucelee, Feb 19, 2009.

  1. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,283
    254
    329
    Two days running me and some of my friends and contacts have had an email from one of my friends (through hotmail).

    The first was a joke and the second was an email about an electronics company selling cheap parts.

    However my friend says he never sent these emails and you can see from the emails that they has been forwarded to everyone on his hotmail contact list.

    I thought the first one (joke) was from him as it was his type of humor however the second one looked like a pure piece of spam.

    Could I be right in thinking that his account may have been hijacked as he insists that he nevr sent the emails?

    I did a full spyware/virus scan and I am ok, I haven't got back intouch with him incase he is infected so I can minimize any infection coming to me.

    Any ideas?
     
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?
  2. Qs

    Qs Semi-Honorary Member Gold Member

    3,081
    70
    171
    There are certain malicious applications out there that use the contact information which MSN has access to, to send such emails.

    Almost positively sure its going to be him, so advise him to do a full virus/spyware scan on his computer.

    Else, it's going to be spoof emails.

    Qs
     
    Certifications: MCT, MCSE: Private Cloud, MCSA (2008), MCITP: EA, MCITP: SA, MCSE: 2003, MCSA: 2003, MCITP: EDA7, MCITP: EDST7, MCITP: EST Vista, MCTS: Exh 2010, MCTS:ServerVirt, MCTS: SCCM07 & SCCM2012, MCTS: SCOM07, MCTS: Win7Conf, MCTS: VistaConf, MCDST, MCP, MBCS, HND: Applied IT, ITIL v3: Foundation, CCA
  3. loneferret

    loneferret Byte Poster

    139
    1
    27
    My wife got something similar, and well... she royally infected my laptop.
    Anyway, tell your friend to scan his computer, odds are he's infected with
    something...
     
    Certifications: MCDST/N+/L+/i-Net+/CIW/OSCP/OSCE
    WIP: MCTS 70-662
  4. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,283
    254
    329
    yeah I did tell him to do a scan although I am not sure of the results.

    I do know though that his idea of security is having a virus scanner and thats about it. He doesn't have a login screen on boot up which I have told him he should and to do regular scans etc so I reckon he will be infected or his pc is anyway:D
     
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?
  5. Gingerdave

    Gingerdave Megabyte Poster

    991
    44
    74
    I would also recommend he changes the password to his hotmail account from a different machine.
     
    Certifications: A+,MCP, MCDST, VCP5 /VCP-DV 5, MCTS AD+ Net Inf 2008, MCSA 2008
    WIP: MCSA 2012
  6. BosonMichael
    Highly Decorated Member Award

    BosonMichael Yottabyte Poster

    19,136
    462
    374
    What's the header info show? My spidey sense tells me that it's not an infection; it's just an e-mail address spoof.
     
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!
  7. newkoba

    newkoba Byte Poster

    144
    2
    24
    i would normally say michael is right on his deduction, but if you say that you can see that it hit all of his contact list then i would think something is on his box and sending out to contacts. get your friend some free software: avast for av, spybot for spyware, widows firewall for firewall. while that isn't the end all be all it is free and will keep almost everything out of your box for 99% of the community.
     
    Certifications: Security + and CEH
    WIP: CWNA and CWSP
  8. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,283
    254
    329
    The title was Fullfill your shopping cart, it has his email addy on it and fwd to all of his contacts. THe joke one was the same but entitled The Teacher.

    He has AVG but since he is 350 miles away from me I can't see if it's upto date but I bet it isn't. HIs idea of computer security is locking the house door at night:D
     
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?
  9. BosonMichael
    Highly Decorated Member Award

    BosonMichael Yottabyte Poster

    19,136
    462
    374
    Forwarded to a bunch of addresses that look like they MIGHT be his contacts, or specifically all of HIS contacts (with no other addresses at all)?

    Again, what does the header show?? Not the title, not the recipients, but the e-mail header?
     
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!
  10. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,283
    254
    329
    it's all of his contacts apart from two of them whic are to a credit card company called capital one:blink one is even to his sister who works for the government.
     
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?
  11. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,189
    296
    319
    Looks a like a virus. I got a similar email from one of my customers who had emailed me before from his hotmail account. I recognised some of the other email addresses so it looked his contacts had be used.
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  12. BosonMichael
    Highly Decorated Member Award

    BosonMichael Yottabyte Poster

    19,136
    462
    374
    What does the header...

    ...ah, never mind. :rolleyes:
     
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!
  13. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,283
    254
    329
    there was no attachment with it and i ran a scan and I am ok, I am waiting for him to come on MSN so I can find out if he had any malware.
     
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?
  14. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,283
    254
    329
    it has his email addy and saying it was sent by him and all the usual stuff nothing out of the ordinary.
     
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?
  15. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,189
    296
    319
    He probably doesnt know the emails are being sent tbh.
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  16. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,283
    254
    329
    he was suprised when I asked him about it. As he has done sideline work before selling stuff I asked him if he was working for this electronics company but he said no.

    That was when I told him to scan his pc, he hasn't logged on since and that was 24 hours ago.
     
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?
  17. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,189
    296
    319
    Probably best to get him to fully patch up the OS and run a AV scan as well.
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  18. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,283
    254
    329
    never mentioned a patch as i assumed he would be as the last time I saw his comp I st it to update automatically as he had it turned off :D
     
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?
  19. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,189
    296
    319
    Always worth running it manually now and again. 8)

    Edit: sometimes Windows updates has probs
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  20. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,283
    254
    329
    yep I have experienced those.
     
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?

Share This Page

Loading...