I just received a supicous E-mail from my wife with the Subject = Hey!


This was followed by a message containing only a link. The link has a typical HTTP heading with no www but the rest of the link looks like this

bioethanole85.cz/likeit.php?awxa718eso

I decided not to open it and instead tried searching on Giggle for clues most of which were in a foreign language, but came up with no hints. I can't reach my wife to find out her side of this but am a little concern that she might have been hacked.

Is there a better way for searching a link for its origins without invoking a nasty virus package ?

I'm worried that this has gone out to many in her address book and her friends are quite likely to click the link.

The ISP is ALFA TELECOM


bioethanole85.cz/
IP address : 82.208.47.157
IP number : 1389375389
Country : Czech Republic flag
Region:
City (Estimate) :
Latitude : 49° 45' North
Longitude : 15° 30' East
Time Zone : Central Europe Daylight Time
GMT Offset : 02:00:00

Loma - yes she has been hacked, and that is EXACTLY what happened to me during the past 24hrs - yahoo! account hacked, my address book used to send similar "Hey" e-mails to everyone in it. Most people didn't open *my* e-mails, a couple did, said it's an advert for coffee beans (!?) or the like. Another, amusingly, was for a weight-reduction progrom to someone very thin, who thought it was genuine.

One e-mail was sent back to my computer's dummy account (set up for this purpose) and my e-mail scanner said no virus in it - however, I didn't open it.

Now your wife has to change her password and check whether a mal-mail-forwarding address has been inserted on her e-mail site. Then do a couple of anti-virus scans. Then tell everyone...

Another, amusingly, was for a weight-reduction progrom to someone very thin, who thought it was genuine.

I had exactly this quite recently. First I knew about it was that I received an indignant reply from a contact in my address book who thought I was rudely hinting about his weight. :uhoh:

P.S. I was later informed that my Yahoo email account had been accessed twice by someone unknown in Estonia.

Be advised of a phishing email doing the rounds.

http://www.pprune.org/computer-internet-issues-troubleshooting/516095-bt-dumps-yahoo.html#post7879050

Thanks for the replies

I guess there is no way to find out how bad this is other than the embarrassment of it all

I gather that the only thing available is to identify suspicions and just leave it at that. In other words you can't do like I do for suspicious phone calls and share a phone number for confirmed comments on the web like "whois" ?

The worst thing I can think of is a keystroke copy program having been set on a computer. If she logs in to her E-mail and resets the password doesn't the bad guys get it as well?

Perhaps I should do it on another computer. Another possibility would be if she can't even access her account because the bad guys might have changed her password.

Oh well I'll get to work on this now.

Wife got home and looked at the E-mail that was sent in her name.

She did not recognize 90% of the other E-mail addresses.

Virus and Malware scans turned up nil.

Conclusion on this side is that all the bad guys knew was her E-mail address from a single E-mail that included a couple of us friends. They then probably used a password cracker and once successful sent out multiple add type E-mails using her E-mail as sender but of course their URL selling something..

OK we changed her password, now let's see what happens.

OK we changed her password, now let's see what happens.

Just what I'm waiting for, matey. But I also changed other passwords on my PC which enable me to check in to *** and ***** and even *******.

A tip: in your e-mail address book make the first one a dummy which you would never use yourself such as [email protected].

If you see messages sent from this you know your address book has been hacked......pity you can't couple such messages to an alarm bell !

Also happened to us....No obvious problems up to now, but who knows how long this thing might be incubating....


http://www.pprune.org/computer-internet-issues-troubleshooting/514908-should-i-worry-about-aim.html

I had three BT customers with the same spam e-mail problem yesterday.
Yahoo's security is quite simply not up to the mark
However I do wonder how many of these hacked accounts had poor password security

However I do wonder how many of these hacked accounts had poor password security

You mean like 7 characters all letter, no numbers or capitals and a word that can easily be remembered woof-woof :E

Good thing I won't let her get away with that for money matters.

Heck I even went to lengths to change my PPrune password seeing as I sensed there were people out there wanting to post under my name and make me look good.

No takers that I have detected so-far

Excellent advice OFSO. Had me reaching for my contact list muy rapido.

I've had a load of these Yahoo "Hey!" messages, too. They were all from people I know, in some cases to e-mail addresses of mine that I've not used in ages. It looks as if the Yahoo mail server and folks' address books have been comprehensively hacked.

A lady a couple of doors down asked me to come and sort out her e-mail because she couldn't get into it. Her account had been frozen by Yahoo for "unusual activity" and we had to go through some Q & A to unfreeze it. There were bounced e-mails in her inbox, but the originals were NOT in her outbox.

We changed the password, but I think it's pretty pointless because the hacker now has her e-mail address and her address book, so can repeat the performance at any time.

I'm trying to persuade her to dump the Yahoo address and use a "Proper" one, but she's worried about how to tell all her contacts.

We changed the password, but I think it's pretty pointless because the hacker now has her e-mail address and her address book, so can repeat the performance at any time

The hacker has little use for her E-mail contacts unless/until they manage to break those passwords as well.

The hacker can't send anymore fake E-mails using her account now that she changed her password. Likely the hacker has hundreds of hacked E-mail accounts with still good passwords for his use so I'm betting she will never know anymore unless one of her friends turns up with a hacked account and she herself gets another message "Hey" but sent by a friend.

I'll update this thread if anything turns up on my end (only two of my "friends ever got a "Suspicious" E-mail from my account, the rest of the addresses were unknown to me.

As Keef says passwords have little to do with this situation.
The hackers have found a backdoor,bypassing Yahoo security.
There are numerous reports of hacking continuing after passwords have been changed.

Not totally computer illiterate but not the sharpest tool in that box, so ... I don't use an address book. Any addresses I need to access, I copy and paste into a Notepad file and copy and paste as required. I do this on the assumption that this protects my contacts from such as has been described above. Am I correct or just being naive, please?

It seems they want the contact list.
I had always deliberately kept it empty but it turns out that the sent list also functions as a temporary contact list.
To be safe that will have to be deleted on a regular basis.

well BT are dumping Yahoo later this year - officially because the contract has run out but according to the computer press even BT can't stand the constant h lack of security and general inefficiency of yahoo mail

over the last 4 month s they have "blocked" my email a dozen times for no reason

I have to contact the BT Indian helpline - who are actually very good - they reset the password and account and I'm back in business but it's a real pain and normally takes 45 minutes- roll on the end of Yahoo!!

the last few Yahoo / BT hijacks I've seen, the spam mails have not been sent to addresses from the Yahoo contacts, but instead to the last twenty or so people to whom the account has sent mail
The rationale is probably that a recent mail is likely to need a followup and is therefore less suspicious than a mail sent at random to someone in the contacts list

After changing the wife's password everything seemingly OK until

Today she couldn't even get on her E-maii. So logged into my base account and found that her E-mail had been blocked for suspicious activity. So once again we changed her password after running another batch of virus programs on her computer.

Her E-mail then reactivated and lo and behold one of the messages was a spam message from her to her with a strange E-mail address in the

From : her E-mail name, then [email protected] as the address, the last bit is truly strange since it's not her E-mail addy

the to part was:

To: administrator <her E-mail addy> where typically the To should have simply had Her first name.

At the end of the badly worded message was a reply to addy of [email protected] which seems to be a Russian medical supply house

I called our internet and E-mail provider and they just reiterated that we had responded correctly by changing the password, computer scan, and that everything looks fine on their end ????

change the password and the security reset questions. That last part is important.
If you still get problems after that you'll have to get the ISP to physically log off from the server anything logged into the account, and then reset again....

the problem is that if the rogue sender stays logged in, the password change doesn't affect them until they log off and back on again - which could be days later.

Milo

smart move

Too bad the ISP IT department doesn't know this

Note - keystroke loggers can't detect mouse movements. If your using an unsecure PC in an Internet cafe, use your mouse too.

Eg Your password is 123456. When you log on type 5, then click your curser to the left of the 5 and type 24, click between the 2 and 4 and type 3 etc etc etc.

They will have all the characters of your password, but in the wrong order. Not perfect, but you can always change it again when you get to a secure system