Webmail accounts being hacked/infected

floridaze · Sep 17, 2010

For months now, I've been getting spam links to sites selling pills from dozens of people who have me in their address books. I'm sure I'm not the only one. There is usually no subject, and there's never any text, just a link. Obviously I never click on it. It's mostly from Yahoo addresses, but occasionally Gmail and AOL also.

Does anybody know the remedy for this? People get mad when I tell them they have a virus or their password has been hacked. Is there a name for this particular issue so that I can tell them exactly what to do when they say "but I have thus and so protection and it says I'm clean?" (Not every program catches every problem, is my answer, but I'd really like to be able to give them a name for this increasingly annoying issue.)

Thanks a lot!

chaslang · Sep 17, 2010

floridaze said: ↑

Does anybody know the remedy for this?
Click to expand...

In reality there a few possible type solutions depending on the infection your "friends" or you have.

Make sure that your PC is not the source. Some infections steal your address book and spoof your friends addresses in mail that is showing up when in it is actually coming from your account.

Have your friends fix their infection and it may stop.

If the infection is the kind that stole their address book, then you are already added to spam lists and the fix is to change your email address and not give it to these friends who cannot keep their PCs clean.

Just delete the spam when it arrives or possibly see if any particular spam filter can sort out the difference between valid email from your friends and the spam

floridaze said: ↑

People get mad when I tell them they have a virus or their password has been hacked. Is there a name for this particular issue so that I can tell them exactly what to do when they say "but I have thus and so protection and it says I'm clean?" (Not every program catches every problem, is my answer, but I'd really like to be able to give them a name for this increasingly annoying issue.)
Click to expand...

There are no one step answers since there are dozens of infections that can cause issues like this. Each infection has to be dealt with uniquely which is why we have the cleaning process posted in the forum. Sometimes, a persons ISP will even shut them down if the spamming gets really bad and is using lots of bandwidth. Have your friends run through the cleaning process and attach the requested logs. Attach this logs is important since there are times when nothing seems to be detected but when we physically look through the logs, we may see the source of the problem especially when some one has told us ahead of time that their PC has been spamming. There are cases though where nothing may be seen at all and the source of problem may just be that your address book or your friends have simply been stolen and your addresses have now been added to spam lists for the spammers use. This can result in lots of spam, sometimes from unknown address ( since thousands of people have been hacked this way ) or from know addresses. Email address spoofing is quite common.

floridaze · Sep 17, 2010

Again, their email addresses are not being spoofed. I'm well aware of those email worms. When I contact whatever person it has come from (it's usually a gibberish link to a pharmacy hawking Viagra; again, not that I click on it), they often know by that time that it has happened and they're already working on it because all of the recipients are going bonkers on them for sending out Viagra links.

I did read the cleaning process to do before posting here, but I don't need to do it myself, as I have the horse sense that it takes to not get infected to begin with. I can direct the victims to that thread, but if anybody else out there would know if there's one (or more) particular malware program attacking webmail accounts, it would make my life a lot easier in telling these gazillions of victims exactly what to look for. If they're careless enough to get infected, they're probably not smart enough to run through the cleaning process and attach the logs anyway.

Thanks.

chaslang · Sep 17, 2010

floridaze said: ↑

Again, their email addresses are not being spoofed.
Click to expand...

It can still be their email address and not come from them. If some one has stolen their email account and password, it can come from anywhere. I'm not saying your friend(s) are not infected, I just saying it is a possibility. We have seen many cases where a person has been acused of sending spam mails when it is not coming from them of their PC. Their email accounts/passwords were stolen by information stealers ( quite common ).

floridaze said: ↑

but if anybody else out there would know if there's one (or more) particular malware program attacking webmail accounts, it would make my life a lot easier in telling these gazillions of victims exactly what to look for.
Click to expand...

There is no one stop solution as stated because there are hundreds if not thousands of infections doing this with many more arriving each day and week. 5,000 to 10,000 malware websites are created each day.

If your friends have properly updated protection software installed and they are not warning them at all about any problems then they need to run tools/scans like we use and have an expert review logs to look for potential problems.

A couple quick starting points I would suggest are looking for the below infections:

Master Boot Record

TDSS (aka TDL3 and TDL4 aka Alureon) - Each month more that 250,000 PC have been getting TDSS type infections

If your friends do not want to spend the time to clean their PCs and also protect their own securiy then there is not much you can do about it. You can lead a horse to water but you cannot make him drink. If they have had their email account passwords stolen, who knows what other passwords may have been stolen especially if they are foolish and use the same password for many different things.

floridaze · Sep 18, 2010

chaslang said: ↑

It can still be their email address and not come from them. If some one has stolen their email account and password, it can come from anywhere. I'm not saying your friend(s) are not infected, I just saying it is a possibility. We have seen many cases where a person has been acused of sending spam mails when it is not coming from them of their PC. Their email accounts/passwords were stolen by information stealers ( quite common ).

I understand, I truly, truly understand. I'm well-acquainted with spoofing -- a piece of malware culling a victim's contact list and sending out spam that appears to be from an address from that list. But please believe me, in this particular case, when I contact the sender, the person/address that it appears to be from, they say something like, "yes, I just discovered this morning that my account had been hacked, and I'm working on it and SO sorry for all the trouble." Or they'll say that XYZ malware program found the bugger and nuked it, at least those who are smart enough to have said programs. It honestly is the sender in the sender field who is infected in the cases which I'm speaking of, if we could please close the book on that. I don't mean to sound nasty. It's just that I truly do understand spoofing, as stated before, and this is not it.

There is no one stop solution as stated because there are hundreds if not thousands of infections doing this with many more arriving each day and week. 5,000 to 10,000 malware websites are created each day.

I understand that too. I'm just harking back to the days of Klez and such when it was obvious which virus it was doing the bidding. (That was also a perfect example of spoofing.) This is always the exact same type of email, exact same type of site in the links, and I just thought that perhaps enough others reading this may have experienced it enough to have pinpointed. But it's not the thousands of malware websites created every day which are doing the spamming, by the way. For all appearances, it's a keylogger on these victims' machines which is hacking passwords.

A couple quick starting points I would suggest are looking for the below infections:

Master Boot Record

TDSS (aka TDL3 and TDL4 aka Alureon) - Each month more that 250,000 PC have been getting TDSS type infections

If your friends do not want to spend the time to clean their PCs and also protect their own securiy then there is not much you can do about it. You can lead a horse to water but you cannot make him drink.

Understood. I'll gladly pass that along to these friends and total strangers and fellow members of groups and forums who are compromised. And agreed; I can't force some jackwagon to get with the (anti-malware) program. Again, I was just hoping that somebody may be familiar with the problem of which I speak and may have it pinpointed to (XYZ Name) so that I could simply send them a link to the appropriate removal tool. I understand that it's rare to get that lucky these days.

I'll certainly keep all your info on hand, and I thank you kindly for your time. Have a great weekend.
Click to expand...

chaslang · Sep 18, 2010

You're welcome. Surf safely.

Log in or Sign up

Webmail accounts being hacked/infected

floridaze Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

floridaze Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

floridaze Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

Log in or Sign up

Webmail accounts being hacked/infected

floridaze Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

floridaze Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

floridaze Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

Useful Searches