Wife's e-mail hacked?

[America's Patriot]

You're probably okay, but this is why I tell everyone I know to stay away from the free public accounts. The only thing I use these accounts for is for when I'm filling out a form and it requires an email address.

[Fight4Freedom]

You cannot rely on anti virus and malware detection software to prevent all computer viruses anymore.

They are coming out too fast and they are extremely well written. By the time most viruses are detected they are several days to weeks old and have already been morphed and have done their dirty work.

Be very careful if you have any "special" pictures of your wife or girlfriend on any computer in your network. I'm not by ANY means suggesting you would. But some might.

The number one industry on the Internet unfortunately is porn and much of the pornography is actually stolen right off people's private computers.

Very often, the ONLY way to completely clean a system is to wipe the hard drive with a product such as DBAN (which also cleans the MBR and boot sectors). Then reinstall from known clean recovery or reinstall disks.

Also install a product such as Peerblock and block those countries on the Spamhaus (and others) hot list. I block pretty much all countries except the USA, Canada and Austrailia. With Peerblock you can also see what IP addresses your computer is connecting to. I use a hardware firewall but they can get expensive.

Sorry you are having this problem.

[Fight4Freedom]

Quote:

Originally Posted by Dude111

Somehow ppl are getting peoples passswords..... I have had 4 or 5 friends on Yahoo get thier password compromised (One got his compromised 2 times) and 1 on gmail.......

HOW IS IT DONE???? -- I HAVE NO IDEA!!!!!!

Normally this occurs because they use easily guessable passwords.

Some people actually use stuff like the Month and year (May / 2012) or 1234 / 4321 etc as their username and password. Or even their first name as the username and last name as the password. Duh.

No wonder it happens so often. There was a big article recently where they discovered that an unbelievable number of people use incredibly easy to guess username and password combinations.

[fetzer85]

Quote:

Originally Posted by Fight4Freedom

You cannot rely on anti virus and malware detection software to prevent all computer viruses anymore.

They are coming out too fast and they are extremely well written. By the time most viruses are detected they are several days to weeks old and have already been morphed and have done their dirty work.

Be very careful if you have any "special" pictures of your wife or girlfriend on any computer in your network. I'm not by ANY means suggesting you would. But some might.

The number one industry on the Internet unfortunately is porn and much of the pornography is actually stolen right off people's private computers.

Very often, the ONLY way to completely clean a system is to wipe the hard drive with a product such as DBAN (which also cleans the MBR and boot sectors). Then reinstall from known clean recovery or reinstall disks.

Also install a product such as Peerblock and block those countries on the Spamhaus (and others) hot list. I block pretty much all countries except the USA, Canada and Austrailia. With Peerblock you can also see what IP addresses your computer is connecting to. I use a hardware firewall but they can get expensive.

Sorry you are having this problem.

We don't have any pics/videos like that, thankfully. That would be bad!

Thank you for the suggestions. I'll check out the peerblock, sounds worthwhile.

Also the Malwarebytes finished, 34min later 'no infected files found'. (keeping my fingers crossed)

[fetzer85]

Quote:

Originally Posted by speedofl33t

Check if the email is actually sent from your IP or if it just used a bogus sender.

How would one go about checking this?

When I log into her account and go to the sent folder, the message is in there. I'm guessing I need to do something else to check the IP...

[speedofl33t]

Somewhere in the options there is a "show original" which gives you the raw code of the email. You can follow the path through which the email is sent in there. I know, they didn't make it easy for you!

[63B]

I had the same thing happen with my yahoo. Sent some spammy work at home emails with my name on it to a friend, my mother, and sister. They end up trying to get your bank account info. Deleted my email account and wiped my phone. Hopefully nothing still in there. About a week ago google admin emailed me that someone had tried to log in to my gmail on an unregistered device. Had to change passwords and stuff. Never be too careful anymore.

[RZRBACK]

It is a Spam marketing link to onlinenewmarket - a site also loaded with trojans. Be happy the redirect did not work. If you haven't already changed all of her passwords, you need to - anything that was ever communicated to or from that gmail account is now compromised - don''t stop with just changing the gmail p'word, change EVERYTHING.

[Amra910]

Quote:

Originally Posted by fetzer85

We don't have any pics/videos like that, thankfully. That would be bad!

Thank you for the suggestions. I'll check out the peerblock, sounds worthwhile.

Also the Malwarebytes finished, 34min later 'no infected files found'. (keeping my fingers crossed)

Go get emsisoft. You may be surprised what you have. As of right now it is the only program that has been tested that can detect 100%. Malwarebytes is only 98%.

http://www.emsisoft.com/en/software/eek/

[fetzer85]

Quote:

Originally Posted by speedofl33t

Somewhere in the options there is a "show original" which gives you the raw code of the email. You can follow the path through which the email is sent in there. I know, they didn't make it easy for you!

OK, here's what I found...

Quote:

MIME-Version: 1.0
Received: by 10.50.82.104 with HTTP; Wed, 14 Nov 2012 00:18:51 -0800 (PST)
Date: Wed, 14 Nov 2012 03:18:51 -0500
Delivered-To: wife's [email protected]
Message-ID: <CAP5PXT4WZoxunLeKD7fv4C8UipW+9=otvc0ZCcsvmWJgSD02 [email protected]>
Subject:
From: wife's name <wife's [email protected]>
To: wife's [email protected], wife's work email, my [email protected],
dad's work email
Content-Type: text/plain; charset=ISO-8859-1

http://selfhelp.stupere.com/wp-conte...a/ugoogle.html

Could someone translate what that means for me?

Also I'm going to try emsisoft right now. Sorry Amra - I must have overlooked your first post telling me to do this.

[fetzer85]

Emsisoft finished running, no objects found.

[Hashashin]

Sounds like email spoofing to me.


Probably has nothing to do with your computer or a virus at all.

[evialvatar]

sounds like a malware thing or email spoof. report it if you feel better doing so than watch what you access and make sure your virus scan software and firewall software are up dated.

Back when I played at hacking I saw similar items that were used to gather data on your IP address and user activity. The most common use of items like this now is to get you to buy scareware thinking you have a virus. Sometimes it's used to gather port data for an attack later or as part of an e-mail bomb to crash a particular companies servers and discredit them. (haven't heard anthing about an attack on google, but they are pretty silent most of the time til after the fact)


If you delete most of the host address junk you'll see it is actually a real site selling self help materials. They're mostly a scam Could be a way the website is able to send out adverts without getting in trouble for selling crap.

[Amra910]

Quote:

Originally Posted by fetzer85

Emsisoft finished running, no objects found.

Nice, good job. I thought my computer was clean using AVG, Malware ]bytes & Spybot until I ran it.

There is good chance she or someone opened and bad email that spamed out of the address book.

For passwords I use a password vault, CGPWord. It has no backdoor so if you forget your password to it, well don't. I also use it off a flash drive so it is not on the computer. Use it by copying and pasting. That way the only keystrokes seen are those but not what you are copying & pasting. Maybe look into something like that.

Also look into a random password generator like PCTools. I am even using it now for user names. User names between 8-10 cheracters. Passwords anywhere from 16-32 cheracters, depending on the web site. Financial gets 32, as long as they accept that length.

Those security questions that are asked on some sites. Do not answer with a real answer. By that here is an example. "What is your favorite color?" most people would answer, say, red. I answer with something like California. Better yet use PCTools. CGPWord has a notes field for stuff like that.

With the above advice, are you un-hackable? No, but there is no such thing. You will make it extremly difficult.

Just my humble advice for anyone who will listen.

[augoldminer]

Email spoofing after some one hack someone on your wife's email list computer.

The problem is with someone else on the list's computer.

[TheLastOutpost]

whois onlinenewmarket.com

The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain Name: ONLINENEWMARKET.COM

Registrant:
Ludwika Tomaszewska
Ludwika Tomaszewska ([email protected])
ul. Dlugi Targ 81
Gdansk
Gdansk,80-830
PL
Tel. +48.799093471

Creation Date: 18-Oct-2012
Expiration Date: 18-Oct-2013

Domain servers in listed order:
ns1.dnsexit.com
ns2.dnsexit.com
ns3.dnsexit.com
ns4.dnsexit.com


Administrative Contact:
Ludwika Tomaszewska
Ludwika Tomaszewska ([email protected])
ul. Dlugi Targ 81
Gdansk
Gdansk,80-830
PL
Tel. +48.799093471

Technical Contact:
Ludwika Tomaszewska
Ludwika Tomaszewska ([email protected])
ul. Dlugi Targ 81
Gdansk
Gdansk,80-830
PL
Tel. +48.799093471

Billing Contact:
Ludwika Tomaszewska
Ludwika Tomaszewska ([email protected])
ul. Dlugi Targ 81
Gdansk
Gdansk,80-830
PL
Tel. +48.799093471

Status:LOCKED
Note: This Domain Name is currently Locked. In this status the domain
name cannot be transferred, hijacked, or modified. The Owner of this
domain name can easily change this status from their control panel.
This feature is provided as a security measure against fraudulent domain name hijacking.

The data in this whois database is provided to you for information purposes only,
that is, to assist you in obtaining information about or related
to a domain name registration record. We make this information available "as is",
and do not guarantee its accuracy. By submitting a whois query, you agree that you will
use this data only for lawful purposes and that, under no circumstances will you use this data to:
(1) enable high volume, automated, electronic processes that stress
or load this whois database system providing you this information; or
(2) allow, enable, or otherwise support the transmission of mass unsolicited,
commercial advertising or solicitations via direct mail, electronic mail, or by telephone.
The compilation, repackaging, dissemination or other use of this data is expressly prohibited without
prior written consent from us. The Registrar of record is Trunkoz Technologies Pvt Ltd. d/b/a OwnRegistrar.com.
We reserve the right to modify these terms at any time.
By submitting this query, you agree to abide by these terms.
************************************************** *********************************

Trunkoz Technologies Pvt Ltd. d/b/a OwnRegistrar.com
Jyoti Bldg, B Wing 2nd Floor
Behind Paradise Tower, Gokhale Road, Thane (West)
Mumbai Maharashtra 400602
India
91 (22) 6781-6658
[email protected]

OwnRegistrar is a White Labeled Domain Registrar which offers Domain Name Registration services to large corporates, small companies, Web Hosting providers, individuals, domain resellers, etc. OwnRegistrar offers all the top TLDs through its Channel Partners
************************************************** **************************************

My guess is that your addy was 'borrowed' by some anon users in India for one reason or another. Change the password to something complex or ditch the account. Also check your spam folder to ensure your user IDs aren't being used to sign you up for stuff at random

[fetzer85]

Thanks to everyone for your help. I'll consider this one case closed unless something else comes up.