help!!!!

kerash

Someone just hacked? into my sisters hotmail account, the password was changed in front of her eyes as she tried to beat them to it, it just happened, what's the best thing to do, there would be saved messages with private info, possible passwords for other accounts etc:eek:

Advice please

Furiously trying to change all passwords, contacts in her email account have been emailed by this japanese it seems person... anyone know how this happened, how did they get the password, have cancelled credit card for safety. could this person continue to get info through her system, she using an apple mac.

• think it may have originated from spam {ioffar site}
• my sis was never on this site but through google i see many have been hacked through, ebay accounts etc.
• several of my sisters contact have received and email (including myself:eek:) it was titled "friend i'm Ash" - which i sent straight to junk...
• Think it originates from hong kong.

:eek: cant believe this shoite, would rather be watching germany v poland:(

_CreeD_

'.... in front of her eyes"?
Er....You mean she could see this happening on her machine? If so then you have much bigger problems, they didn't hack her hotmail account they have complete control of the system. Format/Reinstall, and if you have any other networked PCs do the same. Also if you changed those passwords while on that machine do them again from one you KNOW is clean.

kerash

_CreeD_ wrote: »

'.... in front of her eyes"?
Er....You mean she could see this happening on her machine? If so then you have much bigger problems, they didn't hack her hotmail account they have complete control of the system. Format/Reinstall, and if you have any other networked PCs do the same. Also if you changed those passwords while on that machine do them again from one you KNOW is clean.

oh please dont frighten the shiz outta me. ya she could see it being changed as she tried to change it. passwords were changed on a clean machine, but still not feeling secure that she should use it, not knowing if its at risk. I think taking it to an expert to have a look would be the best course of action.

_CreeD_

Yup the machine's completely compromised if the attacker had remote control. Wipe and reinstall, don't try disinfecting it. Treat any data that was on it as compromised. If the attacker made taking the Hotmail account so obvious then there are 2 possibilities, either the way in which they took control was volatile (e.g. they managed to temporarily inject a control into the system hat would be destroyed on reboot) and they needed to act quickly or they already got everything they needed and didn't care about detection, in which case Hotmail was the very last thing they needed to do. You can't take the risk of it being the latter, 'take off and nuke it from space...the only way to be sure....'.

Good job canceling the CC cards and changing the passwords btw., the lady owes you her identity and probably many months of trying to climb back out of the hole they'd dig her into.

jobucks08

Hi Kerash,

Same thing happened to me on Thursday, my hotmail password was changed and my secret question was changed to chinese and the answers were changed also.. everyone in my contacts list received that spam email from the same company Ioffar.. mine said Hi friend, I'm Joanne, which is disturbing considering my name is not in my email address.. this means whoever it was had a good old poke through my emails and found out what my name was.
I've reported it to Microsoft, who unexpectedly got back to me very promptly with a series of security questions and they will verify your IP address along with a number of other things. I'm hoping that I will have it unlocked soon, but in the meantime they have deactivated it so that no further mails can be sent..
Really disturbing though considering we do keep a lot of information in emails which we don't think is that sensitive at the time.
J

4bugny

This happened me today. What steps should I take now? (On 2 computers, one at work and one at home). Can they get info on files stored on my desktop? I hadn't opened any dodgy attachments by the way.

jobucks

hi 4bugny,

Submit a help ticket to Microsoft customer service, I was lucky enough to get mine re-activated today, and was quite surprised at the prompt response,I really wasn't expecting to hear back from them.
When I eventually did get back into my hotmail today, whoever it was that had stolen my password had set up an out off office reply, so that anyone that emailed that address automatically got a reply from it - obviously not your normal reply but more spam and links to that "ioffar" website.

Also trying to find out whatI can about "Ioffar" emailed their contact email address, but it bounced back saying that the address didn't exist.. it looks like the whole website is a front.

Jo

_CreeD_

The days of only getting infected when you open files are over I'm afraid. WORMS can propagate themselves across any network, including the internet, to a vulnerable machine: Mitigation = make sure you are well firewalled and all software is patched.
Web pages can have malicious code directly embedded and/or may use a cross-site scripting attack to basically use one hidden malicious page/frame to snoop on or affect what you are doing on a legitimate site: Mitigation = use a secure browser, disable scripting (in Windows the most versatile way to do this is use Firefox and NoScript, I have no idea about MACs though), use software that scans live HTTP traffic for malicious content and a Host Intrusion Prevention System - many current antivirus products are integrating these last 2 so it's not as daunting as it sounds. Standard anti-virus is not effective enough anymore, just like corporations you need to adopt a defense-in-depth approach to your home systems.

And lastly again guys, format and reinstall. The compromise is too serious, your existing security systems obviously failed you and (no offense, just saying this for your own beneift) you don't know enough about your systems to notice if there is any trace of the infection left.

4bugny

You can obviously tell I know next to nothing about computers. I had an anti-virus on the computer but it must not have been strong enough. If I move the files I need to an external hard drive and reformat the computer will the files on the external hard drive be infected

kerash

Just an update on this side, yep microsoft mail were prompt and got back to my sister, however when she followed the steps to get her account back (it involves entering a new password etc) it kept saying incorrect password/username, you've only got 3 attempts so she'd to quit and email them back again, so still waiting to get it sorted.

In a weird way its kind of comforting to hear others have been affected also. I hope ye get fixed up and this doesnt happen to anyone else.

fluffyVW

_CreeD_ wrote: »

The days of only getting infected when you open files are over I'm afraid. WORMS can propagate themselves across any network, including the internet, to a vulnerable machine: Mitigation = make sure you are well firewalled and all software is patched.
Web pages can have malicious code directly embedded and/or may use a cross-site scripting attack to basically use one hidden malicious page/frame to snoop on or affect what you are doing on a legitimate site: Mitigation = use a secure browser, disable scripting (in Windows the most versatile way to do this is use Firefox and NoScript, I have no idea about MACs though), use software that scans live HTTP traffic for malicious content and a Host Intrusion Prevention System - many current antivirus products are integrating these last 2 so it's not as daunting as it sounds. Standard anti-virus is not effective enough anymore, just like corporations you need to adopt a defense-in-depth approach to your home systems.

And lastly again guys, format and reinstall. The compromise is too serious, your existing security systems obviously failed you and (no offense, just saying this for your own beneift) you don't know enough about your systems to notice if there is any trace of the infection left.

Hi I'm the sister of kerash & who's hotmail got hacked.

I'm using a Apple Mac so I'm kinda confused... I had, when I bought my Mac, asked about needing an anti virus & people told me I didn't need one. I'm raging now. I have no idea if I have a virus or not because I have no anti virus on it to look. I'm bringing it in somewhere to get looked at & get a good anti virus on it.

And as my sister was saying Microsoft mail were prompt and got back to me, however when I followed the steps to get my account back (it involves entering a new password etc) it kept saying incorrect password/username, you've only got 3 attempts so I had to quit with only 1 try left and email them back again, so still waiting to get it sorted.

But yes the best thing to do if this happens to you is use a different email (like gmail, yahoo etc.) & probably best to use a different computer too & email Microsoft/Windows Live to reset your password.

4bugny

Just to let ye know after mailing MSN, I have reset my password and am back on hotmail. There was an automated reply setup on it. Heres what it said:-

"If you believe me, please do not hesitate to visit their website, if you have the confidence to buy, please contact them as soon as possible, I can use my personality guarantee that they are the best, thank you!
please visit their website.The website is :www.ioffar.com
You also can contact them by email or MSN.
Their Email is:ioffar@yahoo.com
Their MSN is :ioffar@live.cn"

I have a personality guarantee...........great:p

jobucks

thats exactly the same reply that was set up on mine

fluffyVW

Same here too...

I still didn't get my password reset... It won't work right, I'm still waiting on a reply from Microsoft since yesterday.

I really wanna know how this happened... :mad:

_CreeD_

Macs are decent machines but they are not perfect. Macs as an inherently more secure platform is a myth. For their market share they have an equivalent number of security flaws vs. Windows they just aren't as attractive a target for malware groups as it's a smaller fish in a big pond. I know some of this comes off as offensive and it's really not meant to be, just telling it as I see it, but the majority of people who buy/like/recommend Macs are not very technical (they don't have to be) - the lack of hardware and software options increase predictability and mean Apple can make a more efficient OS, which means as long as the software you want is available for it it's a great choice for anyone who doesn't want to have to tinker much with their system. Bottom line it's not a techy's machine, which makes it generally a bad choice to take technical advice from Mac evangelists as gospel . If you can network it someone somewhere will find a way to fk it up....definitely get a good Av package.

Not putting them down, I might buy the wife one soon enough as it does everything she would need and would be a better choice than a PC as she has no interest in the technical side.

kerash

_CreeD_ wrote: »

Macs are decent machines but they are not perfect. Macs as an inherently more secure platform is a myth. For their market share they have an equivalent number of security flaws vs. Windows they just aren't as attractive a target for malware groups as it's a smaller fish in a big pond. I know some of this comes off as offensive and it's really not meant to be, just telling it as I see it, but the majority of people who buy/like/recommend Macs are not very technical (they don't have to be) - the lack of hardware and software options increase predictability and mean Apple can make a more efficient OS, which means as long as the software you want is available for it it's a great choice for anyone who doesn't want to have to tinker much with their system. Bottom line it's not a techy's machine, which makes it generally a bad choice to take technical advice from Mac evangelists as gospel . If you can network it someone somewhere will find a way to fk it up....definitely get a good Av package.

Not putting them down, I might buy the wife one soon enough as it does everything she would need and would be a better choice than a PC as she has no interest in the technical side.

In a thread asking for a little advise it does come across that your getting your dig in, as you say you're aware some of it comes off as offensive. Thanks for the initial advise, but lets not get into a mac v pc users debate;)

_CreeD_

Wasn't trying to start one. And not being technically minded is not a criticism, which is why I added "they don't have to be". Its just a simple fact that people do not buy Macs to tinker with them, pretty much the opposite in fact as it's simplicity and stability is one of it's selling points so it's attractive to people who have absolutely no interest in the underlying technology. And before that is misconstrued *There's nothing wrong with that* not every PC user is a tech-god and not every Mac user is clueless, it just reduces the chance a bit that the other end-user giving you advice is basing it on solid experience. PC/Mac, Windows/Linux/Blah I don't care, it's down to whatever gets the job done.

p

My GF had the same issue with this on a Windows XP machine on gmail.


I think it might be a javascript worm. e.g. you get spam with some malicious javascript code and it executes when you open the mail, sending mail, sets up an autoresponder, and then propegates like that. Someone wasn't actually connected to her computer at the time.

My mam had something similar happen with another company than ioffar before, so I suspect this is a known exploit of some kind.

I'm at a bit of a loss, and now yahoo deleted my GF's email address because of it and she's got years of email she's lost as well as job applications she's waiting for relies from! Not good at all.