Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Yahoo mail security issue!!

  • 21-12-2007 7:53pm
    #1
    Closed Accounts Posts: 459 ✭✭


    Hi all,
    I just received a failure notification in my in box for spam mail to everybody in my address book, I think it was sent to some. How worried should i be about this? I visited the dodgy site after I saw a link for it here on boards, people were discussing how dodgy it looked and I got curious. I never put in any details on there page.. and I have run spybot but it found nothing. If they can get into my mail and disgrace me, what about my online banking etc..


Comments

  • Closed Accounts Posts: 2,338 ✭✭✭aphex™


    This is new and there isn't a lot of info about it

    Is your password saved in your browser (so you don't have to enter it every time you log in?).


  • Closed Accounts Posts: 459 ✭✭Offalycool


    No. have to type it in everytime.


  • Closed Accounts Posts: 459 ✭✭Offalycool


    link to post on boards about it.. http://www.boards.ie/vbulletin/showthread.php?t=2055203207

    In the email the link to the shop is http://www.ems.com.cn/english-main.jsp

    Cant be sure but i think its them as its the only dodgy site i've visited recently


  • Closed Accounts Posts: 2,338 ✭✭✭aphex™


    What browser were you using? Were you logged into your mail at the time (in another tab perhaps)?

    You need to run programs like spybot search and destroy on your pc. Should be a sticky in this forum with links to several of them.

    I think your online banking is fairly ok. Just to be sure you could try changing your password and not logging in till you get your pc clean.


  • Closed Accounts Posts: 459 ✭✭Offalycool


    thing is I was using online banking just before I checked my mail. I was using Firefox, lateist I think. It is possable my mail was open in another tab but I doubt it.


  • Advertisement
  • Closed Accounts Posts: 448 ✭✭ve


    I opened my mail a while ago to find several bounced and auto-responder messages to a mail I did not send from my gmail account. I know it's fairly easy to spoof an email address, but gmail has a record of the "sent mail" (and the sent time) and which was sent to everybody in my Gmail Contacts.

    Some info

    Mail Subject: hi
    Mail Content:
    Dear friends:
    We are a wholesaler which deal with electronic products,
    such as: Mobile,TV,PC,DV,DC,games,MP3 Even motorcycles and
    musical instruments. Delivering our items by EMS to our customers around the world,
    Accept Paypal Banktransfer and Moneygramwe
    We have good coorpation relationships with many international customers,
    for we can accept Paypal Banktransfer and Moneygram .
    Welcome to our website and enjoy your purchasing.
    This is the historical tracking number of sending goods to our customer:
    You can check it on the follow site
    http://www.ems.com.cn/english-main.jsp
    EA930262013CN EA976382613CN
    EA973112824CN EA977323695CN
    EA554484521CN EA973243419CN
    EA761266607CN EA914395325CN
    Hopefully we can do business together .
    Yours faithfully
    Email---fly.6688@hotmail.com
    MSN---fly.6688@hotmail.com
    Website---www.fly6688.com
    your faithfully


    ...and then it goes on to list some electronic goods. The mail contains links, none of which I have clicked. What has me amazed though is that it was able to collect all my Contact details from my Gmail account. So this thing is able to collect addresses from web based accounts!. There also doesn't seem to be any attachments to the emails being sent either.

    What's bothering me is that I'm pasting random snippets of text in to google from the message that was sent from my account in hope to find the culprit but I'm finding nothing so far.

    Does anyone know what this is? or how to stop it?. I'm assuming that it's not from a virus on my home PC, because it was not turned on at the time the mail was sent. I wasn't even in the house at the time.


  • Closed Accounts Posts: 2,338 ✭✭✭aphex™


    Sounds like it is a site that steals the cookie after you've logged in to gmail/popular webmail services and uses it to get access.

    You need to scan your pc with several spybot programs just in case.


  • Registered Users Posts: 785 ✭✭✭zenith


    Exactly the same gmail issue as ve

    I'd like to get to the bottom of this too.

    - I cleared the contact list and the contents of the account (I was in a position to), and changed the password.

    - I've added a single account to contacts to see if it activates again

    - I can't say for certain that I was logged into the account at the point that the mail was sent

    - The account details are used for other services - blogger, at least.

    - Gmail does not appear to say what IP messages originate from, so I can't tell if it was my own machine or another that 'inserted' the message. That would be useful, Google.

    - If this is spyware, it's doing it from a fully-patched XP machine running the latest version of Symantec, with yesterdays' definitions. Annoying.

    - I'm also running a full scan now, just in case. I've reviewed my browsing history in the last 2-3 days, and nothing jumps out at me. Am willing to compare history with someone else to see if there is any overlap.

    - Justin Mason is writing about it on his blog.


  • Closed Accounts Posts: 459 ✭✭Offalycool


    This is the exact same thing that happened to me but I posted the wrong link fom the email above. I changed my password a few times in Yahoo, so we will se what happens. I contacted everyone the mail was sent to to warn them, I even went so far as to remove all my contacts from the account. I am convinced It was the website www.oeuom.com that nicked my login details. I'm not clicking on the site again but i'm sure the same hotmail contact details were in the site.


  • Registered Users Posts: 785 ✭✭✭zenith


    By any chance can you check the headers of the mail that was sent: as I mentioned, gmail does not include the originating IP, so I can't see if it was my machine or another IP that actually logged into gmail to send the message - but you might be able to confirm that.

    Even if you're not on the same IP now as you were at the time, because you're not on a fixed IP, you won't be on a different ISP, so we'll be able to tell what happened, at least a little, if you give us detail from the bounce.


  • Advertisement
  • Closed Accounts Posts: 459 ✭✭Offalycool


    I think this might be what u are looking for. It's from the failure notification. It's not my IP.

    Received: from [222.88.244.220] by web27101.mail.ukl.yahoo.com via
    HTTP; Fri, 21 Dec 2007 14:10:33 GMT
    Date: Fri, 21 Dec 2007 14:10:33 +0000 (GMT)


  • Registered Users Posts: 785 ✭✭✭zenith


    Right, that's a Chinese IP, unsurprisingly:

    220.244.88.222.broad.ny.ha.dynamic.163data.com.cn

    They may not have been on your machine at all in that case: but they did have your password, I'm guessing.

    Anybody else that isn't a Gmail user see this, and can confirm?


  • Closed Accounts Posts: 448 ✭✭ve


    I don't think that this attack was manually conducted by an individual/group that obtained our email passwords. I'm waiting to see the name of a new worm crop up, that is capable of harvesting information from web based email accounts. I do believe however, that browsing the web while you have an active mail session open (especially with Gmail) is a bad idea.

    Does anyone know how this could have happened? I've gutted by home PC since the attack took place, and even before that there was nothing suspicious executing locally. I'm not too bothered about what it did (well what I think it has done), but I do want to know how it happened. I have hardened my Gmail account to the best of my ability, but am still not confident that this could happen again.

    Anybody have any more leads?

    Has this happened to anyone else since?


  • Closed Accounts Posts: 2,338 ✭✭✭aphex™


    I've heard of people stealing live Gmail cookies while on your wireless network. What i mean is cookies can be transferred (stolen) and used. To be clear I'm not suggesting this has anything to do with a wireless network, just refering to a specific incident where I know a cookie was nicked. A website could be configured to do the same thing when you visit it.

    So I believe the mentioned website might nick your cookie. There are unresolved security holes in Apple quicktime and Adobe flash at the moment I think, probably a few undisclosed vulnerabilities in firefox, IE. etc Any program could be used to access your cookies once a vulnerability exists in it.


  • Registered Users Posts: 785 ✭✭✭zenith


    It'd be interesting to decompile the flash movie running on that site, since Flash appears to be going through a scare at present ...

    [edit] Actually, just did it, using http://www.eltima.com/products/flashdecompiler/ - nothing that I can see in there.


  • Closed Accounts Posts: 2 pdudenhefer


    This morning with my computer turned off an email was sent to everyone in my address book. I have since ran 2 virus scans(found nothing)and 2adaware scans.I have changed the password.Is there anything else that I can do to stop this.


  • Closed Accounts Posts: 459 ✭✭Offalycool


    Hi, This happened to me a few weeks ago. I ran scans, cleaned my information from temp folders etc using ccleaner, and changed my password. I also contacted everyone who received spam mail from my account to warn them. This should do it as I have not had any more problems. P.S use https://mail.yahoo.com instead of just http:// as it is secure, I think they are stealing the info from cookies. Good luck.


  • Closed Accounts Posts: 2 pdudenhefer


    Thanks offalycool. I basicly did the same thing yesterday and I was clean this morning.No problems.However last night it seemed as I lost control of my computer for almost an hour.Spybot said I had a change in my start up files.I couldnt get on the net and it took forever for my programs to start.I ran Mechanic,Adaware and Avg. and though nothing was found,everything started working normally again.I have Linksys as I have a desktop and a laptop so before going to bed I unplugged the desktop and signed out of the laptop.Like I said -No problems so far.
    Again,thanks for yourhelp


  • Registered Users Posts: 89 ✭✭dave878


    This morning with my computer turned off an email was sent to everyone in my address book. I have since ran 2 virus scans(found nothing)and 2adaware scans.I have changed the password.Is there anything else that I can do to stop this.

    did you change the password from a different machine ?

    maybe u have a new keylogger

    also, try cain & abel
    it can show most stored passwords
    you probably always click no, but maybe just once, you clicked yes


  • Registered Users Posts: 1,530 ✭✭✭CptSternn


    Question -

    None of ye are members of any social networks are you? For example sites like MySpace, Facebook, Bebo, etc. all ask for your email login details to add your contacts list from your mail to your friends that match emails in their list.

    There are a dozen bogus sites, plus phishing emails, which all look to get your information in the same manner.

    One of the best ones I have seen was in the comments of a myspace page. It re-wrote the comment field so when you clicked 'reply' it took you to a login page that looked exactly like the MySpace login page - only it was on a server in China.

    Most users wouldn't notice and just think their session expired and log in again, which then redirects them back to the real site, after storing their login credentials and of course then giving hackers access to their myspace account AND their email credentials if they ever added their contact mail list to their friends list.

    Anyone who is having issues here use any social networking sites where they may have inadvertently given out their password by accident in this manner?


  • Advertisement
  • Closed Accounts Posts: 1 phzapata


    Hi... I was a victim too... get into my mail and saw a bunch of postmaster's mails when I haven't sent anything since yesterday morning...

    I use IE. I only check my mail account in two computers: my home and my work (and I am ony user on both). I am not in any social network like facebook, MySpace, etc (a long list of friends and contacts are, but I can't rememeber to use any of those). I'm in a very few forums, mostly like this one (security, virus, processes); and I don't give my passwords to anyone, even less a website (like those of "you want to know who blocked you from msn" things).

    Check with mcafee, symantec online (both, security and antivirus) ans spybot. Nothing. Spybot even congratulate me for having zero bots jajaja.

    How can this happened? How can I prevent it? Erase temps, change passwords, increase security....

    Anything else? :mad: (sorry for my english if something's wrong jeje)

    PS. I even check my sent messages and they were there.. like i rally get into my account and sent them


Advertisement