Boards.ie uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Click here to find out more x
Post Reply  
 
 
Thread Tools Search this Thread
21-12-2007, 19:53   #1
 
Join Date: Jan 2006
Posts: 453
Yahoo mail security issue!!

Hi all,
I just received a failure notification in my in box for spam mail to everybody in my address book, I think it was sent to some. How worried should i be about this? I visited the dodgy site after I saw a link for it here on boards, people were discussing how dodgy it looked and I got curious. I never put in any details on there page.. and I have run spybot but it found nothing. If they can get into my mail and disgrace me, what about my online banking etc..
Offalycool is offline  
Advertisement
21-12-2007, 20:02   #2
 
Join Date: Jun 2003
Posts: 2,290
This is new and there isn't a lot of info about it

Is your password saved in your browser (so you don't have to enter it every time you log in?).
aphex™ is offline  
21-12-2007, 20:07   #3
 
Join Date: Jan 2006
Posts: 453
No. have to type it in everytime.
Offalycool is offline  
21-12-2007, 20:10   #4
 
Join Date: Jan 2006
Posts: 453
link to post on boards about it.. http://www.boards.ie/vbulletin/showt...p?t=2055203207

In the email the link to the shop is http://www.ems.com.cn/english-main.jsp

Cant be sure but i think its them as its the only dodgy site i've visited recently
Offalycool is offline  
21-12-2007, 20:12   #5
 
Join Date: Jun 2003
Posts: 2,290
What browser were you using? Were you logged into your mail at the time (in another tab perhaps)?

You need to run programs like spybot search and destroy on your pc. Should be a sticky in this forum with links to several of them.

I think your online banking is fairly ok. Just to be sure you could try changing your password and not logging in till you get your pc clean.
aphex™ is offline  
Advertisement
21-12-2007, 20:22   #6
 
Join Date: Jan 2006
Posts: 453
thing is I was using online banking just before I checked my mail. I was using Firefox, lateist I think. It is possable my mail was open in another tab but I doubt it.
Offalycool is offline  
22-12-2007, 01:41   #7
ve
 
Join Date: Oct 2004
Posts: 442
Could this be a Gmail Virus?

I opened my mail a while ago to find several bounced and auto-responder messages to a mail I did not send from my gmail account. I know it's fairly easy to spoof an email address, but gmail has a record of the "sent mail" (and the sent time) and which was sent to everybody in my Gmail Contacts.

Some info

Mail Subject: hi
Mail Content:
Dear friends:
We are a wholesaler which deal with electronic products,
such as: Mobile,TV,PC,DV,DC,games,MP3 Even motorcycles and
musical instruments. Delivering our items by EMS to our customers around the world,
Accept Paypal Banktransfer and Moneygramwe
We have good coorpation relationships with many international customers,
for we can accept Paypal Banktransfer and Moneygram .
Welcome to our website and enjoy your purchasing.
This is the historical tracking number of sending goods to our customer:
You can check it on the follow site
http://www.ems.com.cn/english-main.jsp
EA930262013CN EA976382613CN
EA973112824CN EA977323695CN
EA554484521CN EA973243419CN
EA761266607CN EA914395325CN
Hopefully we can do business together .
Yours faithfully
Email---fly.6688@hotmail.com
MSN---fly.6688@hotmail.com
Website---www.fly6688.com
your faithfully


...and then it goes on to list some electronic goods. The mail contains links, none of which I have clicked. What has me amazed though is that it was able to collect all my Contact details from my Gmail account. So this thing is able to collect addresses from web based accounts!. There also doesn't seem to be any attachments to the emails being sent either.

What's bothering me is that I'm pasting random snippets of text in to google from the message that was sent from my account in hope to find the culprit but I'm finding nothing so far.

Does anyone know what this is? or how to stop it?. I'm assuming that it's not from a virus on my home PC, because it was not turned on at the time the mail was sent. I wasn't even in the house at the time.
ve is offline  
22-12-2007, 06:14   #8
 
Join Date: Jun 2003
Posts: 2,290
Sounds like it is a site that steals the cookie after you've logged in to gmail/popular webmail services and uses it to get access.

You need to scan your pc with several spybot programs just in case.
aphex™ is offline  
22-12-2007, 15:30   #9
zenith
Registered User
 
zenith's Avatar
 
Join Date: May 2000
Posts: 747
Exactly the same gmail issue as ve

I'd like to get to the bottom of this too.

- I cleared the contact list and the contents of the account (I was in a position to), and changed the password.

- I've added a single account to contacts to see if it activates again

- I can't say for certain that I was logged into the account at the point that the mail was sent

- The account details are used for other services - blogger, at least.

- Gmail does not appear to say what IP messages originate from, so I can't tell if it was my own machine or another that 'inserted' the message. That would be useful, Google.

- If this is spyware, it's doing it from a fully-patched XP machine running the latest version of Symantec, with yesterdays' definitions. Annoying.

- I'm also running a full scan now, just in case. I've reviewed my browsing history in the last 2-3 days, and nothing jumps out at me. Am willing to compare history with someone else to see if there is any overlap.

- Justin Mason is writing about it on his blog.
zenith is offline  
Advertisement
22-12-2007, 17:06   #10
 
Join Date: Jan 2006
Posts: 453
This is the exact same thing that happened to me but I posted the wrong link fom the email above. I changed my password a few times in Yahoo, so we will se what happens. I contacted everyone the mail was sent to to warn them, I even went so far as to remove all my contacts from the account. I am convinced It was the website www.oeuom.com that nicked my login details. I'm not clicking on the site again but i'm sure the same hotmail contact details were in the site.
Offalycool is offline  
22-12-2007, 18:04   #11
zenith
Registered User
 
zenith's Avatar
 
Join Date: May 2000
Posts: 747
By any chance can you check the headers of the mail that was sent: as I mentioned, gmail does not include the originating IP, so I can't see if it was my machine or another IP that actually logged into gmail to send the message - but you might be able to confirm that.

Even if you're not on the same IP now as you were at the time, because you're not on a fixed IP, you won't be on a different ISP, so we'll be able to tell what happened, at least a little, if you give us detail from the bounce.
zenith is offline  
22-12-2007, 18:11   #12
 
Join Date: Jan 2006
Posts: 453
I think this might be what u are looking for. It's from the failure notification. It's not my IP.

Received: from [222.88.244.220] by web27101.mail.ukl.yahoo.com via
HTTP; Fri, 21 Dec 2007 14:10:33 GMT
Date: Fri, 21 Dec 2007 14:10:33 +0000 (GMT)
Offalycool is offline  
23-12-2007, 10:07   #13
zenith
Registered User
 
zenith's Avatar
 
Join Date: May 2000
Posts: 747
Right, that's a Chinese IP, unsurprisingly:

220.244.88.222.broad.ny.ha.dynamic.163data.com.cn

They may not have been on your machine at all in that case: but they did have your password, I'm guessing.

Anybody else that isn't a Gmail user see this, and can confirm?
zenith is offline  
23-12-2007, 16:14   #14
ve
 
Join Date: Oct 2004
Posts: 442
I don't think that this attack was manually conducted by an individual/group that obtained our email passwords. I'm waiting to see the name of a new worm crop up, that is capable of harvesting information from web based email accounts. I do believe however, that browsing the web while you have an active mail session open (especially with Gmail) is a bad idea.

Does anyone know how this could have happened? I've gutted by home PC since the attack took place, and even before that there was nothing suspicious executing locally. I'm not too bothered about what it did (well what I think it has done), but I do want to know how it happened. I have hardened my Gmail account to the best of my ability, but am still not confident that this could happen again.

Anybody have any more leads?

Has this happened to anyone else since?
ve is offline  
23-12-2007, 16:49   #15
 
Join Date: Jun 2003
Posts: 2,290
I've heard of people stealing live Gmail cookies while on your wireless network. What i mean is cookies can be transferred (stolen) and used. To be clear I'm not suggesting this has anything to do with a wireless network, just refering to a specific incident where I know a cookie was nicked. A website could be configured to do the same thing when you visit it.

So I believe the mentioned website might nick your cookie. There are unresolved security holes in Apple quicktime and Adobe flash at the moment I think, probably a few undisclosed vulnerabilities in firefox, IE. etc Any program could be used to access your cookies once a vulnerability exists in it.
aphex™ is offline  
Post Reply

Quick Reply
Message:
Remove Text Formatting
Bold
Italic
Underline

Insert Image
Wrap [QUOTE] tags around selected text
 
Decrease Size
Increase Size
Please sign up or log in to join the discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search



Share Tweet