PDA

View Full Version : Customers yahoo email been hacked - advice


joydivision
09-28-2010, 04:35 PM
She is blaming me saying MSE is useless and it hasn't been doing anything she said she downloaded another virus scanner which found lots (I suspect it may be a fake one but she insists it wasn't).

Anyway her Yahoo email account has been hacked and its sending out spam. The emails are clearly in her sent folder. I have not seen the computer yet but two things is there a known worm which affects Yahoo? She insists she has only been using her laptop at home.

All I know at this stage is MSE hasn't found anything.

It might be obvious when I get that it is a virus but does anybody know of a specific virus that infects Yahoo so I know where to look manualy before I start with the scans?

Daifne
09-28-2010, 04:51 PM
Have you told her to change her password yet? Much of the recent hacking has been on the Yahoo site.

joydivision
09-28-2010, 04:57 PM
Any sources? I have tried google but just get silly things. I want to be able to show that MSE is as as good as the free ones get.

I have told her to change her yahoo password :).

Rodrick
09-28-2010, 05:14 PM
http://www.av-comparatives.org/images/stories/test/ondret/avc_od_aug2010.pdf

That link above gives the most recent tests by AV-Comparatives. MSE is in the lower third by detection rates (keep in mind that the difference between it and the first place was ~2%). It was 2nd in the fewest false positives (again, keep in mind that it had 2 false positives, and the worst had 98). There are more tests you can find but that was the most recent that I found.

You might also try and figure out how hard her password would be to brute force as that's the most likely approach. Have her change her security questions as well as those can be trivial to figure out. Lastly the backup email address. Make sure it's one she and she alone has access to.

MobileTechie
09-28-2010, 05:29 PM
She is blaming me saying MSE is useless and it hasn't been doing anything she said she downloaded another virus scanner which found lots (I suspect it may be a fake one but she insists it wasn't).

Anyway her Yahoo email account has been hacked and its sending out spam. The emails are clearly in her sent folder. I have not seen the computer yet but two things is there a known worm which affects Yahoo? She insists she has only been using her laptop at home.

All I know at this stage is MSE hasn't found anything.

It might be obvious when I get that it is a virus but does anybody know of a specific virus that infects Yahoo so I know where to look manualy before I start with the scans?

It does sound like she might have picked up a virus. I understand there are some out there that do this but I don't have any links to back it up, just what people have told me.

If you find she did install a fake AV then you might want to find out exactly when and see if that predates the first spam sent out, in case that is what caused the problem.

But I wouldn't rule out MSE letting a virus through. I've posted about this a couple of times recently. Also the latest guest tech on Podnutz was complaining about how it was letting stuff in and he'd had to stop installing it. I stopped installing it because customers got infected and blamed me. It made me alter what I do - I never uninstall what they have paid for alreadyt, I never just install a free AV without pointing out they are wide open to certain attacks and I try to sell them the full KIS suite if they are currently using a free one. The only time I install it is when they refuse to pay for AV and then I tell them that they are taking a risk but I'll put something on that is at least decent. Whatever I do I make sure they understand nothing is 100%. Complaints have stopped so far. I don't mind if they get infected by their risky behaviour and call me to get it fixed but I do mind them thinking it was my fault.

Anyway you could print this off and take it with you: http://www.av-comparatives.org/images/stories/test/ondret/avc_report26.pdf

This particular report makes MSE out to be very good.

loaner
09-28-2010, 05:36 PM
I want to be able to show that MSE is as as good as the free ones get.


ESET Smart Security 4 (9)
McAfee Internet Security 2010 (8)
Microsoft Security Essentials* (8)
Norton Internet Security 2010 (7)
Bitdefender Internet Security 2010 (7)
Panda Internet Security 2010 (7)
Comodo Internet Security Pro (6)
Avira Antivir Free Edition* (6)
Avast! Internet Security (5)
Trend Micro Internet Security Pro 3.0 (4)

In a nutshell, the article went on to say that ESET continues to be the favorite, McAfee finally redeems itself, MSE is great for cheapskates, and Trend Micro just plain sucks.

source: maximum pc may issue.

tell her 1.open up her pocket book and pay for something 2.change her passwords to something besides her cat's name 3. stay off the scat sights. :p

...goss

joydivision
09-28-2010, 05:37 PM
Erm I wonder if its time to buy some Kaperspy retail boxes. I can get them for 10 a box but they are single user only but are retail.

I think maybe I need to start selling security packages rather than just anti viruses packages though.

Technotch
09-28-2010, 05:40 PM
since you've already asked her to change password. I think your best next move is to scan it with your trusted virus scanner and be done with it. I'd start with mbam if I were you.

kindly ask her not to blame you :D comfort her by telling even business computers with superior security measures also gets hijack :p. she may contact yahoo HERE (http://help.yahoo.com/l/us/yahoo/mail/postmaster/forms_index.html;_ylt=Atkf7wPq1RxDUEP9UpU.cVVDJHdG ?last_url=http://help.yahoo.com/l/us/yahoo/mail/postmaster/feedback/postmaster-30.html) if she wants to complain or investigate. good luck

MrUnknown
09-28-2010, 05:44 PM
what did maximum pc say about Kaspersky?

joydivision
09-28-2010, 05:44 PM
Thats a good idea, even my local police (GMP) got infected a few months back.

lassenpc
09-28-2010, 05:49 PM
You might also try and figure out how hard her password would be to brute force as that's the most likely approach.

Have had several Yahoo (and a couple Hotmail) clients' accounts hacked recently as well; that is one thing I ask them "well, what was your password anyway?" and then have them go to this site:

http://howsecureismypassword.net/ (http://howsecureismypassword.net/)

Which estimates how long a brute password attack would take to crack their password. Don't know exactly how accurate it is, but it does help the EU try and come up with something a little more complicated than 'bingo' for a password.

joydivision
09-28-2010, 05:52 PM
Surely brute force attacks should automaticaly block any acesss attempts though?

loaner
09-28-2010, 06:01 PM
http://www.maximumpc.com/article/features/security_shootout_10_top_antivirus_apps_put_test

Kasper, F-secure...blah, blah....several weren't on there.

...goss

lassenpc
09-28-2010, 06:03 PM
Surely brute force attacks should automaticaly block any acesss attempts though?

Through the normal 'front door' (main login webpage) yes; through a backdoor API, no.

This is a little outdated (Sep 2009) but general theory of how probably still applies:
http://www.scmagazineus.com/rampant-brute-force-attack-against-yahoo-mail/article/149373/

MobileTechie
09-28-2010, 07:00 PM
Erm I wonder if its time to buy some Kaperspy retail boxes. I can get them for 10 a box but they are single user only but are retail.

I think maybe I need to start selling security packages rather than just anti viruses packages though.

I'd definitely start selling one of the better security suites with intrustion protection as well as AV. It's profitable and they get better protection. It's win/win. That's good business.

Hercomputers
09-28-2010, 09:19 PM
She is blaming me saying MSE is useless and it hasn't been doing anything she said she downloaded another virus scanner which found lots (I suspect it may be a fake one but she insists it wasn't).

Anyway her Yahoo email account has been hacked and its sending out spam. The emails are clearly in her sent folder. I have not seen the computer yet but two things is there a known worm which affects Yahoo? She insists she has only been using her laptop at home.

All I know at this stage is MSE hasn't found anything.

It might be obvious when I get that it is a virus but does anybody know of a specific virus that infects Yahoo so I know where to look manualy before I start with the scans?

I had my yahoo email account hacked months ago and instead of changing my password, I just deactivated the hacked email and created a brand one, using a completely different username. Interestingly my 'old' email was sending out Viagria advertisements to both my male and female friends...lol...I still get teased about that now....lol

joydivision
09-28-2010, 09:31 PM
I checked it, it was running Windowes 7 64-bit and no sign of any unusual processes. I did a MWAB scan and ran TDSKILLER and it found nothing.

It seems she had a weak password and an external bot hacked into it.

MobileTechie
09-28-2010, 09:47 PM
So which other AV did she install and what did it claim to find?

joydivision
09-28-2010, 09:57 PM
PC Tools spywarescaredoctor, it found 6 tracking cookies and listed them as a threat :p

iisjman07
09-28-2010, 10:01 PM
Is she using outlook or outlook express? I'm sure we all know how easy it is for a worm to send itself to everyone in the address book

joydivision
09-28-2010, 10:04 PM
No the Yahoo website.

Majestic
09-29-2010, 05:36 AM
She is blaming me saying MSE is useless and it hasn't been doing anything she said she downloaded another virus scanner which found lots (I suspect it may be a fake one but she insists it wasn't).

Anyway her Yahoo email account has been hacked and its sending out spam. The emails are clearly in her sent folder. I have not seen the computer yet but two things is there a known worm which affects Yahoo? She insists she has only been using her laptop at home.

All I know at this stage is MSE hasn't found anything.

It might be obvious when I get that it is a virus but does anybody know of a specific virus that infects Yahoo so I know where to look manualy before I start with the scans?

Funny. I came across exactly this today. SuperAntiSpyware found the culprits (2) and cleaned them. I then went into her yahoo account to discover a bogus secondary email account in it as well. I deleted that account and changed her password. I'll see at the end of the week if the spam has stopped.

(of course I also scanned her pc with autoruns, mbam, trojan remover etc...).

Majestic

HAL
09-29-2010, 07:37 AM
Might be that she handed over her Yahoo login credentials to a phishing site. Might want to make her aware of that risk, or you could be getting another call for the same problem.

Daifne
09-29-2010, 03:33 PM
Any sources? I have tried google but just get silly things. I want to be able to show that MSE is as as good as the free ones get.

I have told her to change her yahoo password :).

No sources other than what I've been seeing with my customers recently. Something is going on with Yahoo. All the customers were webmail only and after changing the password were fine.

AtYourService
09-29-2010, 09:23 PM
This is the 2nd customer I have seen get their att/yahoo account jacked,
the other one was last month sometime. It seems like they get in the account and change the password, then email your contacts then delete all your contacts to stop you from contacting them.

its a scam to get money sent to whereever

this is a copy of the email I got sent to me the other day since I was in her contacts list.
from Ann XXXXX <XXXXX@sbcglobal.net>
reply-to XXXXX@yahoo.com
to
date Tue, Sep 28, 2010 at 8:08 AM
subject Terrifying Experience..Help !!!
signed-by sbcglobal.net

hide details Sep 28 (2 days ago)

I'm writing this with tears in my eyes, I came down here to Wales,United Kingdom for a short vacation unfortunately i got mugged at the park of the hotel where i stayed,all cash,credit card and cell were stolen off me but luckily for me i still have my passports with me.

I've been to the embassy and the Police here but they're not helping issues at all and My flight leaves in less than 3hrs from now but am having problems settling the hotel bills and the hotel manager won't let me leave until i settle the bills,I'm freaked out at the moment...and i need your help right away.