email hijack security risks? (IT dudes!)

[MDV]

So, something has caused my email to send a link out to my address book (more or less all of it at least). Likely a virus it seems.

The email doesnt show in my sent folder, and theres a delivery failure notice to 3 presumably dead emails (one of which is swineshead :() at about half 11 today.

Now, my lack of concern for the size or functionality of male genitalia aside (which apparently is what the link was to, I havent clicked it), does this pose a threat to other logins (like online banking and paypal?)

I've run an antivirus (kaspersky), which comes up with the same things as last time, which I thought it had dealt with - two legal keyloggers, one for a game (for some $%&#ing reason) and a trojan, all over 2 weeks old. It doesnt show them as active threats, nor does it show them as disinfected or quarantined. This confuses me. It gives me the option to quarantine them, but just opens my documents folder when I click on it.

Seems either a trojan or a keylogger could do this, but the virus report is quite confusing, plus that these are old and the email hijack was today.

No erroneous payments from my account or paypal. Passwords changed using a virtual keyboard that comes with kaspersky (in case its a keylogger).

Apologies to forum members that recieved a bizarre email from me!

Anybody know anything that can help me determine if my computer is infected and/or other logons at risk, or is it just isolated to my email?

Thanks in advance. Best price on russian sourced male performance enhancement pills to anyone that can help!

Edit - to clarify, virus scans taken today show a 100% clean computer.

[FELINEGUITARS]

You are not alone - I regularly get emails from Hohnny Mac just like it , and my girlfriend's AOL account suffered the same hijack.

I would be interested in knowing more about it and what can be done

[AndyR]

There's a lot of it about.

I have a friend who sent an "I apologise for the funny e-mail" just the other week...

(I didn't get a funny e-mail though!!)

I was talking to his missus last night (actually, she's the friend, she was my best-woman when I got married, he's her other-half)... er, where was I? Oh yeah...

HE (this chap/friend/spouse-of-friend)(his name's Steve, if that helps) is an IT personage, and he's still fighting it... his investigations so far have revealed that it has something to do with facebook...

But, like all IT professionals, he does tend to blame the most obvious "someone else" when things go wrong... (I am an IT professional, of sorts, myself :lol:)

His missus, last night, was saying "He's convinced it's something in his facebook account..." in her very best "the stupid pillock" tone of voice... (she was "Business IT" herself before sprouting sprogs).


BUT - I have a feeling you're anti-facebook like I am MDV?? (so you haven't got an account, and it wouldn't be the issue here).

I think it's "e-mail accounts only" at risk - the idea of beasts like this is to get legit e-mail addresses to send out your bullsh1t for you, bypassing spam-filters.

But... who knows? I'll also be interested in anything else people have got ...

[MDV]

I am indeed anti facebook, and dont have an account, or myspace or twitter - the only things that have my account login in them are forums, amazon and a small number of big and as trustworthy as one can hope for suppliers (strings direct, stewmac, allparts, that sort of thing), paypal and the bank. Nothing that I'd think would be suspect.

I've also used this email address for about 5 years without any trouble.

Currently running a max-invasive paranoid security level scan with kaspersky.

[AndyR]

I'm slighlty suspicious of Amazon anyway out of those (mainly cos it runs like a filthy dog on my laptop and I can see various adware things getting blocked everytime I open an amazon window) - but I'm not sure I'd be that suspicious of any of them... (unless of course you were using one of them on the day that it experienced an attack).

Have you got anything that you allow to use you as a "server"?

Eg. When I joined Spotify (and whenever it updates its client on my pc), my firewall goes "Spotify wants you to act as a server" and I go - "You can f**k right off on that mate..." (well, the button actually says "No", but I've explained to my missus that it's a little more forceful/important than just "No"...)

The first time I thought "oh well, that's it, no spotify for me then", but it works even if you deny this.

It's that sort of thing that I'd suspect, or something that manages to sneak in and pretend it's something else so that your firewall doesn't notice when it starts calling home...

Hopefully if there's anything like that lurking then the scan will spot it.

But I've always assumed that to send e-mail from you, recognisable as coming from you and your ip address... that, unless it's installed some crazy program on your system, a process elsewhere has to take control of your machine and use your e-mail client to send from your e-mail address book... (the fact that you've got nothing in your sent folder made me wonder, but I'm not sure it's that indicative of owt...)

Can you tell from the returned mails whether it was actually coming from your ip? ie from all the tracking guff you get in returned mails. I don't really know how to read them, but I'd be tempted to send a "Testing Testing" e-mail to one of those dead addresses to see whether the return of a legit e-mail from me looks the same as one of these spam-jobs.

[Philly Q]

You are not alone - I regularly get emails from Hohnny Mac just like it , and my girlfriend's AOL account suffered the same hijack.

I would be interested in knowing more about it and what can be done

Yeah, I get bogus "John Mac" emails as well!  Very odd.

[JDC]

Hard to say if it's isolated to your email or not, viruses can do really nasty things to hide in your system, if you have a single specific target and it's not that hard to make something undetectable if you got the resources. Then it's just a case of getting it inside the target.

In the case of preventing viruses everyone should have firewall, anti virus, Windows/Mac/Linux up to date, web browsers, flash, PDF reader, java up to date too.

Highly recommend PSI secunia, it's a program that checks what needs patching, Microsoft Security Essentials if you want a free easy to use anti virus, if you ain't got a firewall in your OS then there is a free version Zonealarm.

For a bit of security through obscurity I'd change Adobe Reader for Foxit Reader or PDF XChange viewer, also change Internet Explorer for Google Chrome. I use Firefox but market share has gone up yet I can't live without my addons, good addon for Firefox is noscript but it's complex, fiddley, especially when it's a fresh install.

As for facebook, I'm on it, piracy settings at the maximum, absolutely refuse to use any of the third party applications on there. Way too easy for anyone to add an application of dodgy code.

With passwords I use a mix of upper and lower case characters with numbers and symbols, and have different ones for my email and bank

[MDV]

Funny you mention chrome - I was using it for about 1 week as my main browser since firefox started having trouble displaying some stuff (pics, flash player vid, menus, all sorts). Never, not once, had a problem with FF.

Rather reminds me of the time I changed to opera for a week, about 4 years ago, and got about 10 viruses.

Uninstalled chrome and did all the other changes in FF, in case it had anything to do with it. Havent used IE in ages.

Thanks for the other advice, I'll look into it (not being totally green on PC security, I have antivirus, firewall (which I now find is off, for no good reason whatsoever! But kasperskys has been on) and dont generally do anything dumb or gullible. Its all very odd.

[FELINEGUITARS]

ON Facebook - avoid ALL 3rd party applications - they are a minefield at best

[MDV]

Kaspersky defcon level kill-everything-in-sight scan came up blank.

Started windows defender scan.

[shobet]

Do you use system restore to keep snapshots of known good states of Windows? I'm not up to speed on Windows admin theses days as I've actively avoided it since 2002 for these very reasons.

[Johnny Mac]

You are not alone - I regularly get emails from Hohnny Mac just like it , and my girlfriend's AOL account suffered the same hijack.

I would be interested in knowing more about it and what can be done

Yeah, I get bogus "John Mac" emails as well!  Very odd.

Sorry about these Jonathan, Philly. I have tried to stop them. It hacked my hotmail account and I know others whop have had the same problem. All Chinese based 'companys'

I think the one i've got just operates from my hotmail account, if that's possible. I've had it go out when using hotmail on my Mac and that's only 8 days old.

[Afghan Dave]

You are not alone - I regularly get emails from Hohnny Mac just like it , and my girlfriend's AOL account suffered the same hijack.

I would be interested in knowing more about it and what can be done

Yeah, I get bogus "John Mac" emails as well!  Very odd.

You must be sh1ting me.... SO DO I!  :o

They turn up about twice a month.

That's what we get for being intimate with Johnny Mac and playing with his Koch... "Forum Clap"  :(

[Philly Q]

You are not alone - I regularly get emails from Hohnny Mac just like it , and my girlfriend's AOL account suffered the same hijack.

I would be interested in knowing more about it and what can be done

Yeah, I get bogus "John Mac" emails as well!  Very odd.

Sorry about these Jonathan, Philly. I have tried to stop them. It hacked my hotmail account and I know others whop have had the same problem. All Chinese based 'companys'

Not a problem, Johnny.  I hope to find a use for the cheap Viagra, one day.

[Johnny Mac]

You are not alone - I regularly get emails from Hohnny Mac just like it , and my girlfriend's AOL account suffered the same hijack.

I would be interested in knowing more about it and what can be done

Yeah, I get bogus "John Mac" emails as well!  Very odd.

You must be sh1ting me.... SO DO I!  :o

They turn up about twice a month.

That's what we get for being intimate with Johnny Mac and playing with his Koch... "Forum Clap"  :(

It's a small price to pay for such a massive Koch!