Eddress compromised

Discussion in 'other security issues & news' started by penandme, Feb 26, 2011.

Thread Status:
Not open for further replies.
  1. penandme

    penandme Registered Member

    Joined:
    Sep 27, 2007
    Posts:
    30
    I got 3 emails on 3 different eddresses yesterday supposedly from a friend. He did not send them and has it seems had his yahoo account hijacked. The site sells viagra by mail order.

    I'm trying to help him out by asking the question here- how does he eradicate this attacker for good.
    Thx
     
  2. x942

    x942 Guest

    Hi there I will try to make this as short as possible but bare with me. First off an attacker/spammer doesn't need access to an account to send e-mails from it. You can do E-mail Header spoofing to send as what ever e-mail address you want lots of spammers do this. Some things to look at:

    1) Have your friend scan his computer with multiple AVs to be sure he is safe a good option is one scan running windows and another using a live boot disk such as kaspersky's (just google it. its a free download.)

    2) After clearing out any malware or making sure he his clean make sure he changes all of his passwords especially his E-mail account. Use a password generator to make a complex password and use Last Pass or something else to store it securely. Another option is making a strong yet memorable password.

    3) If the e-mails don't stop then they are being spoofed and the spammer either got his e-mail though a registration forum or another PC that was compromised (like one of his friends etc.)

    4)Optional install keyscrambler before step 2 to be on the safe side.

    Ultimately if the address is being spoofed there is nothing that can be done besides telling your friend to change E-Mail addresses. Then again if its just spoofing his account wouldn't be compromised and it wouldn't matter much. Since it is being sent to you that is a major coincidence and his account probably was compromised also make sure he changes his secret question.

    On a side note if he is willing to switch Gmail now offers 2-Factor authentication which would make this attack useless as they would need the password and access to the phone that receives the second code. Don't trust google with your number? I use my ipod touch instead of a phone as I always have WiFi.

    Hope this helps!
     
  3. penandme

    penandme Registered Member

    Joined:
    Sep 27, 2007
    Posts:
    30
    Thank you X942.
    I passed the info on and he is now back in action, having stripped his password and started again.

    Nice to know what Gmail is doing. I have it but wasn't aware of the double density security. I'll check that out myself.
    Thx again
     
Loading...
Thread Status:
Not open for further replies.