Spam From Hijacked Webmail Accounts
A family member called last night, upset and embarrassed that his yahoo.com account was used to blast out spam to all of his contacts. A quick examination of the message headers indicated the spam was indeed sent through his yahoo.com account, and that someone had hijacked his Webmail account password.
Upon closer inspection, I noticed that whoever had sent the message had also done the following: deleted the last 30 days worth of messages in the "Sent" folder; added the same message they had spammed out to his e-mail signature, so that the message would be tacked onto each subsequent e-mail he sent; and the perpetrators even signed his first name at the bottom of the message.
An Internet search for the domain advertised in the spam -- easylifeing.com -- shows that spammers have advertised this site by hijacking accounts at other free Web mail providers as well, including Hotmail and Gmail.
The message read:
New shopping new life!
How are u doing these days?Yesterday I found a web of a large trading company from china,which is an agent of all the well-known digital product factories,and facing to both wholesalers,retailsalers,and personal customer all over the world. They export all kinds of digital products and offer most competitive and reasonable price and high quality goods for our clients,so i think we you make a big profit if we do business with them.And they promise they will provide the best after-sales-service.In my opinion we can make a trial order to test that.
Look forward to your early reply!
My relative's anti-virus program gave his PC a clean bill of health, but we're still in the process of scanning it with other tools. It's not clear how the attackers are hijacking these accounts, but there are a variety of ways passwords can be stolen.
The most likely explanation is that the victims logged into their accounts through a system that was compromised by some kind of data-stealing malicious software designed to swipe user names and passwords. In this particular instance, I'd rule out some kind of automated password cracking tool because my relative's password was fairly complex -- more than 10 characters, including numerals.
I've found dozens of Web sites advertised in these Webmail hijack scams. The domains themselves all appear to be for bargain-basement electronics and apparel stores based in China. All of the spammed sites I've reviewed so far were only recently registered and set up, suggesting that they may be nothing more than phantom stores designed to steal credit cards from unsuspecting buyers.
Anyone affected by this scam should immediately change their Webmail password, and check to make sure the same message hasn't been appended as a Webmail signature (usually, signatures are managed through the settings or options pages).
Finally, changing your password won't help much if the attackers still have malware on your system that can steal your new password, too. Assuming your system is equipped with up-to-date antivirus software, and that you've conducted a full system scan, you can get a second opinion by turning to one of my favorite diagnostic tools, Ultimate Boot CD.
This is basically a distribution of Linux that you can burn to a CD. Assuming your system is configured to boot from a CD (if not, you can try these suggestions), it will allow you to boot up into another operating system environment that lets you run a slew of diagnostic checks on the underlying hard drive and operating system, including virus scans from at least three different anti-malware vendors. It is generally safe to delete any suspect files found in these scans, but the scans themselves can take many hours to complete, depending on how many files you have on your system.
Update, 9:48 a.m.: A reader wrote in to remind me that there is a version of the Ultimate Boot CD -- appropriately named the Ultimate Boot CD for Windows - that boots into a virgin install of Windows, instead of a Linux operating system.
April 29, 2009; 7:00 AM ET
Categories: Fraud , Latest Warnings , Safety Tips | Tags: gmail, hotmail, spam, webmail hijack, yahoo
Save & Share: Previous: Equifax Outage Halts Credit Freezes, Fraud Alerts
Next: Facebook Among Top Phished Web Sites
Posted by: datadefender | April 29, 2009 9:59 AM | Report abuse
Posted by: phs123 | April 29, 2009 10:54 AM | Report abuse
Posted by: ZachJansen | April 29, 2009 11:15 AM | Report abuse
Posted by: satrow | April 29, 2009 12:33 PM | Report abuse
Posted by: Matt_G | April 29, 2009 1:58 PM | Report abuse
Posted by: rlguenther | April 29, 2009 3:46 PM | Report abuse
Posted by: BTKrebs | April 29, 2009 4:08 PM | Report abuse
Posted by: 419legalorgrishi | April 30, 2009 12:42 AM | Report abuse
Posted by: Ririz | April 30, 2009 5:45 AM | Report abuse
Posted by: readyfreddy | April 30, 2009 5:13 PM | Report abuse
Posted by: Skeptic1 | April 30, 2009 9:41 PM | Report abuse
Posted by: lquarton | April 30, 2009 11:37 PM | Report abuse
Posted by: artemdi | May 4, 2009 5:38 PM | Report abuse
Posted by: AlphaCentauri | May 5, 2009 12:04 PM | Report abuse
The comments to this entry are closed.