Java-Gaming.org    
Featured games (79)
games approved by the League of Dukes
Games in Showcase (477)
Games in Android Showcase (107)
games submitted by our members
Games in WIP (536)
games currently in development
News: Read the Java Gaming Resources, or peek at the official Java tutorials
 
    Home     Help   Search   Login   Register   
Pages: [1]
  ignore  |  Print  
  Email forwarding virus on my father's email?  (Read 2448 times)
0 Members and 1 Guest are viewing this topic.
Offline cubemaster21
« Posted 2012-11-14 01:07:54 »

My father opened up an email and clicked on a link in it that was to "msnbc.msn.com-report3.us/finance/" and now it is forwarding to every single contact on his list,  I'm at a loss right now. Please help? Sorry if this is not an appropriate place to ask this.

Check out my game, Viking Supermarket Smash
http://www.java-gaming.org/topics/iconified/28984/view.html
Offline sproingie

JGO Kernel


Medals: 202



« Reply #1 - Posted 2012-11-14 01:39:39 »

He's got a malware infection.  Take off and nuke the PC from orbit.  Only way to be sure.

Seriously, you could try downloading some AV and detecting and cleaning it, but depending on what got installed, it could leave hooks in there for good.  So you should clean it off immediately just to keep it from spreading itself more, then consider reinstalling the OS, installing some decent AV, then restoring any old documents from backup.  Even Windows Defender is better than nothing.

Oh, and switch him to Firefox and use NoScript
Offline cubemaster21
« Reply #2 - Posted 2012-11-14 01:45:24 »

So this is not something lingering in his email that could just be triggered by opening the email and it doesn't have access to his email account? He opened it on his work computer, so he's just gonna give it to the IT.

Check out my game, Viking Supermarket Smash
http://www.java-gaming.org/topics/iconified/28984/view.html
Games published by our own members! Check 'em out!
Legends of Yore - The Casual Retro Roguelike
Offline sproingie

JGO Kernel


Medals: 202



« Reply #3 - Posted 2012-11-14 01:54:19 »

It's likely the infection point was a drive-by download on the site he visited.  Having the malware payload attached to the email itself is possible, but it's not as common, and when it is, it's usually a straight up trojan executable. 

Whatever got on the machine could potentially have gotten full control though, so even if it's not necessarily the message itself that's the problem, the malware on the machine could have any amount of access to email and more, such as any passwords typed while the malware was active.

Offline cubemaster21
« Reply #4 - Posted 2012-11-14 01:57:24 »

Well, I had him change the password from our home computer, so after he gets IT to clean up the computer, he should be good, right?

Check out my game, Viking Supermarket Smash
http://www.java-gaming.org/topics/iconified/28984/view.html
Offline sproingie

JGO Kernel


Medals: 202



« Reply #5 - Posted 2012-11-14 02:07:20 »

Probably.  I'd at least change the most sensitive passwords anyway just to be sure.
Offline cubemaster21
« Reply #6 - Posted 2012-11-14 02:09:35 »

Thanks a ton, my parents were FREAKING out. The problem is that his contacts list is HUGE and at least one person has already opened it.

Check out my game, Viking Supermarket Smash
http://www.java-gaming.org/topics/iconified/28984/view.html
Offline Cero
« Reply #7 - Posted 2012-11-14 03:14:59 »

I dont know why people fall for this
I mean usual email spam is like ridiculously easy to spot... I guess if you dont know that the sender email can actually be fake you could be tricked
never click links, never open attachment unless you really know what it is

but I know even those spam emails that you get from friends email account and the phrasing is so obvious and weird to me that I spot it immediately

fishing emails, I can understand if you're not familiar with them, but its 2012...

Offline cubemaster21
« Reply #8 - Posted 2012-11-14 03:19:43 »

Yeah, the same thing had happened to the person who sent it to him. The address *looked* legit to him, and it brought him to an actual article, and he got the email from someone he was waiting to hear from.

Check out my game, Viking Supermarket Smash
http://www.java-gaming.org/topics/iconified/28984/view.html
Offline Ultroman

JGO Knight


Medals: 24
Projects: 1


Snappin' at snizzes since '83


« Reply #9 - Posted 2012-11-14 06:25:31 »

Sender: Microsoft
Subject: Is your e-mail account safe?

Do not open that sort of thing. Microsoft doesn't just send out mails like that ^^
So many fall for obvious ones like that. Sender names are very easy to create

- Jonas
Games published by our own members! Check 'em out!
Legends of Yore - The Casual Retro Roguelike
Offline ReBirth
« Reply #10 - Posted 2012-11-14 06:31:44 »

If it's really microsoft, paypal, or legit company, they'll have their truly own site as mail server like @microsoft.com.

Seriously, for first step change to gmail. The filter is good.

Offline sproingie

JGO Kernel


Medals: 202



« Reply #11 - Posted 2012-11-14 20:35:23 »

Vigilance is all well and good, but I myself am probably a late evening and a drink away from falling for a phish someday, at least the first click, which may be all it needs.  I heard the same thing in a keynote address from a security researcher, and I don't think you and I are necessarily any better than him.  It turns out that moral disapprobation of the target's gullibility has, over the ages, never really been a very effective security policy.
Offline sproingie

JGO Kernel


Medals: 202



« Reply #12 - Posted 2012-11-14 20:40:10 »

Do not open that sort of thing. Microsoft doesn't just send out mails like that ^^

Have you ever had your account frozen by PayPal?  The mails they send out look exactly like phishing, down to phrases like "verify your account".  There's a reason phishers have had so much success with their phrasing.

One of my banks never sends links in their emails.  Another one "helpfully" includes things like "click here to connect to online banking".  Sigh...
Offline RobinB

JGO Ninja


Medals: 44
Projects: 1
Exp: 3 years


Spacegame in progress


« Reply #13 - Posted 2012-11-14 21:43:43 »

Well, I had him change the password from our home computer, so after he gets IT to clean up the computer, he should be good, right?


Nop, if it contains any keylogges it just reads the new password.
Not that it matters, it probably has root acces anyways.

If i was you i would change all passwords (known and entered on the infected computer) on another computer (email, forums etc).
After that, dont use the infected computer untill its cleaned.
Offline Cero
« Reply #14 - Posted 2012-11-14 23:27:58 »

Do not open that sort of thing. Microsoft doesn't just send out mails like that ^^

Have you ever had your account frozen by PayPal?  The mails they send out look exactly like phishing, down to phrases like "verify your account".  There's a reason phishers have had so much success with their phrasing.

One of my banks never sends links in their emails.  Another one "helpfully" includes things like "click here to connect to online banking".  Sigh...


Well especially with Paypal everybody knows that there are so many phishing emails
so IF you are really concerned, log into paypal, but dont click links
at the very least hover over the link and look at the ACTUAL url, possible in thunderbird
it may say www.paypal.com/DontLoseAllYourMoney but the actual url is www.HotBeachBitchesWithKeyloggers.com

Offline sproingie

JGO Kernel


Medals: 202



« Reply #15 - Posted 2012-11-15 01:53:16 »

I do anti-spam for a living, and for years it was with an emphasis on phishing, so I'm perfectly aware of how to be safe.  Still it remains that a lot of financial institutions don't seem to know or care about best practices like not including direct links to online banking in their emails.   Or the case of PayPal, who actually does scrupulously use DKIM, yet doesn't pay too much attention to how suspicious the actual content often is. 
Offline ReBirth
« Reply #16 - Posted 2012-11-15 02:47:36 »

For paypal I always go to the site directly.

@cero
Maybe it's not http://www.paypal.com/DontLoseAllYourMoney exactly but has little spin like paypall.com/xxx or paypal.com.us/xxx since paypal.com is legit right?

Offline Riven
« League of Dukes »

JGO Overlord


Medals: 744
Projects: 4
Exp: 16 years


Hand over your head.


« Reply #17 - Posted 2012-11-15 02:49:54 »

You can easily 'spoof' the link in the email too, like:

https://paypal.com/

Hi, appreciate more people! Σ ♥ = ¾
Learn how to award medals... and work your way up the social rankings
Offline ReBirth
« Reply #18 - Posted 2012-11-15 02:54:54 »

That's why we need to hover the link first, FF and chrome can spot it.

Offline Cero
« Reply #19 - Posted 2012-11-15 03:06:35 »

For paypal I always go to the site directly.

@cero
Maybe it's not http://www.paypal.com/DontLoseAllYourMoney exactly but has little spin like paypall.com/xxx or paypal.com.us/xxx since paypal.com is legit right?

yeah if its like a short url/acronym you could miss it like "paypal.com" but its referring to "paypal.ytmnd.com"


Also, I guess you guys also get the spam mails which are like "Hey I'm from China, and I have $47385624856, I need you to move it for me" or whatever
those never have links - what do they hope to accomplish ? What IF I reply ? :D

Offline ReBirth
« Reply #20 - Posted 2012-11-15 03:12:19 »

I have read that in magazine. They want to prove if your email address is active (used daily).

Offline sproingie

JGO Kernel


Medals: 202



« Reply #21 - Posted 2012-11-15 08:08:07 »

Also, I guess you guys also get the spam mails which are like "Hey I'm from China, and I have $47385624856, I need you to move it for me" or whatever
those never have links - what do they hope to accomplish ? What IF I reply ? Cheesy

You'll get a reply from a human who will elaborate the scam further.  I read an interesting interview with a Nigerian scammer, who revealed a really interesting fact: a lot of them speak much better English than the terrible grammar and clumsy pitch in the emails would indicate, but since they actually get so many responses anyway they deliberately phrase the pitch in such a way that only a fool would fall for them.  In which case, the responses they get back are from those fools who are inherently easier to scam.  So despite what I said earlier about phishing, you do actually have to be an idiot (or otherwise deluded) to fall for 419 scams, because they're actually screening for exactly that.

Incidentally, if you want to see the hilarity that results from people who do reply to the scams in order to screw with the scammers, check out 419eater.com

Pages: [1]
  ignore  |  Print  
 
 
You cannot reply to this message, because it is very, very old.

 

Add your game by posting it in the WIP section,
or publish it in Showcase.

The first screenshot will be displayed as a thumbnail.

Riven (15 views)
2014-07-29 18:09:19

Riven (10 views)
2014-07-29 18:08:52

Dwinin (10 views)
2014-07-29 10:59:34

E.R. Fleming (28 views)
2014-07-29 03:07:13

E.R. Fleming (10 views)
2014-07-29 03:06:25

pw (40 views)
2014-07-24 01:59:36

Riven (39 views)
2014-07-23 21:16:32

Riven (27 views)
2014-07-23 21:07:15

Riven (29 views)
2014-07-23 20:56:16

ctomni231 (59 views)
2014-07-18 06:55:21
HotSpot Options
by dleskov
2014-07-08 03:59:08

Java and Game Development Tutorials
by SwordsMiner
2014-06-14 00:58:24

Java and Game Development Tutorials
by SwordsMiner
2014-06-14 00:47:22

How do I start Java Game Development?
by ra4king
2014-05-17 11:13:37

HotSpot Options
by Roquen
2014-05-15 09:59:54

HotSpot Options
by Roquen
2014-05-06 15:03:10

Escape Analysis
by Roquen
2014-04-29 22:16:43

Experimental Toys
by Roquen
2014-04-28 13:24:22
java-gaming.org is not responsible for the content posted by its members, including references to external websites, and other references that may or may not have a relation with our primarily gaming and game production oriented community. inquiries and complaints can be sent via email to the info‑account of the company managing the website of java‑gaming.org
Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines | Managed by Enhanced Four Valid XHTML 1.0! Valid CSS!