cubemaster21
|
 |
«
Posted
2012-11-14 01:07:54 » |
|
My father opened up an email and clicked on a link in it that was to "msnbc.msn.com-report3.us/finance/" and now it is forwarding to every single contact on his list, I'm at a loss right now. Please help? Sorry if this is not an appropriate place to ask this.
|
|
|
|
|
sproingie
|
|
«
Reply #1 - Posted
2012-11-14 01:39:39 » |
|
He's got a malware infection. Take off and nuke the PC from orbit. Only way to be sure.
Seriously, you could try downloading some AV and detecting and cleaning it, but depending on what got installed, it could leave hooks in there for good. So you should clean it off immediately just to keep it from spreading itself more, then consider reinstalling the OS, installing some decent AV, then restoring any old documents from backup. Even Windows Defender is better than nothing.
Oh, and switch him to Firefox and use NoScript
|
|
|
|
|
|
cubemaster21
|
|
«
Reply #2 - Posted
2012-11-14 01:45:24 » |
|
So this is not something lingering in his email that could just be triggered by opening the email and it doesn't have access to his email account? He opened it on his work computer, so he's just gonna give it to the IT.
|
|
|
|
Games published by our own members! Check 'em out!
|
|
|
sproingie
|
|
«
Reply #3 - Posted
2012-11-14 01:54:19 » |
|
It's likely the infection point was a drive-by download on the site he visited. Having the malware payload attached to the email itself is possible, but it's not as common, and when it is, it's usually a straight up trojan executable.
Whatever got on the machine could potentially have gotten full control though, so even if it's not necessarily the message itself that's the problem, the malware on the machine could have any amount of access to email and more, such as any passwords typed while the malware was active.
|
|
|
|
|
|
cubemaster21
|
|
«
Reply #4 - Posted
2012-11-14 01:57:24 » |
|
Well, I had him change the password from our home computer, so after he gets IT to clean up the computer, he should be good, right?
|
|
|
|
|
sproingie
|
|
«
Reply #5 - Posted
2012-11-14 02:07:20 » |
|
Probably. I'd at least change the most sensitive passwords anyway just to be sure.
|
|
|
|
|
|
cubemaster21
|
|
«
Reply #6 - Posted
2012-11-14 02:09:35 » |
|
Thanks a ton, my parents were FREAKING out. The problem is that his contacts list is HUGE and at least one person has already opened it.
|
|
|
|
|
Cero
|
|
«
Reply #7 - Posted
2012-11-14 03:14:59 » |
|
I dont know why people fall for this
I mean usual email spam is like ridiculously easy to spot... I guess if you dont know that the sender email can actually be fake you could be tricked
never click links, never open attachment unless you really know what it is
but I know even those spam emails that you get from friends email account and the phrasing is so obvious and weird to me that I spot it immediately
fishing emails, I can understand if you're not familiar with them, but its 2012...
|
|
|
|
|
cubemaster21
|
|
«
Reply #8 - Posted
2012-11-14 03:19:43 » |
|
Yeah, the same thing had happened to the person who sent it to him. The address *looked* legit to him, and it brought him to an actual article, and he got the email from someone he was waiting to hear from.
|
|
|
|
|
Ultroman
|
|
«
Reply #9 - Posted
2012-11-14 06:25:31 » |
|
Sender: Microsoft
Subject: Is your e-mail account safe?
Do not open that sort of thing. Microsoft doesn't just send out mails like that ^^
So many fall for obvious ones like that. Sender names are very easy to create
|
- Jonas
|
|
|
Games published by our own members! Check 'em out!
|
|
|
ReBirth
|
|
«
Reply #10 - Posted
2012-11-14 06:31:44 » |
|
If it's really microsoft, paypal, or legit company, they'll have their truly own site as mail server like @microsoft.com.
Seriously, for first step change to gmail. The filter is good.
|
|
|
|
|
sproingie
|
|
«
Reply #11 - Posted
2012-11-14 20:35:23 » |
|
Vigilance is all well and good, but I myself am probably a late evening and a drink away from falling for a phish someday, at least the first click, which may be all it needs. I heard the same thing in a keynote address from a security researcher, and I don't think you and I are necessarily any better than him. It turns out that moral disapprobation of the target's gullibility has, over the ages, never really been a very effective security policy.
|
|
|
|
|
|
sproingie
|
|
«
Reply #12 - Posted
2012-11-14 20:40:10 » |
|
Do not open that sort of thing. Microsoft doesn't just send out mails like that ^^
Have you ever had your account frozen by PayPal? The mails they send out look exactly like phishing, down to phrases like "verify your account". There's a reason phishers have had so much success with their phrasing. One of my banks never sends links in their emails. Another one "helpfully" includes things like "click here to connect to online banking". Sigh... |
|
|
|
|
|
RobinB
|
|
«
Reply #13 - Posted
2012-11-14 21:43:43 » |
|
Well, I had him change the password from our home computer, so after he gets IT to clean up the computer, he should be good, right?
Nop, if it contains any keylogges it just reads the new password. Not that it matters, it probably has root acces anyways. If i was you i would change all passwords (known and entered on the infected computer) on another computer (email, forums etc). After that, dont use the infected computer untill its cleaned. |
|
|
|
|
|
Cero
|
|
«
Reply #14 - Posted
2012-11-14 23:27:58 » |
|
Do not open that sort of thing. Microsoft doesn't just send out mails like that ^^
Have you ever had your account frozen by PayPal? The mails they send out look exactly like phishing, down to phrases like "verify your account". There's a reason phishers have had so much success with their phrasing. One of my banks never sends links in their emails. Another one "helpfully" includes things like "click here to connect to online banking". Sigh... Well especially with Paypal everybody knows that there are so many phishing emails so IF you are really concerned, log into paypal, but dont click links at the very least hover over the link and look at the ACTUAL url, possible in thunderbird it may say www.paypal.com/DontLoseAllYourMoney but the actual url is www.HotBeachBitchesWithKeyloggers.com |
|
|
|
|
sproingie
|
|
«
Reply #15 - Posted
2012-11-15 01:53:16 » |
|
I do anti-spam for a living, and for years it was with an emphasis on phishing, so I'm perfectly aware of how to be safe. Still it remains that a lot of financial institutions don't seem to know or care about best practices like not including direct links to online banking in their emails. Or the case of PayPal, who actually does scrupulously use DKIM, yet doesn't pay too much attention to how suspicious the actual content often is.
|
|
|
|
|
|
ReBirth
|
|
«
Reply #16 - Posted
2012-11-15 02:47:36 » |
|
For paypal I always go to the site directly. @cero Maybe it's not http://www.paypal.com/DontLoseAllYourMoney exactly but has little spin like paypall.com/xxx or paypal.com.us/xxx since paypal.com is legit right? |
|
|
|
|
Riven
|
|
«
Reply #17 - Posted
2012-11-15 02:49:54 » |
|
You can easily 'spoof' the link in the email too, like: https://paypal.com/ |
|
|
|
|
ReBirth
|
|
«
Reply #18 - Posted
2012-11-15 02:54:54 » |
|
That's why we need to hover the link first, FF and chrome can spot it.
|
|
|
|
|
Cero
|
|
«
Reply #19 - Posted
2012-11-15 03:06:35 » |
|
yeah if its like a short url/acronym you could miss it like "paypal.com" but its referring to "paypal.ytmnd.com" Also, I guess you guys also get the spam mails which are like "Hey I'm from China, and I have $47385624856, I need you to move it for me" or whatever those never have links - what do they hope to accomplish ? What IF I reply ? :D |
|
|
|
|
ReBirth
|
|
«
Reply #20 - Posted
2012-11-15 03:12:19 » |
|
I have read that in magazine. They want to prove if your email address is active (used daily).
|
|
|
|
|
sproingie
|
|
«
Reply #21 - Posted
2012-11-15 08:08:07 » |
|
Also, I guess you guys also get the spam mails which are like "Hey I'm from China, and I have $47385624856, I need you to move it for me" or whatever those never have links - what do they hope to accomplish ? What IF I reply ?  You'll get a reply from a human who will elaborate the scam further. I read an interesting interview with a Nigerian scammer, who revealed a really interesting fact: a lot of them speak much better English than the terrible grammar and clumsy pitch in the emails would indicate, but since they actually get so many responses anyway they deliberately phrase the pitch in such a way that only a fool would fall for them. In which case, the responses they get back are from those fools who are inherently easier to scam. So despite what I said earlier about phishing, you do actually have to be an idiot (or otherwise deluded) to fall for 419 scams, because they're actually screening for exactly that. Incidentally, if you want to see the hilarity that results from people who do reply to the scams in order to screw with the scammers, check out 419eater.com |
|
|
|
|
|
