Send bad email, but all is well?

[micky]

A friend "sent" me an email that included a link to some site that AVG
woulnd't let me go to.

I checked with her and she didn't send it at all, and she says it was
sent to eveyrone on her email contact list. The one that went to me
also went to about 5 other people. We have only left each ot her
messages, so I don't know if t he outgoing email to me shows in her
outbox or not. .

Based on many meals eaten together, and the conversation, her nephew
seems to know a lot more about this stuff than I do. I think he works
in data processing for a livilng, and I know he set up the office
network etc. for his cousin, a friend of mine. He told her to run her
AV program, so she scanned the computer with McAfee, and it found
nothing.

She seems satisfied with this. It sounds like her nephew didn't tell
her to call back if it didn't find anything.

She still has a worm or something, doesn't she? Shouldn't she
continue to pursue this?

Will it cause her more harm than just antagonizing friends? (She's
retired, so she can't antagonize her boss!)

Will it limit itself to just sending obnoxious emails in her name?
Because that's easy enough to handle.

 

[micky]

I finally called her when she was home and it turns out she uses
Hotmail and does her emailing from the hotmail webpage. That's where
her contract list is also. Duh.

Her nephew told her to run the scan and change her password, and I
guess now that I know the facts, that's all that needed to be done.

Sorry to have bothered you alll.


But a couple questions if you don't mind. : Does an web-based site
like hotmail let a bot just keep trying passwords? Are there
programs that do this, that then go to the contact list and compose
emails and send them.

Do they just somehow enter the keystrokes that a valid user would
have to enter, or do they read the info off the screen or off the data
stream, and then send the email from their computer using their own
software?

If they did it the second way, would their IP addresss show up, a) in
the email, b) in the records of the sending ISP, c) in the records of
the receiving ISP?

FWIW, different emails were sent to different groups of people.

 

[David H. Lipman]

I finally called her when she was home and it turns out she uses
Hotmail and does her emailing from the hotmail webpage. That's where
her contract list is also. Duh.

Her nephew told her to run the scan and change her password, and I
guess now that I know the facts, that's all that needed to be done.

Sorry to have bothered you alll.


But a couple questions if you don't mind. : Does an web-based site
like hotmail let a bot just keep trying passwords? Are there
programs that do this, that then go to the contact list and compose
emails and send them.

Do they just somehow enter the keystrokes that a valid user would
have to enter, or do they read the info off the screen or off the data
stream, and then send the email from their computer using their own
software?

If they did it the second way, would their IP addresss show up, a) in
the email, b) in the records of the sending ISP, c) in the records of
the receiving ISP?

FWIW, different emails were sent to different groups of people.

The email account was compromised. Yes, the password must be changed but it should be a
"strong password".
http://en.wikipedia.org/wiki/Password_strength

 

[micky]

The email account was compromised. Yes, the password must be changed but it should be a
"strong password".
http://en.wikipedia.org/wiki/Password_strength

Thanks. She didnt' use the word strong but said she had one with lots
of numbers and letters, She has a Ph.D. in biochem, from a good
school. . Sort of unusual for a woman over 65, I think. OTOH, she
seems more interested in living things than computer-type stuff. But
I'll send her your link.

 

[Virus Guy]

A friend "sent" me an email that included a link to some site
that AVG woulnd't let me go to.

If you knew how to look at the full header of an e-mail, you could see
the IP-address chain and figure out if it really did originate from your
friend's computer.

 

[Virus Guy]

I finally called her when she was home and it turns out she uses
Hotmail and does her emailing from the hotmail webpage. That's
where her contract list is also. Duh.

Her hotmail account was hacked. This is somewhat common.

It's got nothing to do with her computer.

 

[David H. Lipman]

Her hotmail account was hacked. This is somewhat common.

It's got nothing to do with her computer.

Her account being compromised could have been the result of a keylogger.

 

[Virus Guy]

Her account being compromised could have been the result of a
keylogger.

Shouldn't that have shown up during an AV scan on the computer?

Shouldn't other password-protected assets (if any, such as facebook,
linked in, on-line banking) also have been comprimized?

 

[David H. Lipman]

Shouldn't that have shown up during an AV scan on the computer?

Shouldn't other password-protected assets (if any, such as facebook,
linked in, on-line banking) also have been comprimized?

Its possible it was a keylogger that was unknown to the anti malware that was installed
and we are dealing not with the person affected but by a third party.

It is also possible that other accounts could have been compromised.

The point is one can not specifically state "It's got nothing to do with her computer."
It is a possibility.

 

[FromTheRafters]

micky wrote:

[...]

But a couple questions if you don't mind. : Does an web-based site
like hotmail let a bot just keep trying passwords?

Of course, just like it would allow a person to keep trying until he or
she gets it right. They do have a timed block (lockout) after a certain
number of tries though.

Are there programs that do this, that then go to the contact list
and compose emails and send them.

I'm not sure about the automation aspect, but I always assumed it was
so. I've even heard of automatic account creation programs that enlist
already compromised computers to 'ransom' their computing power and get
the user to supply answers to 'CAPTCHA' strings as payment.

Do they just somehow enter the keystrokes that a valid user would
have to enter, or do they read the info off the screen or off the data
stream, and then send the email from their computer using their own
software?

Not sure what you're asking here, but 'yes' keylogging in the ways that
you mention makes the brute force method unneeded. If "her" machine were
compromised (even if not a persistent compromise) she might still have a
problem.

Also, there could have been a weakness in the password recovery (secret
question) gizmo.

If they did it the second way, would their IP addresss show up, a) in
the email, b) in the records of the sending ISP, c) in the records of
the receiving ISP?

Not necessarily. Often, the same miscreant that is trying to steal
hotmail computing power to 'spam out whatever' already has computing
power to spare in the form of bots running on other compromised
computers. Tracing back an e-mail might just get you a previous victim's
IP#.

[...]

 

[micky]

micky wrote:

[...]

But a couple questions if you don't mind. : Does an web-based site
like hotmail let a bot just keep trying passwords?

Of course, just like it would allow a person to keep trying until he or
she gets it right. They do have a timed block (lockout) after a certain
number of tries though.

Are there programs that do this, that then go to the contact list
and compose emails and send them.

I'm not sure about the automation aspect, but I always assumed it was
so. I've even heard of automatic account creation programs that enlist
already compromised computers to 'ransom' their computing power and get
the user to supply answers to 'CAPTCHA' strings as payment.

What! I've never heard of this. Extortion by spammers, against
someone who knows he's being extorted. And like with kidnappers, how
does he know they'll let his computer go free if he pays?

Not sure what you're asking here, but 'yes' keylogging in the ways that
you mention makes the brute force method unneeded. If "her" machine were
compromised (even if not a persistent compromise) she might still have a
problem.

Also, there could have been a weakness in the password recovery (secret
question) gizmo.


Not necessarily. Often, the same miscreant that is trying to steal
hotmail computing power to 'spam out whatever' already has computing
power to spare in the form of bots running on other compromised
computers. Tracing back an e-mail might just get you a previous victim's
IP#.

Darn.

Thahnks a lot.

[...]

 

[Nobody > (Revisited)]

What! I've never heard of this. Extortion by spammers, against
someone who knows he's being extorted. And like with kidnappers, how
does he know they'll let his computer go free if he pays?

It does sound bizarre, but it's been seen in "developing countries".

I think "ransom" wasn't exactly the right wording tho.

The CAPTCHAs are fed at the user disguised as "activity checks", often
found in cheezy internet cafes. You have to do the CAPTCHA to keep from
getting booted off.



--
"Shit this is it, all the pieces do fit.
We're like that crazy old man jumping
out of the alleyway with a baseball bat,
saying, "Remember me motherfucker?"
Jim “Dandy” Mangrum

 

[FromTheRafters]

It does sound bizarre, but it's been seen in "developing countries".

I think "ransom" wasn't exactly the right wording tho.

The CAPTCHAs are fed at the user disguised as "activity checks", often
found in cheezy internet cafes. You have to do the CAPTCHA to keep from
getting booted off.

Yeah, it was perhaps overstated a bit. ) But to the user it seems that
nothing can be done except enter the symbols to be able to continue with
what they were doing with the computing power they are now temporarily
being deprived of.

I've got your clock cycles, if you want them back then pay me these
symbols represented herein (see map of distorted text characters inset).

 

[Dustin]

Thanks. She didnt' use the word strong but said she had one with lots
of numbers and letters, She has a Ph.D. in biochem, from a good
school. . Sort of unusual for a woman over 65, I think. OTOH, she
seems more interested in living things than computer-type stuff. But
I'll send her your link.

Possibly an address, birthdate, wedding anniversary date and/or a
combination of such. I've observed neurosurgeons use really dumb and
insecure passwords. [g]. It's such an annoyance for most, they refuse to
pick strong ones.


--
Walking on a Razor's edge, so hard for me to find my way home. How could it
have come to this? So hard to pick the right from the wrong. I can't try to
hide behind myself anymore. I can't try to reason with the pain and the
torture. So I will grab hold to forever and walk right through this open
door. Walking on this lonely road, the heartbreaking pain at my side.
Without two arms to hold me, nothing but the chain of goodbyes.

 

[Shadow]

A friend "sent" me an email that included a link to some site that AVG
woulnd't let me go to.

I checked with her and she didn't send it at all, and she says it was
sent to eveyrone on her email contact list. The one that went to me
also went to about 5 other people. We have only left each ot her
messages, so I don't know if t he outgoing email to me shows in her
outbox or not. .

Does she ever use unsecured wireless ? Used to be easy to see
the persons hotmail login page (and contacts), and even impersonate
the victim, using firesheep. Don't know if hotmail has done anything
about it.
[]'s

 

[micky]

Thanks. She didnt' use the word strong but said she had one with lots
of numbers and letters, She has a Ph.D. in biochem, from a good
school. . Sort of unusual for a woman over 65, I think. OTOH, she
seems more interested in living things than computer-type stuff. But
I'll send her your link.

Possibly an address, birthdate, wedding anniversary date and/or a
combination of such. I've observed neurosurgeons use really dumb and
insecure passwords. [g]. It's such an annoyance for most, they refuse to
pick strong ones.

She told me how she used to have to have 4 passwords at work, for
different parts of her job. Ugh.

 

[Dustin]

Her hotmail account was hacked. This is somewhat common.

Maybe it was hacked. Yes it's common.

It's got nothing to do with her computer.

That's another maybe.




--
Walking on a Razor's edge, so hard for me to find my way home. How could it
have come to this? So hard to pick the right from the wrong. I can't try to
hide behind myself anymore. I can't try to reason with the pain and the
torture. So I will grab hold to forever and walk right through this open
door. Walking on this lonely road, the heartbreaking pain at my side. Without
two arms to hold me, nothing but the chain of goodbyes.

 

[Dustin]

A friend "sent" me an email that included a link to some site that AVG
woulnd't let me go to.

I checked with her and she didn't send it at all, and she says it was
sent to eveyrone on her email contact list. The one that went to me
also went to about 5 other people. We have only left each ot her
messages, so I don't know if t he outgoing email to me shows in her
outbox or not. .

Does she ever use unsecured wireless ? Used to be easy to see
the persons hotmail login page (and contacts), and even impersonate
the victim, using firesheep. Don't know if hotmail has done anything
about it.
[]'s

That's called packet sniffing, and short of hotmail using https, there is
nothing you can do about it. ehehe.. thats the trade you make for
unsecured wifi. baby!



--
Walking on a Razor's edge, so hard for me to find my way home. How could it
have come to this? So hard to pick the right from the wrong. I can't try to
hide behind myself anymore. I can't try to reason with the pain and the
torture. So I will grab hold to forever and walk right through this open
door. Walking on this lonely road, the heartbreaking pain at my side. Without
two arms to hold me, nothing but the chain of goodbyes.

 

[micky]

Yeah, it was perhaps overstated a bit. ) But to the user it seems that
nothing can be done except enter the symbols to be able to continue with
what they were doing with the computing power they are now temporarily
being deprived of.

I've got your clock cycles, if you want them back then pay me these
symbols represented herein (see map of distorted text characters inset).

So this is done in order to get a human to translate those distorted
character boxes**, since the bad computer can't do that without human
help?

** like Yahoo uses to sign up for a mailing list, Is this how so
many spammers have gotten into Yahoo lists in the last couple years?
Sometimes it takes me four tries to get the right answer. At another
site, it always says no the first time, even when I'm sure I'm right.

 

[micky]

A friend "sent" me an email that included a link to some site that AVG
woulnd't let me go to.

I checked with her and she didn't send it at all, and she says it was
sent to eveyrone on her email contact list. The one that went to me
also went to about 5 other people. We have only left each ot her
messages, so I don't know if t he outgoing email to me shows in her
outbox or not. .

Does she ever use unsecured wireless ? Used to be easy to see
the persons hotmail login page (and contacts), and even impersonate
the victim, using firesheep. Don't know if hotmail has done anything
about it.
[]'s

I don't think she uses that but I don't know for sure.

I'll see her at Thanksgiving and ask about this and the other things
mentioned.

Thanks.