cancel
Showing results for 
Search instead for 
Did you mean: 
Distinguished Guru
2,813 Views
Message 1 of 29

The Viagra email. A little help needed please

Go to solution

Morning AllSmiley Happy

 

SWMBO has just checked her email account and noticed an email from an old friend.

Upon opening it, it was blank except for a link.

Clicking the link produced a page selling Viagra in $.Smiley Mad

She's just called her friend to tell her that this email is being sent out to many of her other friends (other email accounts visible).

 

This friend uses Windows live and a @hotmail email address.

She's tried to change the password but at this present time, it won't do anything.Smiley Surprised

This friend also uses Facebook - possible means of a spammer getting the friends email details?

How does her friend stop this?

 

Thanks in advance.

 

 

-+-No longer a forum member-+-
0 Ratings
28 REPLIES 28
Brokk
Aspiring Expert
2,809 Views
Message 2 of 29

Re: The Viagra email. A little help needed please

Go to solution

Change the password.

Never put an email address on Facebook. If she did, scrap the email address and use a new one.

0 Ratings
Distinguished Guru
2,795 Views
Message 3 of 29

Re: The Viagra email. A little help needed please

Go to solution

Hi Brokk

 

Thanks for the prompt replySmiley Happy

 

That's a problem. The friend is trying via a Microsoft page. She's mentioned it needs to be an @live email account, not a @hotmail account. Does anyone use Windows live with an @hotmail account. How does she change this?

 

I'd take a look myself, but the friend lives 135 miles away!!

-+-No longer a forum member-+-
0 Ratings
PheeragHfre
Recognised Expert
2,781 Views
Message 4 of 29

Re: The Viagra email. A little help needed please

Go to solution

 


@DS wrote:

Hi Brokk

 

Thanks for the prompt replySmiley Happy

 

@That's a problem. The friend is trying via a Microsoft page. She's mentioned it needs to be an @Live email account, not a @hotmail account. Does anyone use Windows live with an @hotmail account. How does she change this?

 

I'd take a look myself, but the friend lives 135 miles away!!


The Hotmail Webpage redirects to the live com login page, but she should still be able to enter both the full Hotmail email address & password, in order to change the details.

 

"I have this awful feeling someone is watching every move I make (one of my pet hates is router location tagging)." Marvin (A paranoid Android)
0 Ratings
Distinguished Guru
2,776 Views
Message 5 of 29

Re: The Viagra email. A little help needed please

Go to solution

Hi PheeragHfre

 

Thanks for that.

 

Her friends phone has just gone flat. We'll keep trying to call.

 

Hotmail Webpage? - Is this the one - www.live.com?

I don't use Hotmail and just clicked on the first google result for "hotmail login".

It opens a page which I guess is the right one?

 

Her friend was trying via - http://support.microsoft.com/kb/935255

 

-+-No longer a forum member-+-
0 Ratings
PheeragHfre
Recognised Expert
2,757 Views
Message 6 of 29

Re: The Viagra email. A little help needed please

Go to solution

 


@DS wrote:

Hi PheeragHfre

 

Thanks for that.

 

Her friends phone has just gone flat. We'll keep trying to call.

 

Hotmail Webpage? - Is this the one - www.live.com?

I don't use Hotmail and just clicked on the first google result for "hotmail login".

It opens a page which I guess is the right one?

 

Her friend was trying via - http://support.microsoft.com/kb/935255

 


Hotmail com or live com the Live ID is probably the Full e-mail address?

 

"I have this awful feeling someone is watching every move I make (one of my pet hates is router location tagging)." Marvin (A paranoid Android)
0 Ratings
Highlighted
Mordag
Aspiring Contributor
2,751 Views
Message 7 of 29

Re: The Viagra email. A little help needed please

Go to solution

If the Hotmail account has been compromised then it is also possible that the perpetrator has changed the password.

 

However, spamming usually is a highly automated process and is unecononic for a spammer to use a manual process (the buying rate per thousand mails is very low). So it is possible that your friend has a machine that has been infected by malware and that is harvesting and using e-mail addresses stored on the machine. So, does your friend use an e-mail client like Outlook Express?

 

Another possibility is that the e-mail address on the mail you received was 'spoofed' and never came from your friend at all and somehow got through BT's spam filters. Spammers often build lists by harvesting addresses from the web and use one of the names as the sender - this way they make tracing back to them very difficult so they can continue in business. To verify this someone would need to read the Internet Headers on the original e-mail (right click on the mail in the Inbox and select View Full Header and post it in this thread).

 

Also, you opened the link in the e-mail and went to the site. This site could also be infected and this could have downloaded malware to your machine which is now acting as a spam e-mailer.

 

My advice is to check for continuous outgoing network traffic form your machine (Task Manager>Networking), check your Anti-Virus is fully up-to-date and run a full scan on your machine. As a precaution your friend should also do this.

0 Ratings
2,728 Views
Message 8 of 29

Re: The Viagra email. A little help needed please

Go to solution

I'd say it's been spoofed.

 

I have checked my own webmail (BTYahoo) spam folder and seen spam emails from myself to myself !!

 

 

An MSCE in computing is like having a McDonalds Certification in World Cuisine, pointless.
0 Ratings
Distinguished Guru
2,724 Views
Message 9 of 29

Re: The Viagra email. A little help needed please

Go to solution

@ PheeragHfre. thanks for thatSmiley Happy

 

@ Mordag.

 

I'll pass this on as soon as I can make contact. I guess the friend can't find a charger.

Her friend did say that she's having 'failed to send' emails in her inbox from what must be very old email accounts that are no longer in use. She knows of at least 2 that were 'throw away' accounts that are definatley not used.

 

I did install CCleaner and malwarebytes on the friends machine last year and told her to use it at least once a month.

She did say that she'd forgot to use them!!

Outlook - I don't know but will hopefully find out soon.

 

email header:

From ***************** Thu Aug 26 12:17:44 2010
X-Apparently-To: (the wifes email)@btinternet.com via **.***.***.**; Thu, 26 Aug 2010 12:17:45 +0000
Return-Path: <****************@hotmail.com>
X-YahooFilteredBulk: **.**.**.**
Received-SPF: pass (mta1000.bt.mail.ird.yahoo.com: domain of ****************@hotmail.com designates **.**.**.** as permitted sender)
X-YMailISG: 9vGpPtwcZAohT5j007z1KSb62PaRhaKRkbMsYEHC_OtOLVoy
 U3174SuewBxfVq1DlTiTfhaq9X0PKU6O8cMf_XhcMl_orx.zfOfAQjGiOS0w
 UKAGa.9vaG_.O6uRfcUhptHhQgs7xB7xyT.D6gGgoD_4qXhctzm_.rDjXcws
 QUV3FjLVJgx0qyXHxzejIcvB0zK9Nm0JYkr1TldJBSX8ekmrRm3Lho8ihiEK
 UcCzYT.DCcjJoSccQpxdZFW9xrkWAvnO5ddY8UNJ9L.xwTMoZp9hlJw5M4jm
 5hO4p1p4TITe5oTKNRudzQ12LxErAGBGa49_tSKTDhKBsWkA0k3eoM92KHMi
 YjKQ4udH6W9UUXK072fFzJ9QqFaG7WAi5S6maID3iNTNg42USoq3nzrB9hWG
 wkiyUbb3zRUk.Ud1W6Jekz6sHX5cKi95kclQ3XJjcWQ5amo2NjOYtPCL8vJH
 .reonHwz9BzQINZN3E17hFL072YxxaVI03avc5skzDHVBLJNXRsl6uqJltV8
 5FTadCcFuBx9.Bsb.gkBv0HPSsfpMA--
X-Originating-IP: [**.**.**.**]
Authentication-Results: mta1000.bt.mail.ird.yahoo.com  from=hotmail.com; domainkeys=neutral (no sig);  from=hotmail.com; dkim=neutral (no sig)
Received: from **.**.**.**  (EHLO snt0-omc1-s49.snt0.hotmail.com) (**.**.**.**)
  by mta1000.bt.mail.ird.yahoo.com with SMTP; Thu, 26 Aug 2010 12:17:45 +0000
Received: from SNT109-W60 ([**.**.**.**]) by snt0-omc1-s49.snt0.hotmail.com with Microsoft SMTPSVC(6.0.****.****);
     Thu, 26 Aug 2010 05:17:44 -0700
Message-ID: <SNT109-W6092271********************@phx.gbl>
Return-Path:****************@hotmail.com
Content-Type: multipart/alternative;
    boundary="_8c0d692f-b753-4cc9-b652-346aad3108c1_"
X-Originating-IP: [***.**.***.***]
From: **************** <****************@hotmail.com>
To: multiple email accounts deleted
Subject:
Date: Thu, 26 Aug 2010 13:17:44 +0100
Importance: Normal
MIME-Version: 1.0
X-OriginalArrivalTime: 26 Aug 2010 12:17:44.0778 (UTC) FILETIME=[B031DAA0:01CB4518]
Content-Length: 636

 

I've scanned mine and upon first glance, I appear to be safe.

All my antivirus is fully up to date.

-+-No longer a forum member-+-
0 Ratings
Mordag
Aspiring Contributor
2,694 Views
Message 10 of 29

Re: The Viagra email. A little help needed please

Go to solution

Great!

 

It looks like it really did come from Hotmail (you were right to obfuscate the IP addresses!) and not spoofed so that's why it whizzed through the BT spam filter. This is a different class of spam production to that normally seen - it does point to your friends machine possibly being infected. Good to hear yours is clear despite opening a link in the mail - you really were not to know it was spam when you saw it. Clever bit of spamming this!

 

It means that this is either a new class of bot on her machines that uses keylogged user credentials to unlock the hotmail account and use it or we are really dealing with an perpetrator who has obtained (spyware/keylogger) or guessed the Hotmail password. Either way someone must be paying people to mail out the spam manually. Must be sweat shop operation - may also explain why there was no message body. Positive for them is that the spam has a much greater chance of getting through and opened but the negative is they have to get the labour from  a low cost economy somewhere.

 

Very interesting.

 

 

0 Ratings