Of late I have received unsolicited emails from several LSC members. When opened the emails contain only a link to a website. Of cause I do not open the link. I messaged one member several weeks ago to advise him his account may be compromised, but to date no response from him. Now another message from another Canadian member. The emails have only come from Canadian members to date.

I have not observed any threads regarding account hijacking, but thought it would be prudent to advise anyone on your email address book to be wary of any emails from the member. Of cause common sense is also a prerequisite.

Tim,

In my case, I don’t have/didn’t have an email address book in my YAHOO! account. The SOBs hijacked all the info in the “Sent” folder. All that info has been nuked right after the episode i.e. my YAHOO account is now “absolutely clean”; nothing to be gleaned from folders etc.

PS I also ranted about the SOBs on March 7th http://www.largescalecentral.com/forums/topic/18541/yahoo-mail-account-cracked

Keep one thing in mind as well, the email from entry is NOT secure. Its nothing for a spammer to say they are [email protected] when in fact their email comes from [email protected]

In other words, it may not be hacked accounts, but instead emails gleened from the site here, and spammers faking who sent it. Without looking deep into the headers, its impossible to verify either way.

I know for a while, my domain fccorp.us was being spoofed by spammers. I’d get email from [email protected], when in fact, the ONLY email account is mine, and google’s email network protects that.

HJ,

I do not log in very often these days so missed your post a few weeks ago. Yahoo and Hotmail email accounts are too easily hacked so I avoid like the plague.

Tim Brien said:

HJ,

I do not log in very often these days so missed your post a few weeks ago. Yahoo and Hotmail email accounts are too easily hacked so I avoid like the plague.

Its them Canadians, Tim. Ya gotta watch them like a hawk! Especially that HJ feller.

It’s in the US now! All of my address accounts were hacked.

Just delete them if you get one from me.

Ya John, I got one from you and I erased it this morning. Fortunitly my system caught it before it went anywhere. Damn hackers.

Watch out for e-mails from Linked-In offering to let you join other professionals on-line.

Over the years I have received spam from several people who signed up.

(http://i49.tinypic.com/245x0mo.jpg)

Shawn Viggiano said:

(http://i49.tinypic.com/245x0mo.jpg)

Shawn, you’re not trying hard enough, you can sign in with a Etch-a-Sketch … it just takes patience!

I saw a thing on the news tonight about this. There is a compnay called Cyber Bunker that is located in eastern europe that is allowing Russian crime organizations to use thier system and servers to hack into computers all over the world. Mostly they are doing DNS attacks to shut down companies systems for what ever reason, but they are also hacking into emails and other software to search for account numbers and passwords for credit cards and other financial accounts.

Google, Microsoft and several other large corporations have been battleing these guys to stop the DNS attacks for sometime now, but by the time they locate what server it is coming from they have already moved on to another server through another internet provider or coporations servers.

Dan S.

Don’t blame me for it!

I don’t know about my E Mails being hacked but they could have been.

Three weeks ago my computer got bitten and every program I have was prevented from opening, EXCEPT E Mail. Wanted me to buy their anti virus stuff.

It took 10 days to get my computer cleaned out. The IT guy found 83 viruses and Malware. Turns out my Anti Virus simply did not pick them up. Last time I ever use Computer Associates (CA) now Total Defence.

Have Kaspersky now and the instant I clicked on the Bachmann website it picked up and quarantined malicious MALWARE from Bachmann. Something to do with Java. So no more visiting Bachmann for now.

I have just got back from a trip to Melbourne and on Tuesday I will get the IT guys to tell me what the thing is and let Bachmann and everyone here know.

Tony Walsham said:

I don’t know about my E Mails being hacked but they could have been.

Three weeks ago my computer got bitten and every program I have was prevented from opening, EXCEPT E Mail. Wanted me to buy their anti virus stuff.

It took 10 days to get my computer cleaned out. The IT guy found 83 viruses and Malware. Turns out my Anti Virus simply did not pick them up. Last time I ever use Computer Associates (CA) now Total Defence.

Have Kaspersky now and the instant I clicked on the Bachmann website it picked up and quarantined malicious MALWARE from Bachmann. Something to do with Java. So no more visiting Bachmann for now.

I have just got back from a trip to Melbourne and on Tuesday I will get the IT guys to tell me what the thing is and let Bachmann and everyone here know.

Coincidentally, I received an email tonight from a new member on MLS, that I have been helping. He mentioned that he visited Bachmann’s site last night and he had his computer infected with a nasty virus. It took his IT guys 11 hours to get his computer fixed today!

Thanks for the heads-up, Tony!

If anyone here is getting emails from me, I apologize. My entire address book was hacked.

Now I’m trying to figure out what to do.

Tony,

I have been using CA/Total Defence for around twelve years or more. It used to be an Aussie company called Vet. It got taken over by an American consortium. They are almost impossible to contact and when accessing personal details I have lost hope of ever doing so. They still take their $49.99 per year. I like it as the software never finds any malware so I am not inconvenienced by the computer slowing down when the software does a scan (being cynical). The software is as useless as a bucket with a hole.

Kapersky is in my opinion the best, but I do not think it allows multiple licences for multiple computers.

I have found that one av program is not enough.

Since I run windows, windows defender is usually there (lame though)

I use AVG free… it’s pretty good, and for people that surf a lot and are not real careful, the add-ins for surfing are good.

Then a weekly scan with malwarebytes, and everything behind a good firewall with av protection.

Never have lost anything, get a virus once every couple of years.

keeping things updated and making sure your scanning is working are the 2 things that 99% of the people with problems have in common.

Greg

The BIG keys to remember that will HELP keep you safe:

NEVER click links in emails. Yes, I know we all get those ones from a site when we forget a password or create a new account, but if they give you the option to type in an address and then a code, use it. Just because it looks like its taking you to http://www.google.com doesn’t mean it is. HTML code allows a coder to specify any address and any text they want, its simply part of the design of the code. Further, just because it says its from your best friend, doesn’t mean it is. And even if the headers say it came from their server, that doesn’t mean THEY aren’t infected with a nasty bit of code, which is using their email book to email copies of itself to everyone they know.

Stop using Internet Explorer. Because IE is included with every copy of windows, and so many people use it ‘because its there’, IE is the preferred attack vector through exploits in the IE coding. Its possible to use IE safely, but it takes configuring complicated settings and disabling scripting and ActiveX applets among other things. Firefox is better, and combined with NoScript addin, it presents a fairly robust barrier to exploit-based infection. Chrome too. They both use push updates which means that you don’t have to do anything to keep up to date. If an exploit or vulnerability is discovered, its only hours before they have an update or patch ready and its being pushed out to their users. Microsoft only updates on the second Tuesday of the month as a general rule.

Unfortunately even then, you can still be subjected to “drive-by downloads”. There was a nastyf malformed jpeg image exploit a few years ago. By intentionally mal-forming a jpeg, someone was able to take advantage of a buffer-overflow exploit in a jpeg decoder. That image was sent to myspace ads. It infected millions of computers before the exploit was repaired and patches pushed out. All you had to do to get infected was load a page that hosted the image as an ad.

Robust antivirus is a must these days, as are antimalware and firewall. One thing to consider, Don’t buy multi-year subscriptions to an antivirus company’s product. For the longest time Norton was considered the best until it got to the point where it consumed so many system resources that you couldn’t use your computer any more. It fell from grace. Two years ago Microsoft’s new antivirus was actually considered the best available. The next version skunked so bad that it went to the bottom of the list in the reviews.

To keep up to date on the latest info, consider joining the throngs of viewers of the TWiT network. This Week in Tech, located at http://www.twit.tv has twenty-five active podcasts, available in Audio or video, covering Windows, Mac, iOS, Android, ham radio, hardware, and a host of other topics, including my favorite, Security NOW!.

Unfortunately, my other favorite podcast is currently down, they had their server (which had been running for the last 10+years) die, completely barbequing their archives and site in addition to a few other sites and all the hardware that they ran on. They are in teh process of getting a new server, but until then, you can still listen to the live broadcast on Saturdays at 12noon EST on Jazz90.1’s stream at http://www.jazz901.org. If you have computer questions, you REALLY should give SoundBytes.org a listen to.

Just remember, computer using places you on the frontlines of an ongoing war between the malicious hackers, crackers and script kiddies and those who continue to slam shut the doors as fast as they can: Steve Gibson and the hosts of others working at developing hardware and software against these exploits.

One thing to keep in mind, ALWAYS keep your data backed up. Its not just about hardware failure… there is a nasty branch of malware, nicknamed “hostageware”. Once your system is infected, it starts encrypting your data, and only offers to decrypt it if you pay them money. Beyond the insult, the problem is you have to hope they a) decrypt once you pay them b) they only charge you the amount you think they will, and that they only do it once. There have been reports that they haven’t decrypted, and others where people have had their accounts wiped out… and still didn’t get their data back.

If you keep a good backup, you can simple issue a system format command and be done with the problems.

Surfing the net is like exploring space: there are discoveries to stir your spirit and terrors to freeze your soul. You just need to decide if the benefits are worth the risk. Be careful and watch your links.

And now you know more of the story… G’day.

J.D. Gallaway said: Surfing the net is like exploring space

I used to tell people it was like walking through a sewer. Something you wouldn’t want to do barefoot (without firewalls & ant-virus protection).

Good advice Jason.