Jump to content
Login with your Gmail HERE and start posting in seconds! ×
Don't just read! Be part of the Community! Join the conversation ×
Our Newsletter now includes a Sunday edition! Stay updated 7 days a week!

Got Mail From A Friend That He Did Not Send, While His Pc Was Off

bangkokcitylimits

By bangkokcitylimits
in IT and Computers

 Share

Recommended Posts

bangkokcitylimits Gold Member

bangkokcitylimits

Posted
Posted

We both use Gmail.

His system was off but of course even then it can be controlled by hackers.

The Gmail data can be stolen on a previous moment when this system was switched on.

It seems Gmail accounts can be hacked as well.

Any suggestions for the both of us what to do, how to find out/ fix etc. ?

In the mail there was a link (see image below, for security reasons I not post the link)

012a9f0b9c8bcf8869eea84d20af5c97.gif

I clicked once on that link but got no warning from Avast or whatsoever. No website opened.

All useful information is welcome !

System Information:

Vista Basic, 32-bit SP2

My systems security / cleaner department contains:

Avast

Malwarebytes

RUbotted

IObit 360

IObit Malware Fighter

Kasperski TDSS Killer

IObit Advanved System Care

IObit Toolbox

CCleaner

bangkokcitylimits Gold Member

bangkokcitylimits

Posted
  • Author
Posted

Just received another mail that he did not send, from another IP address:

Authentication-Results: mr.google.com; spf=pass (google.com: domain of (edited by poster)@gmail.com designates 10.220.179.195 as permitted sender) smtp.mail=(edited by poster)@gmail.com; dkim=pass header.i=(edited by poster)@gmail.com

Received: from mr.google.com ([10.220.179.195])

by 10.220.179.195 (*) with SMTP id br3mr1166476vcb.184.1299509220281 (num_hops = 1);

Mon, 07 Mar 2011 06:47:00 -0800 (PST)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

(*) my IP is different

WarpSpeed Diamond Member

WarpSpeed

Posted
Posted

Seems you should be notifying Gmail eh?? They just had some problems with their email a few days ago and thousands of people lost their accounts as they were virtually cleared out and they have not been specific about the source or the repairs so this may have something to do with that..

bangkokcitylimits Gold Member

bangkokcitylimits

Posted
  • Author
Posted

The friend he just discovered this (recent Gmail account activity, link at the bottom on Gmail)

He lives in Mattoon - Illinois, but this shows there was account activity from the Philippines...

51d0f091fa597036a487c1ec9bb041b3.gif

Just told him to immediately change his password, and one of minimum 8 digits.

danbradster Senior Member

danbradster

Posted
Posted

Since Gmail is a website it may not be his system that is hacked, but either his system was keylogged or he was tricked into a phishing website.

Changing the Gmail password and running a virus scanner are the most likely solutions.

bangkokcitylimits Gold Member

bangkokcitylimits

Posted
  • Author
Posted

Since Gmail is a website it may not be his system that is hacked, but either his system was keylogged or he was tricked into a phishing website.

Changing the Gmail password and running a virus scanner are the most likely solutions.

I see, thanks and forwarded this to him.

And just (his) account activity from Iran, of all places... Is this a sign of a botnet ? Send from his account from botted PC's worldwide ?

He changed his PW already.

544f88a558e0ad0c83c7969d66a82550.gif

CMSteve Gold Member

CMSteve

Posted
Posted (edited)

edit: been covered. didn't read the whole string...

Since Gmail is a website it may not be his system that is hacked, but either his system was keylogged or he was tricked into a phishing website.

Changing the Gmail password and running a virus scanner are the most likely solutions.

I see, thanks and forwarded this to him.

And just (his) account activity from Iran, of all places... Is this a sign of a botnet ? Send from his account from botted PC's worldwide ?

He changed his PW already.

544f88a558e0ad0c83c7969d66a82550.gif

Edited by CMSteve
rakman Gold Member

rakman

Posted
Posted

edit: been covered. didn't read the whole string...

Since Gmail is a website it may not be his system that is hacked, but either his system was keylogged or he was tricked into a phishing website.

Changing the Gmail password and running a virus scanner are the most likely solutions.

I see, thanks and forwarded this to him.

And just (his) account activity from Iran, of all places... Is this a sign of a botnet ? Send from his account from botted PC's worldwide ?

He changed his PW already.

544f88a558e0ad0c83c7969d66a82550.gif

It is very easy to "spoof" (assume an email identity) once an email address is known. Email servers can be either smart (check sending server IP and domain) or dumb (allow anything), plus there are numerous "open relay" servers around that will take anything.

Even from a command window, you can often send mail via telnet to a "less smart" email server, if you know the handshaking email uses. (it's not hard)

So I'm not surprised if your friends (or your) gmail accounts were compromised, the address book is the source of many email address to try to hack.

Sometimes it's good to just move to a new account.

Cheers,

rk

nikster Diamond Member

nikster

Posted
Posted

He should just change his password to something LONG and complicated (but mostly long).

Then when you still get emails from "him" somebody might just fake his email as the sender address. Common practice, nothing to be done about it as it's not really coming from his account. Just ignore it. Sender email address can easily be faked - look at the long headers and IP addresses, as those cannot be faked.

CharlieH Star Member

CharlieH

Posted
Posted

As said above it doesnt necessarily mean his account has been compromised just the address is being duplicated. There is plenty of software out there that enables you to appear to send email from anyone you like.

fvw53 Gold Member

fvw53

Posted
Posted

Rakman writes correctly : "It is very easy to "spoof" (assume an email identity) once an email address is known"

I something get e-mails from myself...which were of course not sent by me

craigt3365 Star Member

craigt3365

Posted
Posted

I had my email jacked several years ago while in the Philippines. I'm sure it was a keyboard logger...or something like that. All my contacts, of which there were many, got all sorts of spam for a long time...not good...

danbradster Senior Member

danbradster

Posted
Posted

Regarding good passwords, it might be worth to mention this free password generator / manager from a recommendable software maker.

No more passwords that are 'easy to remember'..

Generally an easy password is no big deal, since the email provider will block access attempts after like 5 or 10 failed attempts.

After more than 10 years on the internet with only moderate difficulty passwords, the only problem I've had is being social engineered into giving away my secret question answer, which in turn gives away access to my account. Generally 6+ characters long with 1+ number will make you quite safe.

nikster Diamond Member

nikster

Posted
Posted

I had my email jacked several years ago while in the Philippines. I'm sure it was a keyboard logger...or something like that. All my contacts, of which there were many, got all sorts of spam for a long time...not good...

True, the guy needs to clean swipe his system first. The most elaborate password in the world can't help you if there's a trojan / key logger on your system.

My recommendation would be:

- Disable your existing anti virus (AV) software

- Download another AV software that's free

- Install the other AV software and run it immediately (that's what they generally do anyway)

Or run one of the web based AV packages.

The thing to know here:

If there is already malware on your system, it has already disabled your existing AV program. That means the existing AV program can't remove or detect the malware. The way around it is to install/use new AV software, and to be extra safe make it something different.

Or just get a Mac :P

David Barker Senior Member

David Barker

Posted
Posted

Set up email using www.servage.net with a spam filter The first time someone mails you it bounces back and asks for confirmation (spamers dont) after confirmation all further emails come through as normal.

In 4 yrs 2 domains & 8 email addys NO SPAM Brilliant!!!!!!!!!!

devdrinker Senior Member

devdrinker

Posted
Posted

Obviously the account has been compromised. Changed the password to something secure to begin with. I'd do this from a sane device, perhaps your smart phone.

Then you need to find the source of the attack.

a) Is your PC riddled with spyware, was it a jacked copy of XP/Vista/Win7 install by local Thai lads, with virus protection included for free? If so its time to reformat if you want 100% confidence with a legitmate version.

B) Did you something really insane, like logon to your gmail/hotmail from an Internet cafe?? Sorry but thats just asking for trouble.

Email spoofing is easy and until DKIM/SPF is wide spread then its going be around for a while (but even those dont preclude spoofing if sent from same host)

Barker, thats a different issue, his account has been compromised.

NanLaew Star Member

NanLaew

Posted
Posted (edited)

A single gmail account can legitimately be opened at the same time on several PC's regardless of location; we use this option on some projects when we set up an 'open' email account so Clients and Contractors can have open access. One of gmails handy features.

The fact that the OP received all this buddies contacts means his buddies machine is very probably botted. Changing his gmail account password won't help much. If there's keylogging malware running, most likely it came in through the most common portal... the USB memory stick.

Get the machine properly cleaned; my preference would be backup data, reformat and clean install the o/s. Having several different brands of 'security' programs installed is a waste of money as well as a false security.

After that, he should set up a NEW gmail account (just in case an old gf in PI saved his info).

To the OP... "I clicked once on that link but got no warning from Avast or whatsoever. No website opened."

Like a semi-sophisticated bot, smart apyware or simple adware is going to open up a screen saying, "Congratulations! You have just been f*cked online!"

First level of internet security FAIL!

Cool avatar tho'!

Edited by NanLaew
bangkokcitylimits Gold Member

bangkokcitylimits

Posted
  • Author
Posted

Since Gmail is a website it may not be his system that is hacked, but either his system was keylogged or he was tricked into a phishing website.

Changing the Gmail password and running a virus scanner are the most likely solutions.

Everyone thanks, solved !

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.






ASEANNOW

ASEANNOW (formally ThaiVisa) is Thailand's oldest and most popular expat and foriegner forum. Sign up today and have your say!

MORE INFO

POPULAR AREAS

CONTACT US

219/59 Asoke Towers, 15th Floor, Soi Sukhumvit 21, Watthana, Bangkok 10110
(+66) 99 196 1100
[email protected]

×
×
  • Create New...