Return to the Computer Help Forum | Post a Follow-Up

 o
Did I get hacked?

Posted by sjt2900 (My Page) on
Sat, Apr 2, 11 at 13:06

My son called this morning and said he received 4 emails from me at 5am and they contained a virus. (I didn't send anything.)He says my email was hacked and I should change my password. It's starting to look like everyone in my contacts list was sent this email. I've changed my password, but should I do anything else?


Follow-Up Postings:

 o
RE: Did I get hacked?

"Hacked" may not be quite the right word. It's most likely that you have a virus on your computer, which you may have gotten in several ways, including opening up some infected item when you were in your email. It's less likely that someone actually bothered to try to hack into your email. So, while it cant hurt, changing your password may do nothing to help with this problem. Your next step should be to download, install, update and run the free programs Malwarebytes and SuperAntispyware to see if you can find a problem. And you: 1) are running regular antivirus of some kind, and 2) have a firewall enabled...correct?


 o
RE: Did I get hacked?

definitely run malwarebytes the full scan after you have updated it.
Malwarebytes' Anti-Malware (Win) - Detecting and Removing Malware

However this does not mean that it is you that has the problem just because the from field says your name and address, many of these spoof an address. If others you have in your address book are getting these with your name associated it could be you but it could also be someone else that has a lot of the same people in their address book, the infection picks some name at random from the address book to use to fill in the from field. So just because it looks like it is from you does not mean it is. The header info on one of the emails may tell more about where it originated.

I had one recently with my email addy and it was coming to my inbox, I knew it was not me but someone that had me in their address book.


 o
RE: Did I get hacked?

I have Microsoft Security Essentials and the Windows XP firewall. I have Malwarebytes and SupererAntispyware and will be updating and running full scans of both.


 o
RE: Did I get hacked?

A hijacked addressbook has been an on again-off again concern for years, and doesn't appear to have an end in sight. The keyhole is that the infected e-mail comes from someone the user knows so they freely open it. All and all it is like a pyramid scheme by replicating exponentially.

Be sure to run a full scan with your AV also as the variant may be an old one. They are recycled.

DA


 o
RE: Did I get hacked?

sjt2900-
Ok...please post after you do the scans. I'd be interested to see if you detect anything.


 o
RE: Did I get hacked?

Malwarebytes found no problems, but while it was running the MSE box popped up and said it found 1 severe potential threat and removed it.
It was "Exploit:Java/cve-2010-0094CR."
SuperAntispyware found and removed 222 adware tracking cookies.

But,just now, I received this email.

April 2, 2011

Dear HSN Customer,

HSN values your trust and wants to make you aware of a recent incident. We learned from our email provider, Epsilon, that limited information about you was accessed by an unauthorized individual or individuals. This information included your name and email address and did not include any financial or other sensitive information. We felt it was important to notify you of this incident as soon as possible. We apologize for any inconvenience and have outlined below a number of email safeguards to help ensure your privacy online.

Email scams, spam, and other attacks on email systems are on the rise, but, by taking certain precautions when receiving emails, you can continue to safely use email for your business and personal needs:

•Don't open links or attachments from people you don't know and trust.
•Don't provide personal, financial, or other sensitive information when asked to do so by email. Most reputable companies do not ask for such information by email, and, rest assured, we will not do so.
•If you receive an email appearing to come from us that does ask you for sensitive information, do not respond, click on any links, or download any attachments. Instead, please inform us immediately at the toll-free number or email address provided below.

We take your privacy very seriously and work diligently to protect your information, whether held by us or by our service providers. HSN's internal databases, which store all customer-provided data, were in no way compromised. Our email provider has taken significant steps to further protect the limited customer information held in its databases. If you have any questions or concerns regarding this incident, please contact us toll free at 1-800-933-2887 or email us at customerservice@hsn.com.

Sincerely,
Gregg Stallwood
Senior Vice President, Customer Care ��" HSN

Please do not reply to this email. If you would like to contact us, please call us toll free at 1-800-933-2887 or email us at customerservice@hsn.com.
HSN Interactive LLC : Attn: Customer Service : 1 HSN Drive : St. Petersburg, FL 33729‪


 o
RE: Did I get hacked?

And now I get this:

Dear New York & Company Customer,

Yesterday, we were informed by our email service provider that your
email address was exposed by unauthorized entry into their system. Our
email service provider deploys emails on our behalf to customers who
have opted into email based communications from us. We want to assure
you that the only information that was obtained was your name and/or
email address. Your account and any other personally identifiable
information were not at risk.
Please note, it is possible you may receive spam email messages as a
result. We want to urge you to be cautious when opening links or
attachments from unknown third parties. We also want to remind you that
we will never ask you for your personal information in an email.
We sincerely regret this has taken place, and we apologize for any
inconvenience this may have caused you. We take your privacy very
seriously, and we will continue to work diligently to protect your
personal information.

Please visit http://faq.nyandcompany.com for answers
to some frequently asked questions about this incident.
Sincerely,

New York & Company

You've received this message because you registered to receive
email from New York & Company. If you no longer wish to receive
email from us, or would like to edit your email preferences,
click here.
http://email.nyandcompany.com/p/NYandCompany/OptOut?EMAIL_ADDRESS=sturner2900@yahoo.com&

Click here to view our Privacy Policy.
http://www.nyandcompany.com/nyco/company/privacy.jsp?&

New York & Company Corporate Office
450 W. 33rd Street
New York, NY 10001

What's going on?


 o
RE: Did I get hacked?

Gregg Stallwood seems to be the CEO of the Home Shopping Network out of Florida.

New York & Company also appear to be a legit outfit. Do you subscribe to either of these sites?

You have not replied to Kudzu9's post of 15.23 EST

If your scans come up clean you might consider downloading one of the free bootable CD based scans linked below and run it. These programs work when you reboot with the CD in the drawer and your computer is set to seek the CD as the first bootable device. They then look to their home site for updates and then scan your computer with nothing else running. These are a worthwhile tool for anyone's arsenal against the bad guys.

Here is a link that might be useful: Bootable CD based scans


 o
RE: Did I get hacked?

If I were to make my single best guess, the problem you had was not limited only to your email. It sounds like your email provider may have had a security breach where a hacker got in to their system and got access to many, many accounts. They may have deployed a virus within that system which affected many accounts, or they may have just used it as an opportunity to send out spam, and the Trojan you found was a result of something else. At this point, you are probably fine. However, if it were me, I'd call my ISP and tell them what happened, get an explanation from them about whether this breach resulted in a virus infection, and ask whether any other steps should be taken beyond what you have done.


 o
RE: Did I get hacked?

Malwarebytes found no problems, but while it was running the MSE box popped up and said it found 1 severe potential threat and removed it.
It was "Exploit:Java/cve-2010-0094CR."
SuperAntispyware found and removed 222 adware tracking cookies.

So the "Exploit:Java thing is a Trojan?

My son called this evening to say he also received messages from other legitmate companies that were just like the ones I received from HSN and New York & Co. He lives 3 hours away from me.


 o
RE: Did I get hacked?

The message for the Exploit:Java... can mean something is using your Java to gain elevated privileges to do something.

You should make sure you have the current version of Java installed which I believe can be seen in 'Program & Features' or 'Add/Remove programs' in control panel.. mine is probably current and shows 'Java (TM) 6 Update 24'

Here is a link that might be useful: www.java.com


 o
RE: Did I get hacked?

sjt2900-
I used the term "Trojan" loosely, perhaps too loosely; let's just call it malware.

By the way, if it makes you feel like you have company, I just got the same message you did from HSN. However, so far it looks like my email address has not been used to send spam, like yours was. After I did a little more research, it sounds like Epsilon -- which apparently handles email marketing for many large online entities -- had a security breach like I theorized about in my previous post. If you want to see how widespread this is, check out the link below. However, the good news is that Epsilon apparently does not have financial information about you stored on their servers...only your email address. So the worst result apparently is that they can use your address to send spam. The fact that you discovered the Java malware was probably coincidental, but it was good that you found it.

Here is a link that might be useful: QVC forum: Epsilon


 o
RE: Did I get hacked?

All the information from your contact e-mails is readily available on the web. The 1-800 number is a HSN telephone number so to be on the safe side I personally would take a moment, and give them a call to triple check that the e-mails are not spoof.

Why you might ask. If they are spoof the next logical step could be an e-mail re-identifying the "concern" and then asking for verification of your personal information. I've seen it happen before, and some unprepared users do provide the information. Plus, I am very leery of e-mails with cryptic characters in it.

DA


 o
RE: Did I get hacked?

it sounds like your computer is lacking updates it is extremely important to keep things like java, adobe, flash etc updated as well as your windows updates, use this secunia tool to scan and see what needs updating and do those now, those type of vulnerabilities are being used to gain access to your computer. You must remove any old outdated versions of these especially java. To do that you can use JavaRa.

Secunia Online Software Inspector (OSI)

JavaRA


 o
RE: Did I get hacked?

damccoy-
It's a small issue, but I thought I'd point out that sometimes "cryptic characters" are simply the result of what encoding the browser is using. I got the identical message as the OP and, where he has cryptic characters, I have a dash displayed. Based on what I found out about this security breach, I believe it's a legitimate message, but I also agree completely with your point about never furnishing info in response to an email.


 o
RE: Did I get hacked?

K9, I agree with you totally. I just don't like their presence, and when I see them an alert warning goes off. The first line of indicators to a spoof e-mail are misspellings, poor grammar, and improper coding.

DA


 o
RE: Did I get hacked?

I just got something similar from this address:
disney@vacation.disneyworld.com

When I tried the address I got a warning from Firefox that the address was not correct and someone might be trying to trick me. It contains a link but I didn't click on it. I do not have any account with Disney nor ever gone to their website.
I got 2 emails today, I'll paste the email.

View in your browser
Click here

Dear Guest,

Earlier today, you likely received an email from us that had no copy
or content in it. Below is the important information we were trying
to share with you in that email message. We apologize for the
confusion and our contact information is below
should you have any questions about this matter.

We have been informed by one of our email service providers, Epsilon,
that your email address was exposed by an unauthorized entry into that
provider's computer system. We use our email service providers to
help us manage the large number of email communications with our
guests. Our email service providers send emails on our behalf to
guests who have chosen to receive email communications from us.

We regret that this incident has occurred and any inconvenience this
incident may cause you. We take your privacy very seriously, and we
will continue to work diligently to protect your personal information.

We want to assure you that your email address was the only personal
information we have regarding you that was compromised in this
incident.

As a result of this incident, it is possible that you may receive spam
email messages, emails that contain links containing computer viruses
or other types of computer malware, or emails that seek to deceive you
into providing personal or credit card information. As a result, you
should be extremely cautious before opening links or attachments from
unknown third parties or providing a credit card number or other
sensitive information in response to any email.

If you have any questions regarding this incident, please contact us
at (407) 560-2547 during the hours of 9:00 am to 7:00 pm (Eastern Time)
Monday through Friday, and 9:00 am through 5:00 pm (Eastern Time)
Saturday and Sunday.

Sincerely,

Disney Destinations

I don't think this is legit. I pasted the address in my browser and it doesn't go anywhere.

Jane


 o
RE: Did I get hacked?

So, I've changed my email password, ran Malwarebytes, SuperAntispyware and OSI. I've defraged and cleaned the disc. I've updated everything I can think of updating. I'm hearing from family and friends all over the country telling me I have some kind of virus or macro virus or that I've been hacked. Daughter's new inlaws also got contaminated email. Oh boy! My computer runs just fine. (Wouldn't you know!) Is there anything else I should do?


 o
RE: Did I get hacked?

Here's another thing. I use several different computers. Any way to tell which one has a problem, or should I just do all these things to each computer? Well, now that I think about it, I guess I should do all these things to each computer.


 o
RE: Did I get hacked?

sjt2900-
Definitely put each computer through the works...


 o
RE: Did I get hacked?

Millions of live e-mail addresses are thought to have been stolen in an attack on US marketing firm Epsilon.

It handles customer communications for many household names and sends more than 40 billion e-mails annually.

Epsilon has more than 2,500 clients including Best Buy, TiVo, Walgreens, Capital One, JP Morgan and Citigroup.

Many Epsilon clients have contacted customers warning that attackers may use the stolen data to con them out of more information.

Paddy..

Here is a link that might be useful: Report Here


 o
RE: Did I get hacked?

Yes I got an email from my bank saying that Epsilon had been breached and our email address may have been involved in the material stolen. However they assure that none of our actual banking info or passwords were involved. Well lets just hope that is true!

I have had a few more spam emails lately but not sure it is from that or not.


 o
RE: Did I get hacked?

I downloaded SuperAntispyware onto another of my computers and at the end of the download it said "SuperAntiapyware had encountered a problem and had to close." I (probably not wisely) restarted the program and ran it. It found problems, quarantined and removed them, but when the computer restarted the black screen came up and said there are problems starting and do I want to go to normal startup or safe mode came up. I tried both but still had problems so I had to go to system restore to a previous date. Should I just not bother with SuperAntispyware or is there something I should do to get it to download properly. I did try to download it after I ran Malwarebytes, but it still encountered problems and had to close.

Here are the results of the Malwarebytes scan.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6268

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/4/2011 12:23:00 PM
mbam-log-2011-04-04 (12-23-00).txt

Scan type: Full scan (C:\:)
Objects scanned: 197371
Time elapsed: 35 minute(s), 56 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
c:\documents and settings\MY NAME\application data\system\svchost.exe (Trojan.Agent) -> 3084 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\GamevanceText.DLL (Adware.GameVance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\gvtl (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\verona_4l (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"FEA42FDC-AA6F-B9C7-802F-E4430654AE70> (Spyware.Passwords.XGen) -> Value: "FEA42FDC-AA6F-B9C7-802F-E4430654AE70> -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wupd32 (Trojan.Agent) -> Value: wupd32 -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("C:\Documents and Settings\All Users\Application Data\install\app.exe"%1" %*") Good: ("%1" %*) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\MY NAME\application data\Odser\ziefs.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore"4e9df651-9487-4ce6-940e-ff6e61692305>\RP857\A0058576.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\install\app.exe (Trojan.SpyEyes) -> Quarantined and deleted successfully.
c:\documents and settings\MY NAME\application data\system\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\MY NAME\application data\system\verona\load_me.exe (Trojan.Agent) -> Quarantined and deleted successfully.


 o
RE: Did I get hacked?

you need to go to this help forum I will link you to and post that log there and ask for help with cleaning, many of the infections you have could require special scans to fully remove them, you will have to register and create your own thread at the location I am going to link you to, if you need help let me know I am there also.
Analysis and Malware Removal
Please do this!


 o Post a Follow-Up

Please Note: Only registered members are able to post messages to this forum.

    If you are a member, please log in.

    If you aren't yet a member, join now!


Return to the Computer Help Forum

Information about Posting

  • You must be logged in to post a message. Once you are logged in, a posting window will appear at the bottom of the messages. If you are not a member, please register for an account.
  • Posting is a two-step process. Once you have composed your message, you will be taken to the preview page. You will then have a chance to review your post, make changes and upload photos.
  • After posting your message, you may need to refresh the forum page in order to see it.
  • Before posting copyrighted material, please read about Copyright and Fair Use.
  • We have a strict no-advertising policy!
  • If you would like to practice posting or uploading photos, please visit our Test forum.
  • If you need assistance, please Contact Us and we will be happy to help.


Learn more about in-text links on this page here