Tuesday, January 19, 2010

Is your email account sending out links to Chinese Electronic stores?

In the past month I've had to deal with a new phenomenon of email accounts being hacked into and high jacked. One was a Hotmail account, the other a Gmail account.

Symptoms are that persons sending you emails or those you have sent emails to, have received emails from your account similar to this:

Dear friend:

I would like to submit a good store that sells all kinds of electronic products:
mobile phones, portable computers, TV, camera, etc..
I bought a bicycle there. It 'very nice and at a lower price. I think it is reliable and
competitive, with excellent quality and reasonable prices. There is a possibility.
The website: [DELETED]
I hope I can go shopping for this company!

Sometimes they appear in other languages:

Estimado amigo:

Me gustaría presentar una buena tienda que vende todo tipo de
productos electrónicos:
teléfonos móviles, ordenadores portátiles, TV, cámara, etc.
He comprado una bicicleta allí. Es muy agradable y en un precio
inferior. Creo que es fiable y
competitivo, con excelente calidad y precios razonables. Hay una posibilidad.
El sitio web: [DELETED]
Espero poder ir de compras para esta empresa!

These are not "spoof" emails. That means that the sender's email address has not been forged to make it look as if the email has been sent from your account which has been the trick that spammers have used up until now. This is something new. The emails have actually been sent from your account. You will see them in your "Sent" folder.

According to Microsoft, it seems to be a new worm-virus originating in China although I cannot find a name for this virus on any of the anti-virus sites yet. According to the Windows Live forums site, the worm-virus will have been installed on one or more of your computers that access the infected email account. I successfully removed the spamming problem but until this worm-virus is actually identified I reserve judgement as to how the spammers are managing to do this. Despite what Windows Live says, I suspect that it might be a security hole in Internet Explorer.  Anyway, this is how to get rid of the problem.

1. Do a complete Virus and Malware Scan

Make sure that your anti-virus is up to date with the latest version and virus database files. This assumes that you have an anti-virus. If you don't then install AVG Anti-virus Free immediately.

This page will give you a link to CNET where you can download it from there (See first red arrow) or there is a secret hidden link at the bottom left hand corner where you can download it directly from AVG (See second red arrow).

Please note: Do not install two anti-viruses at the time as they'll fight against each other.

Very often a virus will attack an anti-virus that is out of date so it will not update or scan. If your anti-virus will not update or refuses to scan then try and uninstall it and install AVG Free. If you cannot uninstall the anti-virus then call a qualified technician.

If your anti-virus is up to date then do a full scan of all drives. Before the scan though, check the scan options and select the option to scan all files and not just the most common files. Viruses are becoming increasingly sophisticated and can hide in files with extensions that make them look like a picture or music file. Set the scanner to automatically delete all viruses.

2. Install the latest version of Internet Explorer (Currently its Version 8).

3. Do a manual Windows Update

If the Windows Update does not work then call a qualified technician to fix this problem as soon as possible.

4. Change your email password to a strong password

A strong password is defined as a string of at least 10 characters with a combination of Uppercase and lowercase letters as well as numbers and special characters in non-sequential sequences.

Special characters are for example: ! " £ $ % ^ &* ( ) _ +

Note: some email services may not allow certain special characters.

An example of a strong password would be:


5. Your Alternative Email address

Make sure that your alternative email address (that will be used if your email account gets locked out or you forget your password) is up to date and working.

6. Your Personal Question

Make sure that your personal question you defined in order to retrieve your password is sufficiently easy for you to remember but extremely difficult for others to guess. Don't use information that could be looked up on the Internet, details on Face Book for instance.

7. Fix your email account properties

Log into your email account and go into properties / Options.

Look for changes made to the following:
 * Signatures
 * Vacation / Out of Office message
 * Filters
 * Look for contacts you don't recognise

Other things will be specific for your email service such as:

 * Safe sender's list is deleted
 * Deletion of Junk messages is set to "Immediately"
 * Junk Mail Settings is set to "Exclusive"

Delete all suspicious changes. Don't forget to save your changes before exit.

If any of the spam text returns then this probably means that you have not yet successfully removed the worm-virus.

No comments: