security concern .....! email address got hacked ...

[majithia23]

all right techies ,

this happened with one of my friends email address , a week back .

his gmail address got hacked !

it was hacked by some one from God knows where ,

he/she sent some unsolicited mails to every member in his address book .

thank God the mails sent were not serious ,

rather funny !

he/she advertised some korean products and asked them to buy , offered big discounts ,

n some money making offers " ... click here for 100$...'

n these sort of.....

sent to every contact !!!!

n yes my friend did not give his email address to any unauthorised or cheap website .

it was a total id and password theft .

when he came to know of this after 2 days , he then had to change his passwords n send an apology to every contact in his address book .... :)

he uses firefox with mcafee internet suite ( cracked download from some warez site ) with windows firewall . thats it.

cann anyone tell , how was his email address hacked ?

what is the best possible security setup to safeguard against these threats ?

[karachidude]

if ur friend has not typed the email address and password on a phishing site,then probably

theres a keylogger in his system.To avoid further damage use UNHACKME,just to be sure.

EDIT:For future protection use Key scrambler,which would encrypt all key strokes,and i would say regular malware scans,with more than one scanner.

[HX1]

Well lets see can you tell us what his pets name is? Whats his favorite color?.. His birthday? ..in other words how much do people actually know about him personally? Next.. what did he use as a password.. Something simple and stupid? Did he use anything relative to his person?..

Even without being phished.. hacked, with Keyloggers..there are things that you can do that can stupidly exploit yourself.. so look at the simple first..There are plenty of ways to follow the right guidelines to get a secure password, or at least a good one..

He might try upgrading his protection to a version of protection more comprehensive of security today.. and one of the top three Security Suites.. and never use a crack..and the only thing that this is going to do is upgrade his protection but may not solve the problem if you don't start with the main issues at the first level.. then work your way up...

Last but not least.. The site can be hacked.. it has happened to several people.. in fact and several sites.. so truth is no matter what you do.. there are things out there tht may need to be done... truth is.. it my not even be his fault..

[manpe]

First let him do a complete scan with McAfee. After that's done, scan the computer fully with Microsoft Malicious Software Removal Tool (MRT) with the latest definitions.

Then it wouldn't hurt to do a scan with Malwarebytes' Anti-Malware also. You can find it on nsanedown.com.

After all that's done and the computer is cleaned, he should replace Windows Firewall with something more powerful... I can suggest COMODO Internet Security (only the firewall) or Outpost Firewall Pro. Or he can lose McAfee all in once and install Kaspersky Internet Security (it has antivirus and a good firewall). You can find all of those products on nsanedown.com.

I would also suggest him to start using KeyScrambler after all the above is done - you can get it here

EDIT: And a few elementary tips: he shouldn't log in to his e-mail from unsafe computers (for ex. I would never log in from my school comps). And often those warez sites are themselves the biggest virus distributors... I wouldn't be surprised if he got the keylogger/virus from that warez site. And of course he should always use nonsense words or codes WITH numbers in his password... having an easy password with no symbols or numbers, is much easier to hack.

[LeetPirate]

I don't think the strength of passwords matter as much as the locations you use them. I have had 4 letter dictionary passwords at certain sites for a number of years and they have never been compromised. We are talking more than 5 years going with the same weak 4 character passwords and nothing has ever happened. Some may say I am just lucky but I don't think it is random luck, I just never sign into a secure service at any PC other than one I have secured. Once you start checking your mail at public computers or other compromised locations you open yourself up to the possibility of being hacked. You never know who has a hidden trojan or keylogger on the compromised system just waiting to steal somebody's information.

Just to emphasize what my friends above already mentioned, you really should not set your secret answer to something people could guess. If you do things like that then anyone can guess the answers and reset your password thereby stealing your account.

[manpe]

I will confirm again what Leet said... For example I remember at my school a friend of mine installed a keylogger on a computer and could later see many e-mail users and passwords. His ultimate goal was to hack RuneScape accounts though :D The only computer you should trust is yours, by making it as trustworthy as possible.

[Bizarre™]

The only computer you should trust is yours, by making it as trustworthy as possible.

+1 That's the best practice indeed.

[Toshiro]

The only computer you should trust is yours, by making it as trustworthy as possible.

+1 That's the best practice indeed.

+2, that's why no one gets on my pc, if i'm not around.

Just use Keyscrambler for a while, scan with MalwareBytes/Trojan Remover..

And if you want, you can post a Hijackthis log here, i (or others) will be pleased to check it for you ;)

(tut: )

gl :)

[jalaffa]

I just never sign into a secure service at any PC other than one I have secured. Once you start checking your mail at public computers or other compromised locations you open yourself up to the possibility of being hacked. You never know who has a hidden trojan or keylogger on the compromised system just waiting to steal somebody's information.

Agreed upon.

PS.

Funny thing - I had a dream last night about me logging in to nsane.down on a "friend's" computer. Help! - what if my log in details had been revealed. It was only a dream though. ^_^

[DKT27]

OK. You are lucky guy. I had faced the same problem few months ago. The story is a long story and a lot of problems. After one week of trouble, I finally found that my PC was infected by a stealer(pass stealer). As far as I know, pass stealers are not easily detected by a AV or AM. I wasted my whole week to solve it, scanned my PC with ESET two times, MBAM two times, Ad-Aware one time and some more scanners. And finally I scanned my PC with Microsoft Malicious Software Removal Tool. It was able to successfully remove the stealer. I changed my pass afterwards, after that no one is ever trouble the people who are added in my account. :)

You can Download Microsoft Malicious Software Removal Tool from here - http://www.microsoft.com/downloads/details.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

[majithia23]

if ur friend has not typed the email address and password on a phishing site,then probably

theres a keylogger in his system.To avoid further damage use UNHACKME,just to be sure.

EDIT:For future protection use Key scrambler,which would encrypt all key strokes,and i would say regular malware scans,with more than one scanner.

Well lets see can you tell us what his pets name is? Whats his favorite color?.. His birthday? ..in other words how much do people actually know about him personally? Next.. what did he use as a password.. Something simple and stupid? Did he use anything relative to his person?..

Even without being phished.. hacked, with Keyloggers..there are things that you can do that can stupidly exploit yourself.. so look at the simple first..There are plenty of ways to follow the right guidelines to get a secure password, or at least a good one..

He might try upgrading his protection to a version of protection more comprehensive of security today.. and one of the top three Security Suites.. and never use a crack..and the only thing that this is going to do is upgrade his protection but may not solve the problem if you don't start with the main issues at the first level.. then work your way up...

Last but not least.. The site can be hacked.. it has happened to several people.. in fact and several sites.. so truth is no matter what you do.. there are things out there tht may need to be done... truth is.. it my not even be his fault..

First let him do a complete scan with McAfee. After that's done, scan the computer fully with Microsoft Malicious Software Removal Tool (MRT) with the latest definitions.

Then it wouldn't hurt to do a scan with Malwarebytes' Anti-Malware also. You can find it on nsanedown.com.

After all that's done and the computer is cleaned, he should replace Windows Firewall with something more powerful... I can suggest COMODO Internet Security (only the firewall) or Outpost Firewall Pro. Or he can lose McAfee all in once and install Kaspersky Internet Security (it has antivirus and a good firewall). You can find all of those products on nsanedown.com.

I would also suggest him to start using KeyScrambler after all the above is done - you can get it here

EDIT: And a few elementary tips: he shouldn't log in to his e-mail from unsafe computers (for ex. I would never log in from my school comps). And often those warez sites are themselves the biggest virus distributors... I wouldn't be surprised if he got the keylogger/virus from that warez site. And of course he should always use nonsense words or codes WITH numbers in his password... having an easy password with no symbols or numbers, is much easier to hack.

I don't think the strength of passwords matter as much as the locations you use them. I have had 4 letter dictionary passwords at certain sites for a number of years and they have never been compromised. We are talking more than 5 years going with the same weak 4 character passwords and nothing has ever happened. Some may say I am just lucky but I don't think it is random luck, I just never sign into a secure service at any PC other than one I have secured. Once you start checking your mail at public computers or other compromised locations you open yourself up to the possibility of being hacked. You never know who has a hidden trojan or keylogger on the compromised system just waiting to steal somebody's information.

Just to emphasize what my friends above already mentioned, you really should not set your secret answer to something people could guess. If you do things like that then anyone can guess the answers and reset your password thereby stealing your account.

The only computer you should trust is yours, by making it as trustworthy as possible.

+1 That's the best practice indeed.

OK. You are lucky guy. I had faced the same problem few months ago. The story is a long story and a lot of problems. After one week of trouble, I finally found that my PC was infected by a stealer(pass stealer). As far as I know, pass stealers are not easily detected by a AV or AM. I wasted my whole week to solve it, scanned my PC with ESET two times, MBAM two times, Ad-Aware one time and some more scanners. And finally I scanned my PC with Microsoft Malicious Software Removal Tool. It was able to successfully remove the stealer. I changed my pass afterwards, after that no one is ever trouble the people who are added in my account. :)

You can Download Microsoft Malicious Software Removal Tool from here - http://www.microsoft.com/downloads/details.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

sorry for the late reply guys ,

but i was busy celebrating the indian festival of lights "diwali" ! :D

well i solely agree with heath28m . the first and the foremost thing in protecting you against internet threats is common sense !

how u select your i.d. and password and the safe questions !!!

now please dont laugh mates ,

the irony is that , the friend of mine is doing his graduation in computer engineering !! :P

imagine , a computer engineer got hacked .

he was of the comments ...' i hv trusted mcafee for so long and windows firewall obeys me and i regularly run a linux boot disc , i always manually clear my registry and activity and surfing traces and i am not so stupid to just advertise my i.d. and password and all those tech talk ....! '

but in the end he had to admit that someone was smarter than him , who was able to steal his identity !!!

thanks to manpe and karachidude for keyscarmbler .

came to know of it now .

i recommended him , what i hv been using for some time and what every one recommends

eset nod32 with comodo firewall ( realtime ) and superantispyware or lavasoft ad aware with malwarebytes and trojan remover ( for on demand scan .)

also told him to go for sandboxie .

tell me ,

is kaspersky internet suite , in all , better than these individual components ?

and is microsoft malicious software removal tools so good , ?

[MasterUploader]

are you being serrious?a hacked copy of a AV?lol.its easy to install a keylogger in one of those,tell him to get rid of the hacked copy and either PURCHASE one or just get a keygen and try and see if he can get the correct retail installer.

[DKT27]

Believe me I had same problem and only MS tool worked for me. Well first even I didn't thought that it will work, even my white hat friend, who was guiding me throughout the whole problem was astonished to see that MS tool worked.

[HX1]

Microsofts Malicious Software Removal tool is no joke.. I have used it in the past and try to scan with it each time it updates..I haven't i n awhile so I should probably get to that..

BTW for anyone who doesn't know.. It is located in your WINDOWS/System32/ folder under the name MRT.exe.. it is updated on Patch Tuesday.. usually every month.. I actually created a link to it in my Start Menu..( I did some serious mods i there so I can't remember if its in there by default or not.. ) Most people overlook it..

[DKT27]

You are right heath. But incase if anyone doesn't download the updates, you can check it out with the link given.

If you wanna start MS tool, Run > MRT . ;)

[majithia23]

Believe me I had same problem and only MS tool worked for me. Well first even I didn't thought that it will work, even my white hat friend, who was guiding me throughout the whole problem was astonished to see that MS tool worked.

Microsofts Malicious Software Removal tool is no joke.. I have used it in the past and try to scan with it each time it updates..I haven't i n awhile so I should probably get to that..

BTW for anyone who doesn't know.. It is located in your WINDOWS/System32/ folder under the name MRT.exe.. it is updated on Patch Tuesday.. usually every month.. I actually created a link to it in my Start Menu..( I did some serious mods i there so I can't remember if its in there by default or not.. ) Most people overlook it..

thanks guys , for bringing ms malicious software tool to my notice .

i always did notice it in my windows update logs ,.... version sept , version oct and like that , but never payed attention to it .

i ll make sure to run a scan though it .

n my friends just abandoned his mcafee , he was using a keyegen with it .

i ll scan his pc with the above tools and lets see , what pops up ...

btw dkt27 ,

the easyshare link for keyscrambler is for which version ?

i mean , m using vista 32bit and the installation of key scarmbler is failing ....

not sucessful...

?

[DKT27]

Good you took MS Tool into consideration. :)

I don't think there is any easyshare link posted by me, check it again, download from the rapidshare or the mediafire link posted by me on the first post. It's properly tested by me on XP and by Manpe on Windows 7. What is the exact problem you are getting while installing the software?

[manpe]

Forget easyshare majithia... you can download it from there:

Site: http://www.mediafire.com

Sharecode: /?wj2zh2zywmk

[DKT27]

Hey! Postin my link on another thread is not permitted. :P

Nah just jokin. ;)

[majithia23]

Good you took MS Tool into consideration. :)

I don't think there is any easyshare link posted by me, check it again, download from the rapidshare or the mediafire link posted by me on the first post. It's properly tested by me on XP and by Manpe on Windows 7. What is the exact problem you are getting while installing the software?

Forget easyshare majithia... you can download it from there:

Site: http://www.mediafire.com

Sharecode: /?wj2zh2zywmk

Hey! Postin my link on another thread is not permitted. :P

Nah just jokin. ;)

my mistake ,

i did download it from mediafire only , but i typed easyshare in reply , :P

i again installed it and it went fine !

the first time i figured out , that comodos defense stopped it from installing it properly ,

its ok now , but gives this message .... " encryption module error :2 '

in firefox as well as chrome .....

now what ?

and what about the premium version ?

[DKT27]

You just need a restart. Because it installs some drivers, registries, etc. it needs restart. I would recommended the latest pro version instead of the old premium. As there is still no crack available for the latest premium version. ;)

[*dcs18]

now please dont laugh mates ,

the irony is that , the friend of mine is doing his graduation in computer engineering !! :P

imagine , a computer engineer got hacked .

he was of the comments ...' i hv trusted mcafee for so long and windows firewall obeys me and i regularly run a linux boot disc , i always manually clear my registry and activity and surfing traces and i am not so stupid to just advertise my i.d. and password and all those tech talk ....! '

but in the end he had to admit that someone was smarter than him , who was able to steal his identity !!!

This happened to me, too and I found there's another side to this story.

I thought that someone had hacked my system until it dawned upon me that the hacker was NOT using my Bank User Name and Bank Password to steal me. Besides, there were also other confidential & financially damning stuff that were stored online within my email ID. Later, I realized that mine was not a case of identity theft but just a matter of 'Spoofing' (a method by which Spammers send bulk messages using for example, your friend email ID.) Hope your friend has been a mere victim of 'Spoofing' rather than of 'Identity Theft.'

[majithia23]

now please dont laugh mates ,

the irony is that , the friend of mine is doing his graduation in computer engineering !! :P

imagine , a computer engineer got hacked .

he was of the comments ...' i hv trusted mcafee for so long and windows firewall obeys me and i regularly run a linux boot disc , i always manually clear my registry and activity and surfing traces and i am not so stupid to just advertise my i.d. and password and all those tech talk ....! '

but in the end he had to admit that someone was smarter than him , who was able to steal his identity !!!

This happened to me, too and I found there's another side to this story.

I thought that someone had hacked my system until it dawned upon me that the hacker was NOT using my Bank User Name and Bank Password to steal me. Besides, there were also other confidential & financially damning stuff that were stored online within my email ID. Later, I realized that mine was not a case of identity theft but just a matter of 'Spoofing' (a method by which Spammers send bulk messages using for example, your friend email ID.) Hope your friend has been a mere victim of 'Spoofing' rather than of 'Identity Theft.'

hmmm..

yes it could be spoofing .

but the strange thing is that , the mail was sent to every contact in my friends address book. and that too not once but twice .

the mail was directed as , xyz my friend asked all his contacts to go for that ptoduct or offer !!

can spoofing get all these details , right from your account ?

a good firewall should be able to protect against spoof attacks ..

well just need to be careful , over increasing threats daily ...

[DKT27]

My email was named somethin like Hello:A or X or similar. He had sent it to all the contacts in my Live mail. He also changed my auto vacation reply.

[*dcs18]

the strange thing is that , the mail was sent to every contact in my friends address book. and that too not once but twice .

That is a matter-for-concern. Hope your pal has changed his password. It would help if he changed the 'Secret Question' used to reset the Password of his Email account, too.