It’s ‘pword’, isn’t it?
That’s what it was before. Now it’s pword1.
You’re incorrectly assuming that webmail compromises are never caused by locally installed malware. Just because webmail passwords are sometimes stolen via exploiting other passworded sites (as you illustrate) or via phishing doesn’t mean that they aren’t also stolen via malware.
Suggesting that users change their passwords when they suspect a compromise is good advice, but suggesting anti-malware applications is also important, especially when there’s no clue where the compromise occurred. It isn’t sending them down the rabbit hole, and discouraging malware scans in these cases is irresponsible advice.
Of course, spammers don’t have to hack your email to spam a bunch of your friends. All they need is a copy of an email you sent to a group, and presto!, they send out mail to the entire group purporting to come from you. They will probably also send out email to the entire group, and to other addresses as well, purporting to come from each person in the address list.
Under this scenario, they never even came close to your email system, they just grabbed your addresses from the header of a message sent in the clear through the Web. Very annoying, and, under current email protocols, absolutely nothing you can do about it.
sign up for Google Voice it can handle text messages and it’s free and you no one gets your real number
:eek: How did you know? You hacked my computer, didn’t you?! Please don’t make it explode!
You’re right but here’s the thing…I’ve gone through this at least 5 times now in the past month with friends who had their webmail account hacked. We went through the whole malware scanning process. They all have good AV protection (as did the Dopers who posted about it). I’ve also seen the email/password collection scripts first hand.
Yes, passwords can be gotten in a myriad of ways but LATELY, IN MY EXPERIENCE, this is how it’s happening. The recent upsurge in hacked accounts is not due to malware or viruses.
People are saying stuff like “why doesn’t my AV work?” “How did this email get sent when my computer was off?” “Why am I spamming my friends?” All of these questions lead to the answer that your webmail account was compromised and there is no reason to go through the tedious process of checking for malware or switching your AV. In one thread, someone even suggested paying the GeekSquad to do it.
Yes, proper maintenance of your AV software (regular updates and daily scans) is critical. Running periodic malware scans is great. But if someone has your webmail login info, none of that stuff is going to change the fact that you need to change your webmail password.
So if you think you got hacked based on the fact that a bunch of spam was sent from your webmail account…
- Don’t panic - you most likely weren’t hacked.
- Change your webmail password to something unique that you only use for that webmail account and no other account anywhere else.
- Always keep your antivirus program up-to-date and set it to do daily scans. Don’t get mad because it didn’t find anything because you probably don’t have a virus. And not having a virus is a good thing.
- Running anti-malware apps is always good. But don’t get mad because they didn’t find anything because you probably don’t have malware. And not having malware is a good thing.
I went back and checked the posts you linked in the OP. Kunilou was running Norton, and jsc1953 didn’t mention any AV protection at all. I’m not sure how you’re getting “good AV protection” from that.
That may be your experience, but I don’t think that’s a compelling reason to completely dismiss malware scans. Malware hasn’t gone away as a means of obtaining passwords.
#1 can be explained by the constant arms race involved in malware detection. There’s generally a delay between when malware is released and when detection signatures get updated to find it.
#2 can be explained by any theft of a webmail password, whether that theft took place via a locally installed keylogger, via phishing, or via a password stolen from a third site.
#3 just rules out an ordinary joe job (i.e. where there was no compromise and the spammer’s just using an arbitrary from address stolen from their list of email addresses). All it tells us is that the user’s machine and/or webmail password was compromised.
And I’m not saying they shouldn’t change their webmail passwords. However, if their webmail password was stolen via locally installed malware, changing the password won’t fix anything.
This I can mostly agree with (although I still think you’re over-minimizing malware – the people who don’t already know this advice are the ones most likely to get infected). One small tweak:
- If the AV and malware scans came up with something, change your password again to something new once you’ve cleaned up the system. In fact, you’re probably better off doing step 2 from a machine that you have no reason to believe is infected rather than your main machine.