Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




676 posts

Ultimate Geek
+1 received by user: 104

Subscriber

Topic # 33126 30-Apr-2009 14:50
Send private message

Has this every happened to you? I've fixed countless problems for folks, got their PCs back in order when they were ready to just buy a new one. Keep telling people to not open those emails, stay away from pirated software etc etc. Now my old Hotmail account got hacked and about 140 people got some horrible spam from Globseason from me. I feel quite ashamed really! I'm probably just over-reacting as most people would just ignore the spam anyway.

This is the first time anything like this has happened to me, so I'm not sure if Globseason is a particularly special case but it seems to be a hot topic at the moment. I found plenty of help and it looks like the Windows Live team will be able to restore all my contacts that have been subsequently deleted. Unfortunately I'm at work right now so I can't wait to get home and start scanning all my PCs on the home network.

Just wondering, is there any security issue if I'm web-browing on my Nokia N95 through my wireless lan at home? I have started to use it frequently and never thought there was anything to be concerned about.

Create new topic
Hawkes Bay
8477 posts

Uber Geek
+1 received by user: 5

Mod Emeritus
Trusted
Lifetime subscriber

  Reply # 210910 30-Apr-2009 15:00
Send private message

Do you know how it was hacked? Malware on your PC? Brute forced? Server/service vulnerability?









676 posts

Ultimate Geek
+1 received by user: 104

Subscriber

  Reply # 210915 30-Apr-2009 15:17
Send private message

No idea as yet. Must have happened overnight, I checked Hotmail on my N95 at work and saw a bunch of undeliverables which alerted me to the situation. I've been mucking around on my HTPC for the last few days and the only change to my regular desktop was installing a new version of CPU-Z, minus the Ask toolbar. I just want to get home asap so I can start looking into this.

 
 
 
 


1780 posts

Uber Geek
+1 received by user: 35

Trusted

  Reply # 210917 30-Apr-2009 15:28
Send private message

hmm have a read at this, cpu-z should be harmless ... so have you done any of these steps to allow others know your password to your hotmail?

8027 posts

Uber Geek
+1 received by user: 387

Trusted
Subscriber

  Reply # 210918 30-Apr-2009 15:31
Send private message

Note: Spammers often fake or spoof the from addresses for spam they send. They can do this without having compromised your actual email account.

Right now if I wanted to send you an email which pretended to be from bill.gates@microsoft.com I could easily.  Any half decent junk filtering would check the origin of the email using SenderID or reverse dns and filter out the fakes.

All you can do really is encourage anyone who is getting this type of bogus email to use better junk mail filtering.

I would still double check all your pc's and change any insecure passwords to more secure 10 digit paswords with a mix of numbers, capital letters, lower case letters and other characters (eg: #!@#!@#).  Just in case.


1780 posts

Uber Geek
+1 received by user: 35

Trusted

Reply # 210919 30-Apr-2009 15:37
Send private message

Ragnor: Note: Spammers often fake or spoof the from addresses for spam they send. They can do this without having compromised your actual email account.

Right now if I wanted to send you an email which pretended to be from bill.gates@microsoft.com I could easily.  Any half decent junk filtering would check the origin of the email using SenderID or reverse dns and filter out the fakes.

All you can do really is encourage anyone who is getting this type of bogus email to use better junk mail filtering.

I would still double check all your pc's and change any insecure passwords to more secure 10 digit paswords with a mix of numbers, capital letters, lower case letters and other characters (eg: #!@#!@#).  Just in case.



Was that you who's been sending spam out of my domain? :P

Hawkes Bay
8477 posts

Uber Geek
+1 received by user: 5

Mod Emeritus
Trusted
Lifetime subscriber

  Reply # 210920 30-Apr-2009 15:38
Send private message

Undeliverables are not a reliable indicator of anything untoward with your account.

I can generate undeliverables till the cows come home, for any email address, without touching the 'victims' account, mailserver, pc, or network.









676 posts

Ultimate Geek
+1 received by user: 104

Subscriber

  Reply # 210921 30-Apr-2009 15:41
Send private message

zocster: hmm have a read at this, cpu-z should be harmless ... so have you done any of these steps to allow others know your password to your hotmail?


No, I'm pretty sure I haven't done anything of the sort. He's a link to someone's blog on the same problem

Ragnor: Note: Spammers often fake or spoof the from addresses for spam they send. They can do this without having compromised your actual email account.


This is an actual account hack, because after spamming all my contacts they then deleted them, plus they set up an auto-reply to harass anybody else who emailed me. I've undone all this, and am waiting/hoping my Contacts will be restored by the helpful Windows Live team. Plus my password has been changed.

Hawkes Bay
8477 posts

Uber Geek
+1 received by user: 5

Mod Emeritus
Trusted
Lifetime subscriber

  Reply # 210924 30-Apr-2009 15:47
Send private message

lurker: This is an actual account hack, because after spamming all my contacts they then deleted them, plus they set up an auto-reply to harass anybody else who emailed me. I've undone all this, and am waiting/hoping my Contacts will be restored by the helpful Windows Live team. Plus my password has been changed.

Very hacked then!

Bummer!







1780 posts

Uber Geek
+1 received by user: 35

Trusted

  Reply # 210926 30-Apr-2009 15:49
Send private message

gee somethin serious, reminded me to always use https on my gmail account, it's always set on https for my google apps but yeah ... so thanks!

8027 posts

Uber Geek
+1 received by user: 387

Trusted
Subscriber

  Reply # 210928 30-Apr-2009 15:59
Send private message

zocster: Was that you who's been sending spam out of my domain? :P


Hah I can if you like!

...but no we had s spammers sending email out pretending to be "us" very irrating and in the end jack all you can do about it.  We almost lost one customer because he didn't believe email could be easily faked until I sent and email from himself to himself with a fake message.

Re: OP

I recommend this password generator:

- Change the length to 10 and tick include punctutaion and go crazy

http://www.pctools.com/guides/password/



676 posts

Ultimate Geek
+1 received by user: 104

Subscriber

  Reply # 210934 30-Apr-2009 16:08
Send private message

Thanks for the comments so far, I would just say if any other Hotmail users are having the same trouble, make sure you visit the relevant Windows Live forum here and follow the instructions to (hopefully) get your contacts restored. And don't forget to change your password and switch off the auto-responder.

6329 posts

Uber Geek
+1 received by user: 391

Moderator
Trusted
Lifetime subscriber

  Reply # 210986 30-Apr-2009 19:08
Send private message

lurker: Thanks for the comments so far, I would just say if any other Hotmail users are having the same trouble, make sure you visit the relevant Windows Live forum here and follow the instructions to (hopefully) get your contacts restored. And don't forget to change your password and switch off the auto-responder.


Does your "forgot your password" have a question that is hard enough to guess?  Some time ago I had a challenge with a mate that I couldn't "hack" his Hotmail account, I did it three or four times despite him picking complex passwords all because I guessed his forgot your password answer.

We got up to some serious mischief in secondary school...





676 posts

Ultimate Geek
+1 received by user: 104

Subscriber

  Reply # 211094 30-Apr-2009 23:54
Send private message

nate:Does your "forgot your password" have a question that is hard enough to guess?


Yeah, because I usually substitute my own question instead, eg zip code becomes prime minister's name, something along those lines.  I've been busy scanning etc, every PC is coming up clean, and no strange startup entries or running processes that look out of the ordinary. I don't really think my password was given up by me, I can't see it happening, though won't rule anything out until I find out the cause.



676 posts

Ultimate Geek
+1 received by user: 104

Subscriber

  Reply # 211097 1-May-2009 00:06
Send private message

Oh, and the Windows Live team have sent me a list of all my Contacts, which was very good of them. They seem to be pretty busy with these requests at the moment, and they are advising people that their teams are trying to investigate what malware is responsible for this current spate of problems.

The only piece of equipment I own that I don't know much about (technically) is my Nokia N95, which I'm using more frequently online although I'm too paranoid to touch it (for web browsing) at the moment. This might be a dumb question but do devices like this need to be protected? I see antivirus applications are available, are they necessary? I'm not running anything like that at the moment.

Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Geekzone Live »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.