Just FYI: getting reports of possible hacked emails

[Fullmetal Chocobo]

I've been getting quite a few reports of people getting links via email from people they know, and of course they click on the link. So I have several machines infected with several backdoors and trojans.

Just seems odd that I'm getting several on one day. Accounts that the emails were received from include yahoo and hotmail.

One email has the originating IP as '78.186.118.66' which goes to a ISP out of Turkey (Turk Telekom).

 

[Chiefcrowe]

I've gotten spam from one of my friends on 2 different accounts with just a link. One was to gmail which I almost never get spam in!
i reported it so we'll see what happens. it appears to be the same thing as you mentioned since it was from a hotmail account.

 

[Fullmetal Chocobo]

I've gotten spam from one of my friends on 2 different accounts with just a link. One was to gmail which I almost never get spam in!
i reported it so we'll see what happens. it appears to be the same thing as you mentioned since it was from a hotmail account.

In the emails, it was just a single link in the email, one linking to "orethagulke4036 . angelfire . com" and another linking to "www . prn4 . healthxpills . com"

DO NOT FOLLOW THE ABOVE LINKS!! the healthxpills did result in infection of the machine that opened the link.

 

[Chiefcrowe]

yup, that's the one i got. Horrible!

do you think this means that the sender's machine is infected or it's from some spambots?

 

[KeithP]

I've been getting quite a few reports of people getting links via email from people they know, and of course they click on the link. So I have several machines infected with several backdoors and trojans.

Just seems odd that I'm getting several on one day. Accounts that the emails were received from include yahoo and hotmail.

One email has the originating IP as '78.186.118.66' which goes to a ISP out of Turkey (Turk Telekom).

Are you saying that emails are actually coming from those accounts or is it that "reply to:" address simply has those users email address inserted?

-KeithP

 

[Fullmetal Chocobo]

yup, that's the one i got. Horrible!

do you think this means that the sender's machine is infected or it's from some spambots?

It appears to be the result of the online email / webmail accounts being hacked (or at least in some way messed with). If the link is clicked, it results in the machine (possibly?) being infected. I have not had any local machines send out infected emails, so thus far it only appears to be yahoo and hotmail at this time.

On the other hand, I haven't seen any official news regarding this, so these might be isolated incidents. However, I just did find out about another case, once again from yahoo, that sent out the same message (healthxpills).

I would send an email to whoever you receive the email from and advise them of the email you received, and have them change their passwords. And I would go ahead and scan your machine with MBAM (Malware Bytes) and Super Anti Spyware. That's what I've been using, and they seem to work very well together.

 

[Fullmetal Chocobo]

Are you saying that emails are actually coming from those accounts or is it that "reply to:" address simply has those users email address inserted?

-KeithP

They were actually sent from the hotmail account. I confirmed this because all of the messages are still in the "sent" folder of the account.