Scam poss hacked email? Help

oliveoil54

Husband
Has supposedly sent out loads of emails to a various friends and colleagues, but not to his entire address list.
The email only has one connection for the following address

http://blog.lauguico.com/wp-includes/gift

Had a look online & could only find one website reporting it and am supsicious this may also be a scam as well "



Abuse Report 189.222.115.225 IP Address: Offensive/Fraudulent ...


www.ipfraudreporter.com/189-222-115-225-ip-addressCached
You +1'd this publicly. Undo
3 days ago – http:// blog. lauguico .com/wp-includes/gift. The above URL (hacked blog) takes you to http:// home45income .com/landing/index.php = HOAX,"

So haven't wanted to check to far in case I pick up a virus etc.
Anyone any suggestions asap?

RussJK

Of course it's a scam.

A work from home link in association with fake viagra site rxviag.ru.

Uses a popular script to return your geo location, in order to put the name of your location in the fake article to make it seem more valid:
http://j.maxmind.com/app/geoip.js (safe to click)

The link itself doesn't seem to initiate the download of any malware though:
http://wepawet.iseclab.org/view.php?hash=e72013e9a7d0a22058eb659471d0c201&t=1318259444&type=js

Run Malwarebytes Quick scan, Hitmanpro Quick scan, and let us know how you go.

Also give details of the email provider, and how he accesses e.g. outlook, webmail, etc.

oliveoil54

Thanks for quick reply
Just ran Malware Bytes & Avira Antivius both clear, hubby has now changed his password to something more effective (despite months of nagging).

Email provider is Bt Yahoo & Explorer 8 (I know IE 8 is not the world's greatest, but my OH is very set in his ways & doesnt like to have the hassle of learning to use new systems. Getting him to think of new more complicated password was bad enough!).

Just ran Hitman Pro and all clear.

So take it everything ok?

What I found really weird was as far as I can tell the fake email has only been sent to a group of people on my hubby's Contact list with D at the begining of their names?

Also have not heard of or used Hitman Pro before, is it worth downloading or just use it as a one off scan when necessary?

Many thanks for your help.

RussJK

Probably it's as simple as someone having broken into his account. I've noticed the same thing with spam emails, that they target all the 'Rs' or all the 'Ts'.

HitmanPro is an effective tool. The free version only gives a 'quick scan', but it'll find anything active if it's able. Better at certain kinds of malware than Malwarebytes (IMO), but MBAM is my first choice.

Sometimes has false positives, so best to use https://www.virustotal.com or the like to test the suspected file. When you delete a trojan with the free version, it starts a 30 day trial which allows removal - and after the 30 day trial it'll only allow scanning. Best to wait until you really need it if that makes sense.

Can use this to test password strength:
http://rumkin.com/tools/password/passchk.php

It's a better checker than others, as it doesn't arbitrarily reward silly stuff like capitals/number insertion as much as other password checkers. It shows that a complicated password like:

'h4ppyg0lucky5' is merely 'reasonable'

while 'this password is better than my last one' is 'very strong' and considered overkill.

oliveoil54

Thankyou for your help and advice.

DirtyLeeds

My wife has had the same problem with this IP address , also via Yahoo / BT. I found that shw had allowed Facebook to access her mail Contacts , so that could also have been the cause of the scam Emails . There's a "Social Networks" tab when you log into Yahoo mail , just disable them all is my advice.

cheers
DL

oliveoil54

Yes it did.
But Hubby doesnt use Facebook, in fact doesnt use any sites like that at all.