Penny Arcade Forums Games and Technology Moe's Stupid Technology Tavern
As was foretold, we've added advertisements to the forums! If you have questions, or if you encounter any bugs, please visit this thread: https://forums.penny-arcade.com/discussion/240191/forum-advertisement-faq-and-reports-thread/
Options

Virus?

StormwatcherStormwatcher BleghBlughRegistered User regular
edited January 2011 in Moe's Stupid Technology Tavern
So this morning I see that several spam emails were sent supposedly from on of my email addresses, the Yahoo one. Well, I know that they frequently do that silly trick in which the spam you get looks like it was sent from your address but wasn't.

Thing is, it was sent TO several people in my address book.

So I'm running all malware detectors I can (spybot, Malware Bytes, MS Sec Essentials) and I'm gonna buy a real AV app.

Passwords seem to be safe, and nothing else really weird happened so far.

Should I be worried? Should I do any other steps?

thanks

Steam: Stormwatcher | PSN: Stormwatcher33 | Switch: 5961-4777-3491
camo_sig2.png
Stormwatcher on

Posts

  • Options
    TL DRTL DR Not at all confident in his reflexive opinions of thingsRegistered User regular
    edited January 2011
    No need to pay for an AV. Change your password from a known secure PC if possible.

    Download Windows Cleanup, it will clear out old temp files and make those malware scans go a lot faster.

    TL DR on
  • Options
    TetraNitroCubaneTetraNitroCubane The Djinnerator At the bottom of a bottleRegistered User regular
    edited January 2011
    Were the messages you found in your outbox all sent at once? In a block, say, between when you might've logged in yourself, and the next time you logged in? Do you have the option enabled to stay logged in always, and do you ever log out manually? The reason I ask is because there's a chance that someone stole your authentication cookie via an XSS attack, which doesn't require infection of your local machine, but allows someone to hijack your current session.

    Aside from an XSS attack, the other possibilities include keylogger on your local machine, password compromise via phishing, and sever-side compromise. It's baffling how many people report exactly what you have without knowing the reason, particularly for GMail. In any case, you can approach the issue the same way:

    So far I'd say you're taking the right steps with the scan. TLCCOTT is right when he says that you don't need to pay for an AV if you don't want to - MSE is comparable to most paid options these days. If you're really paranoid, after all the scans are done, run another scan with Hitman Pro, which will use several different AV engines and also check for some rootkits (don't pay for it, though, just use the free scanner).

    Once you're confident that your machine is secure, or can access a machine that's secure, change your passwords. You say "Passwords seem to be safe", but I'm not sure how you can be certain of that. Best to change them now, and give yourself peace of mind. After scanning and changing your passwords, you'll be in good shape.

    TetraNitroCubane on
  • Options
    StormwatcherStormwatcher Blegh BlughRegistered User regular
    edited January 2011
    TetraNitroCubane wrote: »
    Were the messages you found in your outbox all sent at once? In a block, say, between when you might've logged in yourself, and the next time you logged in? Do you have the option enabled to stay logged in always, and do you ever log out manually? The reason I ask is because there's a chance that someone stole your authentication cookie via an XSS attack, which doesn't require infection of your local machine, but allows someone to hijack your current session.

    Aside from an XSS attack, the other possibilities include keylogger on your local machine, password compromise via phishing, and sever-side compromise. It's baffling how many people report exactly what you have without knowing the reason, particularly for GMail. In any case, you can approach the issue the same way:

    So far I'd say you're taking the right steps with the scan. TLCCOTT is right when he says that you don't need to pay for an AV if you don't want to - MSE is comparable to most paid options these days. If you're really paranoid, after all the scans are done, run another scan with Hitman Pro, which will use several different AV engines and also check for some rootkits (don't pay for it, though, just use the free scanner).

    Once you're confident that your machine is secure, or can access a machine that's secure, change your passwords. You say "Passwords seem to be safe", but I'm not sure how you can be certain of that. Best to change them now, and give yourself peace of mind. After scanning and changing your passwords, you'll be in good shape.

    I checked the email addresses the message was sent to, and all of them were in the webmail address book, so I'm less worried about malware in my main pc. Therefore, I do think it was an XSS Attack thing.

    The scans ended up clean, aside from a couple of false positives. I'm gonna run Hitman just to be sure.

    I'm gonna change the passwords, sure, but I was waiting to confirm that my machine is clean, as it's the machine I trust the most (I can't access https sites from the work machine). I meant that no one logged on any of the sites and services I've used and done shit to them. I'll also use the ipod authenticator thing for WoW. I already changed the Yahoo PW.

    Thanks for all the info!

    Stormwatcher on
    Steam: Stormwatcher | PSN: Stormwatcher33 | Switch: 5961-4777-3491
    camo_sig2.png
Sign In or Register to comment.
Penny Arcade Forums Games and Technology Moe's Stupid Technology Tavern