Topics

I've been hacked

 

My email addresses have been hacked. Noon today my first friend contacted me
about it. Since then 10 other people have contacted me asking if the
suspicious email that got was really from me. The email from me contains a
link to a document that I supposedly sent to them. Delete the email. Do not
open the link.

Two different anti-virus programs I ran this afternoon found nothing unusual
on my PC so at this point I have no idea how they got my list of contacts.

The emails did not originate from my copy of Outlook since there is nothing
suspicious in my Sent folder.

Any TekScopes members that I have corresponded with directly are likely to
receive this email from me if the hacker was able to copy my entire list of
email addresses.

Dennis Tillman W7pF

G Hopper
 

Hey Dennis,

How can we be sure this message is from you and not from some hyper
intelligent AI bent on hijacking the TekScopes list (or worse yet, your
identity!) for its own nefarious purposes?

Just joking around :-) Hope you get things sorted out and that the hackers
didn't get to anything critical for you.

73,
Grant
KB7WSD

On Tue, Mar 10, 2020 at 4:49 PM Dennis Tillman W7PF <@Dennis_Tillman_W7pF>
wrote:

My email addresses have been hacked. Noon today my first friend contacted
me
about it. Since then 10 other people have contacted me asking if the
suspicious email that got was really from me. The email from me contains a
link to a document that I supposedly sent to them. Delete the email. Do not
open the link.

Two different anti-virus programs I ran this afternoon found nothing
unusual
on my PC so at this point I have no idea how they got my list of contacts.

The emails did not originate from my copy of Outlook since there is nothing
suspicious in my Sent folder.

Any TekScopes members that I have corresponded with directly are likely to
receive this email from me if the hacker was able to copy my entire list of
email addresses.

Dennis Tillman W7pF



Jean-Paul
 

Dear Dennis pity, suggestion, get copies og the emails including the headers and forward to security department of your email server or host.

Outlook is not a secure email client

Just my thoughts

Jean-Paul

Vince Vielhaber
 

It was your address book that was hacked. That message and attachment didn't come from you or your computer, it came from elsewhere and that can be found in the headers of the email. I've received literally hundreds of these over the last couple of years. It used to come from people with yahoo addresses and addressbooks on yahoo, but that seems to have spread out some.

Vince.

On 03/10/2020 07:49 PM, Dennis Tillman W7PF wrote:
My email addresses have been hacked. Noon today my first friend contacted me
about it. Since then 10 other people have contacted me asking if the
suspicious email that got was really from me. The email from me contains a
link to a document that I supposedly sent to them. Delete the email. Do not
open the link.

Two different anti-virus programs I ran this afternoon found nothing unusual
on my PC so at this point I have no idea how they got my list of contacts.

The emails did not originate from my copy of Outlook since there is nothing
suspicious in my Sent folder.

Any TekScopes members that I have corresponded with directly are likely to
receive this email from me if the hacker was able to copy my entire list of
email addresses.

Dennis Tillman W7pF

Richard R. Pope
 

Hello all,
I receive emails supposedly from Walmart, Walgreans, Associated, Credit One, and others stating that I have won this or that just click on this link to get your prize. The link of course will be a Trojan Horse. Or ones from Charter, your electric company, your bank stating that suspicious activity has been noted and that your account is suspended until you click on this link and login. Of course the link is to steal your login information giving them access to your account or accounts. They will also state that they are from Ebay or Paypal. You can forward the emails to the proper authorities but there are so many of them and the authorities can only do anything if they are based in the US.
GOD Bless and Thanks,
rich!

On 3/10/2020 7:47 PM, Vince Vielhaber wrote:
It was your address book that was hacked. That message and attachment didn't come from you or your computer, it came from elsewhere and that can be found in the headers of the email. I've received literally hundreds of these over the last couple of years. It used to come from people with yahoo addresses and addressbooks on yahoo, but that seems to have spread out some.

Vince.



On 03/10/2020 07:49 PM, Dennis Tillman W7PF wrote:
My email addresses have been hacked. Noon today my first friend contacted me
about it. Since then 10 other people have contacted me asking if the
suspicious email that got was really from me. The email from me contains a
link to a document that I supposedly sent to them. Delete the email. Do not
open the link.

Two different anti-virus programs I ran this afternoon found nothing unusual
on my PC so at this point I have no idea how they got my list of contacts.

The emails did not originate from my copy of Outlook since there is nothing
suspicious in my Sent folder.

Any TekScopes members that I have corresponded with directly are likely to
receive this email from me if the hacker was able to copy my entire list of
email addresses.

Dennis Tillman W7pF


John Griessen
 

On 3/10/20 7:47 PM, Vince Vielhaber wrote:
That message and attachment didn't come from you or your computer, it came from elsewhere and that can be found in the headers of the email.

I've seen plenty of this also. If you look at the headers, I bet you see an unknown somewhere in the chain of from: to To:

Eric
 

Dennis,
    If you need a hand with this let me know I am more then willing to help out. For AV currently a really good one is Sophos home. https://home.sophos.com/en-us.aspx I am not affiliated with them in any way but as an IT security guy it is what I use at home. The home account is free and they give you 3 computers. the paid version is up to 10. also look at https://www.malwarebytes.com/ also free for home use. They will usually find things that AV will not find. For PC performance reasons do not run more then one AV at a time. Windows defender sucks and should not be considered effective. and I usually recommend people stay away form Norton and McAfee. not because they are bad but just because of market share. they are the most commonly attacked.

Eric

On 3/10/2020 7:49 PM, Dennis Tillman W7PF wrote:
My email addresses have been hacked. Noon today my first friend contacted me
about it. Since then 10 other people have contacted me asking if the
suspicious email that got was really from me. The email from me contains a
link to a document that I supposedly sent to them. Delete the email. Do not
open the link.

Two different anti-virus programs I ran this afternoon found nothing unusual
on my PC so at this point I have no idea how they got my list of contacts.

The emails did not originate from my copy of Outlook since there is nothing
suspicious in my Sent folder.

Any TekScopes members that I have corresponded with directly are likely to
receive this email from me if the hacker was able to copy my entire list of
email addresses.

Dennis Tillman W7pF

Richard R. Pope
 

Eric,
I also don't recommend Norton or McAfee because they are such resource hogs. I'll have to look into the ones that you have recommended. I have been using Avast. How do I get rid of Windoze Defender?
GOD Bless and Thanks,
rich!

On 3/10/2020 8:41 PM, Eric wrote:
Dennis,
If you need a hand with this let me know I am more then willing to help out. For AV currently a really good one is Sophos home. https://home.sophos.com/en-us.aspx I am not affiliated with them in any way but as an IT security guy it is what I use at home. The home account is free and they give you 3 computers. the paid version is up to 10. also look at https://www.malwarebytes.com/ also free for home use. They will usually find things that AV will not find. For PC performance reasons do not run more then one AV at a time. Windows defender sucks and should not be considered effective. and I usually recommend people stay away form Norton and McAfee. not because they are bad but just because of market share. they are the most commonly attacked.

Eric

On 3/10/2020 7:49 PM, Dennis Tillman W7PF wrote:
My email addresses have been hacked. Noon today my first friend contacted me
about it. Since then 10 other people have contacted me asking if the
suspicious email that got was really from me. The email from me contains a
link to a document that I supposedly sent to them. Delete the email. Do not
open the link.

Two different anti-virus programs I ran this afternoon found nothing unusual
on my PC so at this point I have no idea how they got my list of contacts.

The emails did not originate from my copy of Outlook since there is nothing
suspicious in my Sent folder.

Any TekScopes members that I have corresponded with directly are likely to
receive this email from me if the hacker was able to copy my entire list of
email addresses.

Dennis Tillman W7pF




Eric
 

Hey Rich,
    Avast is good as far as I know. You technically don't "need" to get rid of defender as it is a built and I think I broke windows badly when I tried to remove it last and most AV will coexist with it. Malware bytes is not AV so it does not tank performance and can be on with other programs.

To All of us here have some irraplaceable data be it digital data books, schematics and repair manuals. Crypto malware is the nastyest thing out at the moment PLEASE PLEASE PLEASE have an off line backup of critical data. To truly be safe it needs to be off and unplugged. A connected usb drive or network file share is not off line enough the crypto malware is getting nasty. Also do not try to get the files back unless you want to pay for them. They are using bank level 128 bit+ asymmetric encryption unless it is poorly implemented or you get extremly lucky the data is gone.

Eric

On 3/10/2020 9:47 PM, Richard R. Pope wrote:
Eric,
    I also don't recommend Norton or McAfee because they are such resource hogs. I'll have to look into the ones that you have recommended. I have been using Avast. How do I get rid of Windoze Defender?
GOD Bless and Thanks,
rich!

On 3/10/2020 8:41 PM, Eric wrote:
Dennis,
    If you need a hand with this let me know I am more then willing to help out. For AV currently a really good one is Sophos home. https://home.sophos.com/en-us.aspx I am not affiliated with them in any way but as an IT security guy it is what I use at home. The home account is free and they give you 3 computers. the paid version is up to 10. also look at https://www.malwarebytes.com/ also free for home use. They will usually find things that AV will not find. For PC performance reasons do not run more then one AV at a time. Windows defender sucks and should not be considered effective. and I usually recommend people stay away form Norton and McAfee. not because they are bad but just because of market share. they are the most commonly attacked.

Eric

On 3/10/2020 7:49 PM, Dennis Tillman W7PF wrote:
My email addresses have been hacked. Noon today my first friend contacted me
about it. Since then 10 other people have contacted me asking if the
suspicious email that got was really from me. The email from me contains a
link to a document that I supposedly sent to them. Delete the email. Do not
open the link.

Two different anti-virus programs I ran this afternoon found nothing unusual
on my PC so at this point I have no idea how they got my list of contacts.

The emails did not originate from my copy of Outlook since there is nothing
suspicious in my Sent folder.

Any TekScopes members that I have corresponded with directly are likely to
receive this email from me if the hacker was able to copy my entire list of
email addresses.

Dennis Tillman W7pF






Richard R. Pope
 

Eric,
OK! I'll leave Defender alone. I have tape backups which are offline. I also use a hardware router/firewall and Yes, I changed the logon credentials. I also do NOT use wireless. Everything is hardwired with CAT 5E running at 1Gb. If I don't know who sent an attachment I don't open it. It gets deleted. My email client is Thunderbird. No Outlost for me. I also use Firefox. No Explorer.
GOD Bless and Thanks,
rich!

On 3/10/2020 9:00 PM, Eric wrote:
Hey Rich,
Avast is good as far as I know. You technically don't "need" to get rid of defender as it is a built and I think I broke windows badly when I tried to remove it last and most AV will coexist with it. Malware bytes is not AV so it does not tank performance and can be on with other programs.

To All of us here have some irraplaceable data be it digital data books, schematics and repair manuals. Crypto malware is the nastyest thing out at the moment PLEASE PLEASE PLEASE have an off line backup of critical data. To truly be safe it needs to be off and unplugged. A connected usb drive or network file share is not off line enough the crypto malware is getting nasty. Also do not try to get the files back unless you want to pay for them. They are using bank level 128 bit+ asymmetric encryption unless it is poorly implemented or you get extremly lucky the data is gone.

Eric

On 3/10/2020 9:47 PM, Richard R. Pope wrote:
Eric,
I also don't recommend Norton or McAfee because they are such resource hogs. I'll have to look into the ones that you have recommended. I have been using Avast. How do I get rid of Windoze Defender?
GOD Bless and Thanks,
rich!

On 3/10/2020 8:41 PM, Eric wrote:
Dennis,
If you need a hand with this let me know I am more then willing to help out. For AV currently a really good one is Sophos home. https://home.sophos.com/en-us.aspx I am not affiliated with them in any way but as an IT security guy it is what I use at home. The home account is free and they give you 3 computers. the paid version is up to 10. also look at https://www.malwarebytes.com/ also free for home use. They will usually find things that AV will not find. For PC performance reasons do not run more then one AV at a time. Windows defender sucks and should not be considered effective. and I usually recommend people stay away form Norton and McAfee. not because they are bad but just because of market share. they are the most commonly attacked.

Eric

On 3/10/2020 7:49 PM, Dennis Tillman W7PF wrote:
My email addresses have been hacked. Noon today my first friend contacted me
about it. Since then 10 other people have contacted me asking if the
suspicious email that got was really from me. The email from me contains a
link to a document that I supposedly sent to them. Delete the email. Do not
open the link.

Two different anti-virus programs I ran this afternoon found nothing unusual
on my PC so at this point I have no idea how they got my list of contacts.

The emails did not originate from my copy of Outlook since there is nothing
suspicious in my Sent folder.

Any TekScopes members that I have corresponded with directly are likely to
receive this email from me if the hacker was able to copy my entire list of
email addresses.

Dennis Tillman W7pF









Tom Gardner
 

Did it actually come from your machine or did the "From:" field merely say it was from you? It is trivial to forge the "From :" field, and the scammers well know that.

All the malefactor needs to achieve is to find a legitimate email somewhere with valid from and to addresses. Especially valuable are "club" emails which are sent to many people in a distribution list, since then the malefactors can use all combinations of from: and to: when constructing their emails.

Consequently I get many /many/ emails /allegedly/ from my acquaintances with links that are clearly dangerous.

On 10/03/20 23:49, Dennis Tillman W7PF wrote:
My email addresses have been hacked. Noon today my first friend contacted me
about it. Since then 10 other people have contacted me asking if the
suspicious email that got was really from me. The email from me contains a
link to a document that I supposedly sent to them. Delete the email. Do not
open the link.

Two different anti-virus programs I ran this afternoon found nothing unusual
on my PC so at this point I have no idea how they got my list of contacts.

The emails did not originate from my copy of Outlook since there is nothing
suspicious in my Sent folder.

Any TekScopes members that I have corresponded with directly are likely to
receive this email from me if the hacker was able to copy my entire list of
email addresses.

Chuck Harris
 

As one of the recipients, the email had a subject from
a recent email thread I sent to Dennis, and his From address.

The payload was grafted onto my original message to Dennis.


Dennis normally comes through as:
Received: from [216.251.100.15] ([216.251.100.15:3699] helo=ARMADILLO.netos.com)
by mx.rcn.com (envelope-from <dennis@.....com>)
(ecelerity 3.6.25.56547 r(Core:3.6.25.0)) with ESMTP
id 18/D0-63572-BF1286E5; Tue, 10 Mar 2020 19:25:48 -0400
Received: from Dennis (unverified [73.42.175.173]) by ARMADILLO.netos.com
(Vircom SMTPRS 4.7.840.26) with ESMTP id <B0117095888@...>
(prot=TLS1-S cifer=RC4-128 hash=MD5-128 exch=RSA-2048 verify=NOT) for
<cfharris@.....com>;


The spammer came through as:
Received: from [64.98.42.41] ([64.98.42.41:33444] helo=smtprelay.b.hostedemail.com)
by mx.rcn.com (envelope-from <dennis@.....com>)
(ecelerity 3.6.25.56547 r(Core:3.6.25.0)) with ESMTPS
(cipher=DHE-RSA-AES256-GCM-SHA384)
id 51/40-07473-F49E76E5; Tue, 10 Mar 2020 15:24:00 -0400
Received: from filter.hostedemail.com (10.5.19.248.rfc1918.com [10.5.19.248])
by smtprelay01.b.hostedemail.com (Postfix) with ESMTP id 5ABE610085D1D
for <cfharris@.....com>; Tue, 10 Mar 2020 19:23:59 +0000 (UTC)

And there is this email address grafted in the spam:
Received: from localhost (unknown [191.177.187.253])
(Authenticated sender: emilee@...)
by omf06.b.hostedemail.com (Postfix) with ESMTPA

I would say that the email spamming program is hosted on dennis's machine,
but it is using an open relay at hostedemail.com to spew the payloads.

-Chuck Harris


Tom Gardner wrote:

Did it actually come from your machine or did the "From:" field merely say it was
from you? It is trivial to forge the "From :" field, and the scammers well know that.

All the malefactor needs to achieve is to find a legitimate email somewhere with
valid from and to addresses. Especially valuable are "club" emails which are sent to
many people in a distribution list, since then the malefactors can use all
combinations of from: and to: when constructing their emails.

Consequently I get many /many/ emails /allegedly/ from my acquaintances with links
that are clearly dangerous.


On 10/03/20 23:49, Dennis Tillman W7PF wrote:
My email addresses have been hacked. Noon today my first friend contacted me
about it. Since then 10 other people have contacted me asking if the
suspicious email that got was really from me. The email from me contains a
link to a document that I supposedly sent to them. Delete the email. Do not
open the link.

Two different anti-virus programs I ran this afternoon found nothing unusual
on my PC so at this point I have no idea how they got my list of contacts.

The emails did not originate from my copy of Outlook since there is nothing
suspicious in my Sent folder.

Any TekScopes members that I have corresponded with directly are likely to
receive this email from me if the hacker was able to copy my entire list of
email addresses.


ebayatessnh
 

Hi Dennis,

This has happened to me twice. Maybe I was lucky, but both times it was just a big annoyance. One hole that I plugged was to switch to the SSL/TLS port for IMAP (993) and SMTP (465).

In the past, most clients defaulted to the insecure ports that send the password in clear text.

Similarly, if you use a Webmail interface, make sure to always use the https:// address to access it. Most servers will automatically switch from http:// to https://, but some still allow http:// which send unencrypted usernames and passwords.

Just my $.02.

Dave

Jean-Paul
 

Bonjour à tous

Have been using Avast free AV found some years, very unobtrusive and spares resources. Highly recommended.

W10 defender is automatically dialed off whether W10 detected installation of alternative AV SW.

Jean-Paul

Geoffrey Thomas
 

If you're worried about cryptomalware then this is a useful program - Cryptoprevent. I have no interest in this except I have it installed:

https://www.d7xtech.com/cryptoprevent-anti-malware/free-edition/

The free edition is no longer being updated.

Geoff.

On 11/03/2020 02:00, Eric wrote:
Hey Rich,
    Avast is good as far as I know. You technically don't "need" to get rid of defender as it is a built and I think I broke windows badly when I tried to remove it last and most AV will coexist with it. Malware bytes is not AV so it does not tank performance and can be on with other programs.
To All of us here have some irraplaceable data be it digital data books, schematics and repair manuals. Crypto malware is the nastyest thing out at the moment PLEASE PLEASE PLEASE have an off line backup of critical data. To truly be safe it needs to be off and unplugged. A connected usb drive or network file share is not off line enough the crypto malware is getting nasty. Also do not try to get the files back unless you want to pay for them. They are using bank level 128 bit+ asymmetric encryption unless it is poorly implemented or you get extremly lucky the data is gone.
Eric

tekscopegroup@...
 

Your computer was infected by a trojan that looks for contacts in email programs and converts your machine into a spam sending zombie. It might possibly also be looking for other interesting information like any exposed banking/financial info, etc. Its important to stop using the computer until you are sure its once again clean. You most probably visited a compromised website and your browser allowed it to be planted on your machine, without even having to do anything or click on any links. Just visiting the website with a weakly secured browser is usually all that is needed to get infected. Or you may have clicked on the wrong email link, such as the one on the emails your machine is now sending out trying to spread the infection and that will surely take you to a website as described before.

I would not bother or even trust much in all the commercial anti-virus stuff that's out there nowadays, most are just bloated and not very effective means of securing a computer, and mostly give a false sense of security, specially since a few years ago where some things have radically changed on the Internet and the way infections are spread, and new means of "bad stuff" staying hidden from most scanners. In the end nothing beats common sense and safe security practices, plus an up to date system with all sec patches in place. Also get the right plug-in/add-ons for your browser to make it safer, and avoid anything with MS or IE in the name. Regular system backups can easily save the day if nothing else works.

And unless you know what you are doing don't bother scanning or running magic stuff looking for quick solutions to remove the infection. If you have a recent system backup it might be worth using it. There might even be a dedicated removal tool out there but first you need to know what your computer is infected with.

Instead head over here and ask for help:
https://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-help/

Abc Xyz
 

I took my Infected Units over to Best Buy & let the Geek Squad Remove the
Virus's. They have Access to Tools we can't get. Plus, they Installed their
own Detection Software.

On Wed, Mar 11, 2020, 9:53 AM <tekscopegroup@...> wrote:

Your computer was infected by a trojan that looks for contacts in email
programs and converts your machine into a spam sending zombie. It might
possibly also be looking for other interesting information like any
exposed banking/financial info, etc. Its important to stop using the
computer until you are sure its once again clean. You most probably visited
a compromised website and your browser allowed it to be planted on your
machine, without even having to do anything or click on any links. Just
visiting the website with a weakly secured browser is usually all that is
needed to get infected. Or you may have clicked on the wrong email link,
such as the one on the emails your machine is now sending out trying to
spread the infection and that will surely take you to a website as
described before.

I would not bother or even trust much in all the commercial anti-virus
stuff that's out there nowadays, most are just bloated and not very
effective means of securing a computer, and mostly give a false sense of
security, specially since a few years ago where some things have radically
changed on the Internet and the way infections are spread, and new means of
"bad stuff" staying hidden from most scanners. In the end nothing beats
common sense and safe security practices, plus an up to date system with
all sec patches in place. Also get the right plug-in/add-ons for your
browser to make it safer, and avoid anything with MS or IE in the name.
Regular system backups can easily save the day if nothing else works.

And unless you know what you are doing don't bother scanning or running
magic stuff looking for quick solutions to remove the infection. If you
have a recent system backup it might be worth using it. There might even be
a dedicated removal tool out there but first you need to know what your
computer is infected with.

Instead head over here and ask for help:

https://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-help/




Chuck Harris
 

Geek Squad "technicians" get paid by the FBI to take
special training courses on finding and identifying
hidden pornography, and illegal documents. They get
paid a bounty for every suspicious thing they turn
in to the FBI.

That's unconstitutional, you say?

No, it isn't. They are a private entity, and you have
to sign a waiver that gives them permission to search
for such stuff before they will work on your computer.

Anything they find, they will send right out to the FBI
for evaluation...

Best not use Geek Squad for any computer that has been
involved with anything you wouldn't want to see in the
Washington Post.

Also, a lot of the spam payloads turn your windows machine
into child pornography servers.

If Geek Squad finds that, you will get to spend a few
weeks in jail.

Me personally, if Geek Squad was my only choice, I would
remove and destroy the drive, and put a new install of
windows on a new drive, and shrug my shoulders for being
stupid enough to use Windows, and stupid enough not to
make off machine backups...

-Chuck Harris

Abc Xyz wrote:

I took my Infected Units over to Best Buy & let the Geek Squad Remove the
Virus's. They have Access to Tools we can't get. Plus, they Installed their
own Detection Software.

Roy Thistle
 

On Wed, Mar 11, 2020 at 11:43 AM, Abc Xyz wrote:


Best Buy & let the Geek Squad Remove
In my opinion... because of experience, "Danger Will Robinson. Danger!" … but, one's mileage may vary.
Someone once told me don't use grandma's best china to feed a room full of chimpanzees... but, I recon now that I know better paper plates would be okay.
Roy.

Roy Thistle
 

On Wed, Mar 11, 2020 at 09:53 AM, <tekscopegroup@...> wrote:


Instead head over here and ask for help:
https://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-help/
Those guys have a lot of cred... but, posters often ask you to download this or that from those or them... and run it... and post the logs in the forum... and if you are not knowledgeable enough to know what's dangerous or suspicious... well...
If there is not too much of the devil's work... at work... people here on the forum can help.
Roy