Monday, October 05, 2009

My Email Account Was Hacked!

A horror story for the books...

About two weeks ago, my PC was infected with a virus. Norton discovered it, but wasn't able to quarantine or remove it. Apparently, the virus' purpose was to log my keystrokes to phish for passwords.

As a result, once I logged into my Hotmail account, the virus recorded my password and sent it back to the scammers using my active internet connection.




The next morning, while I was working outdoors in Central Park, nowhere near a computer screen, a friend called me to say that he just received the following email from what appeared to be me. Worse, this email was apparently sent out to every single person in my Address Book...

Dear,
Wish you enjoy a great day!
This is an electronic company . We are now launching a new marketing campaign, some of our products are special offer. What's more, we can give you the best price for the products that you are seeking for.
We mainly sell electrical products,such as laptop, lcd tv, camera
,mobile,Mp4, GPS,and so on.What you need to do is just sending us your detailed inquire or order. We can offer the high quality and competitive price, and all the products come with international warranty.
It will be a great start , and we Sincerely hope we can build friendship of trade relation in the future!
It's our pleasure to hear from you.
Best regards,
taotao
please visit our website: www.sellerusd.com
E-MAIL: buyerusd@vip.188.com
MSN : sellerusd@hotmail.com Q


It's interesting how even with all the technological tools we rely on in our digital worlds everyday, the most effective security warning systems are still our real-life social networks made up of human beings. Within an hour I received about two dozen phone calls and emails from friends and family making sure I knew about this and asking if they could possibly help. Some example comments...

  • "Why are you sending this spam, man?"

  • "I think your account was hijacked."

  • "Want to know the truth? If I'm correct, I think this company comes up first every time on google shopping (with good prices and customer ratings) every time I look for a camera or headphones or something..."

  • "Yo what is this, do you know them and can they deal with schools, purchase orders? I spent $8500 last year on supplies."

  • "Thats very considerate of you to offer me such a good deal. Dude, your computer seems to have an STD!"

  • "Did you send this out to demonstrate the hilarious butchering of the English language?"


My first response upon finding out my email account was hacked was to call my wife and immediately have her change all of my passwords on any accounts that might have recently been used. Second, once I went home, I unplugged the infected PC from the router, thus severing its connection with the internet (so even if the virus was still collecting my data, it couldn't send it out). Finally, I spent the better part of two weeks trying to clean up the PC and quarantine any infected files, ultimately deciding to reformat the entire C: drive by reinstalling the operating system.

It's unfortunate that there's no real remedy for this since the perpetrators are likely located overseas and that, even if found, it's extremely difficult to legally prove that they were indeed the culprits. But so it goes. Even the best anti-virus software is flawed and it's inevitable that at some point everyone will share in this experience. The best thing we can do is simply be each other's best early detection systems.
  

2 Comments:

At 2:19 PM, Anonymous Ben O. said...

Rob,
I find virus scanners to be outdated and costly. I manage at least 50 computers and i find that by the time the virus software has detected a problem, its mostly to late.

About a year ago i installed Web of trust (http://www.mywot.com/) plugin for ie and firefox on all my computers and have almost illuminated all downloaded viruses.

I could also setup a proxy DNS that would effectively do the same thing. Allowing users to only view approved sites. However it hasn't come to that just yet.

 
At 11:01 AM, Blogger Rob Domanski said...

Good info, Ben. I totally agree in having little faith in virus scanners. Just going by what recently happened, even though the scanner detected a malicious virus, it didn't do anything to remove it, and that's not very helpful except for causing panic attacks and making one feel helpless.

 

Post a Comment

<< Home