Customers yahoo email been hacked - advice

joydivision

joydivision

Well-Known Member
Reaction score
58
Location
Manchester, UK
She is blaming me saying MSE is useless and it hasn't been doing anything she said she downloaded another virus scanner which found lots (I suspect it may be a fake one but she insists it wasn't).

Anyway her Yahoo email account has been hacked and its sending out spam. The emails are clearly in her sent folder. I have not seen the computer yet but two things is there a known worm which affects Yahoo? She insists she has only been using her laptop at home.

All I know at this stage is MSE hasn't found anything.

It might be obvious when I get that it is a virus but does anybody know of a specific virus that infects Yahoo so I know where to look manualy before I start with the scans?
 
Have you told her to change her password yet? Much of the recent hacking has been on the Yahoo site.
 
Any sources? I have tried google but just get silly things. I want to be able to show that MSE is as as good as the free ones get.

I have told her to change her yahoo password :).
 
http://www.av-comparatives.org/images/stories/test/ondret/avc_od_aug2010.pdf

That link above gives the most recent tests by AV-Comparatives. MSE is in the lower third by detection rates (keep in mind that the difference between it and the first place was ~2%). It was 2nd in the fewest false positives (again, keep in mind that it had 2 false positives, and the worst had 98). There are more tests you can find but that was the most recent that I found.

You might also try and figure out how hard her password would be to brute force as that's the most likely approach. Have her change her security questions as well as those can be trivial to figure out. Lastly the backup email address. Make sure it's one she and she alone has access to.
 
joydivision said:
She is blaming me saying MSE is useless and it hasn't been doing anything she said she downloaded another virus scanner which found lots (I suspect it may be a fake one but she insists it wasn't).

Anyway her Yahoo email account has been hacked and its sending out spam. The emails are clearly in her sent folder. I have not seen the computer yet but two things is there a known worm which affects Yahoo? She insists she has only been using her laptop at home.

All I know at this stage is MSE hasn't found anything.

It might be obvious when I get that it is a virus but does anybody know of a specific virus that infects Yahoo so I know where to look manualy before I start with the scans?
Click to expand...

It does sound like she might have picked up a virus. I understand there are some out there that do this but I don't have any links to back it up, just what people have told me.

If you find she did install a fake AV then you might want to find out exactly when and see if that predates the first spam sent out, in case that is what caused the problem.

But I wouldn't rule out MSE letting a virus through. I've posted about this a couple of times recently. Also the latest guest tech on Podnutz was complaining about how it was letting stuff in and he'd had to stop installing it. I stopped installing it because customers got infected and blamed me. It made me alter what I do - I never uninstall what they have paid for alreadyt, I never just install a free AV without pointing out they are wide open to certain attacks and I try to sell them the full KIS suite if they are currently using a free one. The only time I install it is when they refuse to pay for AV and then I tell them that they are taking a risk but I'll put something on that is at least decent. Whatever I do I make sure they understand nothing is 100%. Complaints have stopped so far. I don't mind if they get infected by their risky behaviour and call me to get it fixed but I do mind them thinking it was my fault.

Anyway you could print this off and take it with you: http://www.av-comparatives.org/images/stories/test/ondret/avc_report26.pdf

This particular report makes MSE out to be very good.
 
Last edited:
I want to be able to show that MSE is as as good as the free ones get.


ESET Smart Security 4 (9)
McAfee Internet Security 2010 (8)
Microsoft Security Essentials* (8)
Norton Internet Security 2010 (7)
Bitdefender Internet Security 2010 (7)
Panda Internet Security 2010 (7)
Comodo Internet Security Pro (6)
Avira Antivir Free Edition* (6)
Avast! Internet Security (5)
Trend Micro Internet Security Pro 3.0 (4)

In a nutshell, the article went on to say that ESET continues to be the favorite, McAfee finally redeems itself, MSE is great for cheapskates, and Trend Micro just plain sucks.

source: maximum pc may issue.

tell her 1.open up her pocket book and pay for something 2.change her passwords to something besides her cat's name 3. stay off the scat sights. :p

...goss
 
Erm I wonder if its time to buy some Kaperspy retail boxes. I can get them for £10 a box but they are single user only but are retail.

I think maybe I need to start selling security packages rather than just anti viruses packages though.
 
since you've already asked her to change password. I think your best next move is to scan it with your trusted virus scanner and be done with it. I'd start with mbam if I were you.

kindly ask her not to blame you :D comfort her by telling even business computers with superior security measures also gets hijack :p. she may contact yahoo HERE if she wants to complain or investigate. good luck
 
Rodrick said:
You might also try and figure out how hard her password would be to brute force as that's the most likely approach.
Click to expand...

Have had several Yahoo (and a couple Hotmail) clients' accounts hacked recently as well; that is one thing I ask them "well, what was your password anyway?" and then have them go to this site:

http://howsecureismypassword.net/

Which estimates how long a brute password attack would take to crack their password. Don't know exactly how accurate it is, but it does help the EU try and come up with something a little more complicated than 'bingo' for a password.
 
joydivision said:
Erm I wonder if its time to buy some Kaperspy retail boxes. I can get them for £10 a box but they are single user only but are retail.

I think maybe I need to start selling security packages rather than just anti viruses packages though.
Click to expand...

I'd definitely start selling one of the better security suites with intrustion protection as well as AV. It's profitable and they get better protection. It's win/win. That's good business.
 
joydivision said:
She is blaming me saying MSE is useless and it hasn't been doing anything she said she downloaded another virus scanner which found lots (I suspect it may be a fake one but she insists it wasn't).

Anyway her Yahoo email account has been hacked and its sending out spam. The emails are clearly in her sent folder. I have not seen the computer yet but two things is there a known worm which affects Yahoo? She insists she has only been using her laptop at home.

All I know at this stage is MSE hasn't found anything.

It might be obvious when I get that it is a virus but does anybody know of a specific virus that infects Yahoo so I know where to look manualy before I start with the scans?
Click to expand...

I had my yahoo email account hacked months ago and instead of changing my password, I just deactivated the hacked email and created a brand one, using a completely different username. Interestingly my 'old' email was sending out Viagria advertisements to both my male and female friends...lol...I still get teased about that now....lol
 
I checked it, it was running Windowes 7 64-bit and no sign of any unusual processes. I did a MWAB scan and ran TDSKILLER and it found nothing.

It seems she had a weak password and an external bot hacked into it.
 
You must log in or register to reply here.

Similar threads

thecomputerguy
Client can't login to Google account using their own email.
Replies
8
Views
182
timeshifter
timeshifter
thecomputerguy
Client locked out of MSN account in an interesting way.
Replies
7
Views
176
thecomputerguy
thecomputerguy
thecomputerguy
What are my options to prevent token theft?
Replies
5
Views
348
Sky-Knight
Sky-Knight
Velvis
Is it possible to check if an email has been read and unsend it or delete it if possible?
Replies
5
Views
399
Markverhyden
Markverhyden
callthatgirl
Weird hack I can't figure out
2
Replies
21
Views
2K
Sky-Knight
Sky-Knight
Back
Top