As most of you know, I am a nerd with Nerds on Site and I
end up having to deal with many computer infections. About a week ago, I had a call with a regular client
who thought she was infected, she was getting failed delivery emails and people
in her contact list were getting strange emails
from her.
I have seen this before, and most cases it turns out that
someone the person knows has had their computer compromised and was
impersonating the person who is getting the failed delivery emails. In these cases there is not much you can
do.
However after testing out her computer and sending emails to
my email accounts, I could find no infection.
I was quite surprised the next day as I started getting these strange
emails from my client Something was definitely still active.
After a little research this is what I found. The infected accounts are all on Yahoo and it
is not the computer that is infected but your Yahoo login credentials are
harvested and sent back to whoever
originated the malware.
If you want more info on this you can read about at these
following 2 links
In a nutshell here’s what happens, an email arrives from
someone you know, it only has a website link in it. These types of emails are quite common, the
one below is the email generated by my browser when I click on the command
email link. This is a perfectly fine
email and most people would think nothing about clicking on it.
What the malware does is send out these emails to people in
the infected accounts contact list, when you click on the link it takes you to
how to get rich on the internet or some such website. Most people will just close the page and
forget about it.
What happens, however, is that if you have set yahoo to stay logged
on, there is a cookie in your computer and the malware can read your logon
credentials.
What should you do if you are a yahoo user or have an
account with an ISP that uses yahoo, Rogers is one such ISP?
- Log on to your yahoo account and uncheck the keep me logged on box
- Go to your yahoo mail options à POP & Forwarding make sure that there are no unexpected email addresses in the forwarding list.
- Go to your Yahoo account info You will see a section called Sign-in and Security (See picture below)
- Verify that all the email address or phone numbers that are used for verifying or notifying you are yours, If you find some you don’t recognize then delete them
- Change your password
- Log out and close your browser
- Go back to your Yahoo email, it should ask you for your password, make sure the keep me logged on box is still unchecked.
As an extra precaution, I would consider always logging out of your web accounts.
