Solved

msn.com email account hacked?

Posted on 2010-09-10
2
890 Views
Last Modified: 2013-11-22
I received a spam message from a friend's online msn.com email account. It was sent to addresses in her address book, supposedly from her account.

Since this spam was sent to her actual contacts, I am guessing that a human or machine actually logged into her email account. Is that so?  I've attached the actual email. I've replaced her actual email address with "gina@msn.com" and my actual email address with "ms@gmail.com".

I'll tell her to change her password, but is there something else she should look into, such as malware? How could this have happened?
Delivered-To: ms@gmail.com

Received: by 10.229.66.25 with SMTP id l25cs107104qci;

        Thu, 9 Sep 2010 19:26:53 -0700 (PDT)

Received: by 10.229.224.136 with SMTP id io8mr93722qcb.182.1284085610268;

        Thu, 09 Sep 2010 19:26:50 -0700 (PDT)

Return-Path: <gina@msn.com>

Received: from snt0-omc4-s13.snt0.hotmail.com (snt0-omc4-s13.snt0.hotmail.com [65.55.90.216])

        by mx.google.com with ESMTP id e1si2812861qcs.204.2010.09.09.19.26.50;

        Thu, 09 Sep 2010 19:26:50 -0700 (PDT)

Received-SPF: pass (google.com: domain of gina@msn.com designates 65.55.90.216 as permitted sender) client-ip=65.55.90.216;

Authentication-Results: mx.google.com; spf=pass (google.com: domain of gina@msn.com designates 65.55.90.216 as permitted sender) smtp.mail=gina@msn.com

Received: from SNT142-W18 ([65.55.90.201]) by snt0-omc4-s13.snt0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675);

	 Thu, 9 Sep 2010 19:25:43 -0700

Message-ID: <SNT142-w18DF36F1DD8C1EFBA6750CE1740@phx.gbl>

Return-Path: gina@msn.com

Content-Type: multipart/alternative;

	boundary="_9dd674ae-7bdd-4384-92ab-64cafd052be1_"

X-Originating-IP: [82.233.10.68]

From: Gina <gina@msn.com>

To: <ms@gmail.com>  (and more)

Subject:

Date: Thu, 9 Sep 2010 20:25:42 -0600

Importance: Normal

MIME-Version: 1.0

X-OriginalArrivalTime: 10 Sep 2010 02:25:43.0246 (UTC) FILETIME=[77E876E0:01CB508F]



--_9dd674ae-7bdd-4384-92ab-64cafd052be1_

Content-Type: text/plain; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable



---Link to viagra-touting site here!---

 		 	   		  =



--_9dd674ae-7bdd-4384-92ab-64cafd052be1_

Content-Type: text/html; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable



<html>

<head>

<style><!--

.hmmessage P

{

margin:0px=3B

padding:0px

}

body.hmmessage

{

font-size: 10pt=3B

font-family:Tahoma

}

--></style>

</head>

<body class=3D'hmmessage'><a href=3D'http://www.iud2.health24x.com'>http://=

www.iud2.health24x.com</a><br> 		 	   		  </body>

</html>=



--_9dd674ae-7bdd-4384-92ab-64cafd052be1_--

Open in new window

0
Comment
Question by:Missus Miss_Sellaneus
2 Comments
 
LVL 14

Accepted Solution

by:
athomsfere earned 500 total points
ID: 33648142
Both are possible, however it is hard to tell which off that info alone.

Make sure to have change the Password to a new secure and unique password. Something in a format similar M7F!r5tC4r is much better then Myfirstcar.

Also, before she launches the mail client, checks banks or anything, either clean her machine off, MalwareBytes, Spybot, Adaware, and Microsoft Antivirus are all good, just use at least 2. If you get alot of hits, investigate thoroughly.
0
 
LVL 7

Expert Comment

by:QEMS2
ID: 33660277
I had the same issue for a friend recently, i solved it by doing a few scans on her system.
* Download this and run a full scan
http://www.simplysup.com/tremover/download.html  It has a fully functional 30 day trial very handy to use.
* Download spybot and do a full scan
http://www.safer-networking.org/en/home/index.html

Get your friend to delete and temp files, cookies, browsing history ect.  Can use ccleaner for this if its easier
http://www.piriform.com/ccleaner

This should clean her system and stop any emails being sent out.

Hope this helps
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

UPDATE - 6/15/2011 Added support for Release Update 6 Maintenance Patch 2 Point Patch 1 (RU6 MP2 PP1). Fixed a defect in the username field that was hard-coded to look for a specific domain (left over code from testing). This release will be the …
Have you ever tried to find someone you know on Facebook and searched to find more than one result with the same picture? Perhaps someone you know has told you that they have a 'facebook stalker' or someone who is 'posing as them' online and ta…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now