Link to home
Start Free TrialLog in
Avatar of Missus Miss_Sellaneus
Missus Miss_SellaneusFlag for United States of America

asked on

msn.com email account hacked?

I received a spam message from a friend's online msn.com email account. It was sent to addresses in her address book, supposedly from her account.

Since this spam was sent to her actual contacts, I am guessing that a human or machine actually logged into her email account. Is that so?  I've attached the actual email. I've replaced her actual email address with "gina@msn.com" and my actual email address with "ms@gmail.com".

I'll tell her to change her password, but is there something else she should look into, such as malware? How could this have happened?
Delivered-To: ms@gmail.com
Received: by 10.229.66.25 with SMTP id l25cs107104qci;
        Thu, 9 Sep 2010 19:26:53 -0700 (PDT)
Received: by 10.229.224.136 with SMTP id io8mr93722qcb.182.1284085610268;
        Thu, 09 Sep 2010 19:26:50 -0700 (PDT)
Return-Path: <gina@msn.com>
Received: from snt0-omc4-s13.snt0.hotmail.com (snt0-omc4-s13.snt0.hotmail.com [65.55.90.216])
        by mx.google.com with ESMTP id e1si2812861qcs.204.2010.09.09.19.26.50;
        Thu, 09 Sep 2010 19:26:50 -0700 (PDT)
Received-SPF: pass (google.com: domain of gina@msn.com designates 65.55.90.216 as permitted sender) client-ip=65.55.90.216;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of gina@msn.com designates 65.55.90.216 as permitted sender) smtp.mail=gina@msn.com
Received: from SNT142-W18 ([65.55.90.201]) by snt0-omc4-s13.snt0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675);
	 Thu, 9 Sep 2010 19:25:43 -0700
Message-ID: <SNT142-w18DF36F1DD8C1EFBA6750CE1740@phx.gbl>
Return-Path: gina@msn.com
Content-Type: multipart/alternative;
	boundary="_9dd674ae-7bdd-4384-92ab-64cafd052be1_"
X-Originating-IP: [82.233.10.68]
From: Gina <gina@msn.com>
To: <ms@gmail.com>  (and more)
Subject:
Date: Thu, 9 Sep 2010 20:25:42 -0600
Importance: Normal
MIME-Version: 1.0
X-OriginalArrivalTime: 10 Sep 2010 02:25:43.0246 (UTC) FILETIME=[77E876E0:01CB508F]

--_9dd674ae-7bdd-4384-92ab-64cafd052be1_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

---Link to viagra-touting site here!---
 		 	   		  =

--_9dd674ae-7bdd-4384-92ab-64cafd052be1_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<html>
<head>
<style><!--
.hmmessage P
{
margin:0px=3B
padding:0px
}
body.hmmessage
{
font-size: 10pt=3B
font-family:Tahoma
}
--></style>
</head>
<body class=3D'hmmessage'><a href=3D'http://www.iud2.health24x.com'>http://=
www.iud2.health24x.com</a><br> 		 	   		  </body>
</html>=

--_9dd674ae-7bdd-4384-92ab-64cafd052be1_--

Open in new window

ASKER CERTIFIED SOLUTION
Avatar of athomsfere
athomsfere
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I had the same issue for a friend recently, i solved it by doing a few scans on her system.
* Download this and run a full scan
http://www.simplysup.com/tremover/download.html  It has a fully functional 30 day trial very handy to use.
* Download spybot and do a full scan
http://www.safer-networking.org/en/home/index.html

Get your friend to delete and temp files, cookies, browsing history ect.  Can use ccleaner for this if its easier
http://www.piriform.com/ccleaner

This should clean her system and stop any emails being sent out.

Hope this helps