Solved

msn.com email account hacked?

Posted on 2010-09-10
2
917 Views
Last Modified: 2013-11-22
I received a spam message from a friend's online msn.com email account. It was sent to addresses in her address book, supposedly from her account.

Since this spam was sent to her actual contacts, I am guessing that a human or machine actually logged into her email account. Is that so?  I've attached the actual email. I've replaced her actual email address with "gina@msn.com" and my actual email address with "ms@gmail.com".

I'll tell her to change her password, but is there something else she should look into, such as malware? How could this have happened?
Delivered-To: ms@gmail.com
Received: by 10.229.66.25 with SMTP id l25cs107104qci;
        Thu, 9 Sep 2010 19:26:53 -0700 (PDT)
Received: by 10.229.224.136 with SMTP id io8mr93722qcb.182.1284085610268;
        Thu, 09 Sep 2010 19:26:50 -0700 (PDT)
Return-Path: <gina@msn.com>
Received: from snt0-omc4-s13.snt0.hotmail.com (snt0-omc4-s13.snt0.hotmail.com [65.55.90.216])
        by mx.google.com with ESMTP id e1si2812861qcs.204.2010.09.09.19.26.50;
        Thu, 09 Sep 2010 19:26:50 -0700 (PDT)
Received-SPF: pass (google.com: domain of gina@msn.com designates 65.55.90.216 as permitted sender) client-ip=65.55.90.216;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of gina@msn.com designates 65.55.90.216 as permitted sender) smtp.mail=gina@msn.com
Received: from SNT142-W18 ([65.55.90.201]) by snt0-omc4-s13.snt0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675);
	 Thu, 9 Sep 2010 19:25:43 -0700
Message-ID: <SNT142-w18DF36F1DD8C1EFBA6750CE1740@phx.gbl>
Return-Path: gina@msn.com
Content-Type: multipart/alternative;
	boundary="_9dd674ae-7bdd-4384-92ab-64cafd052be1_"
X-Originating-IP: [82.233.10.68]
From: Gina <gina@msn.com>
To: <ms@gmail.com>  (and more)
Subject:
Date: Thu, 9 Sep 2010 20:25:42 -0600
Importance: Normal
MIME-Version: 1.0
X-OriginalArrivalTime: 10 Sep 2010 02:25:43.0246 (UTC) FILETIME=[77E876E0:01CB508F]

--_9dd674ae-7bdd-4384-92ab-64cafd052be1_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

---Link to viagra-touting site here!---
 		 	   		  =

--_9dd674ae-7bdd-4384-92ab-64cafd052be1_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<html>
<head>
<style><!--
.hmmessage P
{
margin:0px=3B
padding:0px
}
body.hmmessage
{
font-size: 10pt=3B
font-family:Tahoma
}
--></style>
</head>
<body class=3D'hmmessage'><a href=3D'http://www.iud2.health24x.com'>http://=
www.iud2.health24x.com</a><br> 		 	   		  </body>
</html>=

--_9dd674ae-7bdd-4384-92ab-64cafd052be1_--

Open in new window

0
Comment
Question by:Missus Miss_Sellaneus
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 14

Accepted Solution

by:
athomsfere earned 500 total points
ID: 33648142
Both are possible, however it is hard to tell which off that info alone.

Make sure to have change the Password to a new secure and unique password. Something in a format similar M7F!r5tC4r is much better then Myfirstcar.

Also, before she launches the mail client, checks banks or anything, either clean her machine off, MalwareBytes, Spybot, Adaware, and Microsoft Antivirus are all good, just use at least 2. If you get alot of hits, investigate thoroughly.
0
 
LVL 7

Expert Comment

by:QEMS2
ID: 33660277
I had the same issue for a friend recently, i solved it by doing a few scans on her system.
* Download this and run a full scan
http://www.simplysup.com/tremover/download.html  It has a fully functional 30 day trial very handy to use.
* Download spybot and do a full scan
http://www.safer-networking.org/en/home/index.html

Get your friend to delete and temp files, cookies, browsing history ect.  Can use ccleaner for this if its easier
http://www.piriform.com/ccleaner

This should clean her system and stop any emails being sent out.

Hope this helps
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Have you ever tried to find someone you know on Facebook and searched to find more than one result with the same picture? Perhaps someone you know has told you that they have a 'facebook stalker' or someone who is 'posing as them' online and ta…
The purpose of this Article is to provide information for a newly released variant of malware – with the assumption that many EE Members will have need of the information. According to “Computerworld”, well over one million web sites have been co…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question