One of my clients had a bit of a nightmare recently. He lost access to his facebook account, re-attained access and then promptly lost it again. The perp posted on his wall, added his own e-mail account and then removed the clients. He posted his e-mail password on his facebook wall.
I'm trying to ascertain what a plausible explanation is for how the client's e-mail password was compromised.
Antivirus was out of date by 5 months
Java was about 4-6 revisions behind what's current
Flash was probably 3-4 revisions behind
3 adhoc networks had been connected to in the past
E-Mail was in Outlook
Has a blackberry
I scanned the computer using malwarebytes. Then I removed the hdd and scanned with Kaspersky, then Avast, then Avira. Malwarebytes found some infection fragments. The other three found bits and pieces of java related exploits and trojans. However, no specific keyloggers were found.
I have been trying to ascertain whether the e-mail password was compromised through the adhoc networks, through the blackberry, through infection, or through physical access to the computer?