Hijacked AOL Account

Posted on 2011-05-05
Last Modified: 2012-05-11
Gentlemen:  I'm trying to assist a friend whose AOL identity has apparently been hijacked, as spurious messages are being sent around the world to all his contacts.  It is important to him to keep, if possible, his AOL email address is it is a well established business asset.  I have run appropriate antivirus and antimalware scans, and the only seeming significant finding was Malware Bytes came up with something calle Hijack.Display Properties.  I am also aware that keylogging code may also be present, and I would greatly appreciate any suggestions you might have regarding this and any other measures that should be taken to secure his account, if possible.
Question by:alexatbc
    LVL 46

    Expert Comment

    So how do you know that the email address is even coming from his/her PC in the first place?   Often these bots spoof another machine, and it is more likely that the messages are being generated on some other machine half 'way around the world.

    One does not need to hijack an aol account to change mail headers.
    LVL 46

    Accepted Solution

    (Hit return too soon .. what I am saying is that even if they did generate from this machine at one time, doesn't mean that there aren't now dozens of machines on the planet sending out such garbage while spoofing your friends email address).

    Once the trojan farms all the contacts, many of the viruses uploads that entire list to other compromised machines.   It is most likely way to late to do anything  that can stop it.  Best you can hope for is to make sure this PC isn't sending them out.   Get some of that email and look at the headers.  ALso, of course, take this PC of the internet, or at least block SMTP port#.

    Author Closing Comment

    I certainly appreciate the effort - Since the fox has already left the henhouse, I can't see there would be any particular advantage for my friend to abandon his AOL address.  It's my understanding that the spammers move on to new victims after a relatively short period of time anyway.  Thanks to all....
    LVL 60

    Expert Comment

    a quick thought is changing the login password, use strong password. use a clean machine to do such changes. see below

    it is not fullproof though as simple password can be brute force, assume it does not trigger user alarm. even online server being hacked to siphon credential can lead to such identity losses.

    but specifically for user infected machine, have some doubt on the alert as openly it is stated as false positive. nonetheless, anomaly such as av update are not working, many outbound traffic, listening ports etc

    may want to try running gmer to check for rootkit and best is to scan machine using livecd w/o booting os, in word do not want the malware to run and hidden itself, to our best effort.

    If the spam' s coming from AOL servers , they have an obligation to shut down the account . CAN- SPAM act and all that. am thinking that can check out sent out spam email header to identify trail of email server and the source ip, that may help to drill down any suspicious entity esp the last "received from" in the header. it may lead us to source computer but dynamic ip assigning will be challenging...


    Author Comment

    Thank You - the link to Geekablog was particularly helpful....
    LVL 46

    Expert Comment

    These days AOL has really cracked down, as they FINALLY discovered it is more beneficial to AOL to write agents that prevent spamming in the first place, for the selfish reason that they conserve resources by NOT allowing spammers.

    Most likely the aol email messages are forged, and the PCs generating the spam are sending the messages from those PCs themselves, and not going through AOL.   Just look at the long email headers on some of the messages that are forwarded to you from victims.  You will be able to figure out where they come from.

    Featured Post

    Enabling OSINT in Activity Based Intelligence

    Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

    Join & Write a Comment

    Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
    Healthcare organizations in the United States must adhere to the guidance of both the HIPAA (Health Insurance Portability and Accountability Act) and HITECH (Health Information Technology for Economic and Clinical Health Act) for securing and protec…
    how to add IIS SMTP to handle application/Scanner relays into office 365.
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now