Learn how to a build a cloud-first strategyRegister Now


Hijacked AOL Account

Posted on 2011-05-05
Medium Priority
Last Modified: 2012-05-11
Gentlemen:  I'm trying to assist a friend whose AOL identity has apparently been hijacked, as spurious messages are being sent around the world to all his contacts.  It is important to him to keep, if possible, his AOL email address is it is a well established business asset.  I have run appropriate antivirus and antimalware scans, and the only seeming significant finding was Malware Bytes came up with something calle Hijack.Display Properties.  I am also aware that keylogging code may also be present, and I would greatly appreciate any suggestions you might have regarding this and any other measures that should be taken to secure his account, if possible.
Question by:alexatbc
  • 3
  • 2
LVL 47

Expert Comment

ID: 35704776
So how do you know that the email address is even coming from his/her PC in the first place?   Often these bots spoof another machine, and it is more likely that the messages are being generated on some other machine half 'way around the world.

One does not need to hijack an aol account to change mail headers.
LVL 47

Accepted Solution

David earned 750 total points
ID: 35704792
(Hit return too soon .. what I am saying is that even if they did generate from this machine at one time, doesn't mean that there aren't now dozens of machines on the planet sending out such garbage while spoofing your friends email address).

Once the trojan farms all the contacts, many of the viruses uploads that entire list to other compromised machines.   It is most likely way to late to do anything  that can stop it.  Best you can hope for is to make sure this PC isn't sending them out.   Get some of that email and look at the headers.  ALso, of course, take this PC of the internet, or at least block SMTP port#.

Author Closing Comment

ID: 35705972
I certainly appreciate the effort - Since the fox has already left the henhouse, I can't see there would be any particular advantage for my friend to abandon his AOL address.  It's my understanding that the spammers move on to new victims after a relatively short period of time anyway.  Thanks to all....
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

LVL 65

Expert Comment

ID: 35706029
a quick thought is changing the login password, use strong password. use a clean machine to do such changes. see below


it is not fullproof though as simple password can be brute force, assume it does not trigger user alarm. even online server being hacked to siphon credential can lead to such identity losses.

but specifically for user infected machine, have some doubt on the alert as openly it is stated as false positive. nonetheless, anomaly such as av update are not working, many outbound traffic, listening ports etc

may want to try running gmer to check for rootkit and best is to scan machine using livecd w/o booting os, in word do not want the malware to run and hidden itself, to our best effort.

If the spam' s coming from AOL servers , they have an obligation to shut down the account . CAN- SPAM act and all that. am thinking that can check out sent out spam email header to identify trail of email server and the source ip, that may help to drill down any suspicious entity esp the last "received from" in the header. it may lead us to source computer but dynamic ip assigning will be challenging...


Author Comment

ID: 35706813
Thank You - the link to Geekablog was particularly helpful....
LVL 47

Expert Comment

ID: 35706873
These days AOL has really cracked down, as they FINALLY discovered it is more beneficial to AOL to write agents that prevent spamming in the first place, for the selfish reason that they conserve resources by NOT allowing spammers.

Most likely the aol email messages are forged, and the PCs generating the spam are sending the messages from those PCs themselves, and not going through AOL.   Just look at the long email headers on some of the messages that are forwarded to you from victims.  You will be able to figure out where they come from.

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes Administrators rights are not enough. These cases call for the SYSTEM account. The process in this article outlines the steps required to execute commands using the SYSTEM account.
Considering today’s continual security threats, which affect Information technology networks and systems worldwide, it is very important to practice basic security awareness. A normal system user can secure himself or herself by following these simp…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
Suggested Courses

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question