Solved

"Live Health Club" - scam or virus and how do I fix it?

Posted on 2011-09-24
11
981 Views
Last Modified: 2013-11-22
My friends are all getting emails from me to join "Live health club".  Is this a virus or just a scam?  How do I fix it?  How did it happen to me?
I'm using gmail.
0
Comment
Question by:Dwight Baer
  • 5
  • 4
  • 2
11 Comments
 
LVL 21

Expert Comment

by:Papertrip
ID: 36593684
Are you sure they are being sent from your gmail account?  Have your friends supplied you with any headers of these mails?
0
 

Author Comment

by:Dwight Baer
ID: 36593704
Various friends have reported emails from me, all asking them to join "Live Health Club".

How do I view the header of an email?
0
 

Author Comment

by:Dwight Baer
ID: 36593707
I do have two gmail accounts, but the other one I use only rarely, and my friends aren't reporting that any rogue "invitations" are coming from that account.
0
 
LVL 21

Accepted Solution

by:
Papertrip earned 300 total points
ID: 36593709
Various friends have reported emails from me, all asking them to join "Live Health Club".
Just because the mail says it's "From" you doesn't mean that is actually is from you ;)
How do I view the header of an email?
That is dependent upon what your mail client is.

The only thing you can do about this at this point is to change your gmail password along with any other accounts you have that have address books associated to them.
0
 
LVL 21

Assisted Solution

by:Papertrip
Papertrip earned 300 total points
ID: 36593714
In Gmail it's easy, just click the dropdown menu next to "Reply" in the upper right-hand corner and click "Show original".

For me to troubleshoot this issue via looking at the headers would require you to get the headers from the actual message -- what I'm getting at is if you friend forwards you one of the mails, it won't have the info I need.
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 

Author Comment

by:Dwight Baer
ID: 36593741
OK, I will have access to one of those emails received by a friend.  I will post the header later this evening.  Meanwhile I have changed my gmail password, thanks for that suggestion.
0
 
LVL 38

Assisted Solution

by:younghv
younghv earned 200 total points
ID: 36593818
This sounds more like "Spoofing" to me.
Good Wiki write-up if you'd like to read more:

http://en.wikipedia.org/wiki/E-mail_spoofing
0
 

Author Comment

by:Dwight Baer
ID: 36594260
OK, I have uploaded the header file as "original.doc"

I hope it is helpful in figuring how this happened.

I did read the wikipedia article mentioned above, and when comparing the "original"  header from this spam  email to another legitimate email from the purported sender, I can see who is sending this.

So ... Other than changing the gmail password, what can be done to prevent this happening again?  How did it likely happen in the first place?

original.doc
0
 
LVL 21

Assisted Solution

by:Papertrip
Papertrip earned 300 total points
ID: 36594487
So, in hindsight I probably should have googled for livehealthclub spam, but just went the standard mail troubleshooting route instead.

After reviewing the headers, everything as far as the source of the mail looks legit -- the mail really is coming livehealthclub.com mail servers.

I then checked google and guess what -- you are not the only one with this problem.  After reading a few posts and doing some of my own testing like signing up for a fake account, I found what could be the source of this issue.  They have very misleading email/password fields... basically they try to fool you to put in your email address and email password, instead of the password you want for livehealthclub.com.

It would seem that at some point that you, or someone who knows your gmail info, went through the sign-up process for livehealthclub.com.  Now that they have your email address and contacts, they will forge mails that look like they are from you so that your friends click on the link, goto livehealthclub.com, put in their email/password, and the chain continues.

The solution to this is change your gmail password, and stay away from shady sites like livehealthclub.com -- what the hell does that mean anyways :p  Definitely shady.  As far as future mails to your friends from livehealthclub.com that seem to come from you, there is nothing you can do -- your address book has already been compromised.
0
 
LVL 38

Assisted Solution

by:younghv
younghv earned 200 total points
ID: 36594964
"How did it likely happen in the first place?"

The scam they are running appears to be nothing more than a new twist on the old "Social Engineering" trick - which has always been one of the most effective ways to get private information from computer users. (http://en.wikipedia.org/wiki/Social_engineering_(security))

Once they had the username/password to your Gmail account, they had full access to your actual Contacts/Email Address Book and could start spamming your friends.

I learned a long time ago to create a completely phony Gmail account and use it only when I'm required to provide one to sign up to a web site. The phony account has no personal information in it and is never used to send email to real people.
0
 

Author Closing Comment

by:Dwight Baer
ID: 36595103
Thank you so much, all your comments were very helpful.  I was so impressed that you went out and actually tried to sign up for one of their accounts.  Wish I could give you more points!
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Some site administrators might be considering how to filter incoming traffic to a site by identifying the domains or networks of the traffic source, in the same way that a spam filter does on an email server, such as blocking all emails sent from th…
Have you ever tried to find someone you know on Facebook and searched to find more than one result with the same picture? Perhaps someone you know has told you that they have a 'facebook stalker' or someone who is 'posing as them' online and ta…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.
Need to grow your business through quality cloud solutions? With everything required to build a cloud platform and solution, you may feel like the distance between you and the cloud is quite long. Help is here. Spend some time learning about the Con…

929 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now