Solved

"Live Health Club" - scam or virus and how do I fix it?

Posted on 2011-09-24
11
979 Views
Last Modified: 2013-11-22
My friends are all getting emails from me to join "Live health club".  Is this a virus or just a scam?  How do I fix it?  How did it happen to me?
I'm using gmail.
0
Comment
Question by:Dwight Baer
  • 5
  • 4
  • 2
11 Comments
 
LVL 21

Expert Comment

by:Papertrip
ID: 36593684
Are you sure they are being sent from your gmail account?  Have your friends supplied you with any headers of these mails?
0
 

Author Comment

by:Dwight Baer
ID: 36593704
Various friends have reported emails from me, all asking them to join "Live Health Club".

How do I view the header of an email?
0
 

Author Comment

by:Dwight Baer
ID: 36593707
I do have two gmail accounts, but the other one I use only rarely, and my friends aren't reporting that any rogue "invitations" are coming from that account.
0
 
LVL 21

Accepted Solution

by:
Papertrip earned 300 total points
ID: 36593709
Various friends have reported emails from me, all asking them to join "Live Health Club".
Just because the mail says it's "From" you doesn't mean that is actually is from you ;)
How do I view the header of an email?
That is dependent upon what your mail client is.

The only thing you can do about this at this point is to change your gmail password along with any other accounts you have that have address books associated to them.
0
 
LVL 21

Assisted Solution

by:Papertrip
Papertrip earned 300 total points
ID: 36593714
In Gmail it's easy, just click the dropdown menu next to "Reply" in the upper right-hand corner and click "Show original".

For me to troubleshoot this issue via looking at the headers would require you to get the headers from the actual message -- what I'm getting at is if you friend forwards you one of the mails, it won't have the info I need.
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 

Author Comment

by:Dwight Baer
ID: 36593741
OK, I will have access to one of those emails received by a friend.  I will post the header later this evening.  Meanwhile I have changed my gmail password, thanks for that suggestion.
0
 
LVL 38

Assisted Solution

by:younghv
younghv earned 200 total points
ID: 36593818
This sounds more like "Spoofing" to me.
Good Wiki write-up if you'd like to read more:

http://en.wikipedia.org/wiki/E-mail_spoofing
0
 

Author Comment

by:Dwight Baer
ID: 36594260
OK, I have uploaded the header file as "original.doc"

I hope it is helpful in figuring how this happened.

I did read the wikipedia article mentioned above, and when comparing the "original"  header from this spam  email to another legitimate email from the purported sender, I can see who is sending this.

So ... Other than changing the gmail password, what can be done to prevent this happening again?  How did it likely happen in the first place?

original.doc
0
 
LVL 21

Assisted Solution

by:Papertrip
Papertrip earned 300 total points
ID: 36594487
So, in hindsight I probably should have googled for livehealthclub spam, but just went the standard mail troubleshooting route instead.

After reviewing the headers, everything as far as the source of the mail looks legit -- the mail really is coming livehealthclub.com mail servers.

I then checked google and guess what -- you are not the only one with this problem.  After reading a few posts and doing some of my own testing like signing up for a fake account, I found what could be the source of this issue.  They have very misleading email/password fields... basically they try to fool you to put in your email address and email password, instead of the password you want for livehealthclub.com.

It would seem that at some point that you, or someone who knows your gmail info, went through the sign-up process for livehealthclub.com.  Now that they have your email address and contacts, they will forge mails that look like they are from you so that your friends click on the link, goto livehealthclub.com, put in their email/password, and the chain continues.

The solution to this is change your gmail password, and stay away from shady sites like livehealthclub.com -- what the hell does that mean anyways :p  Definitely shady.  As far as future mails to your friends from livehealthclub.com that seem to come from you, there is nothing you can do -- your address book has already been compromised.
0
 
LVL 38

Assisted Solution

by:younghv
younghv earned 200 total points
ID: 36594964
"How did it likely happen in the first place?"

The scam they are running appears to be nothing more than a new twist on the old "Social Engineering" trick - which has always been one of the most effective ways to get private information from computer users. (http://en.wikipedia.org/wiki/Social_engineering_(security))

Once they had the username/password to your Gmail account, they had full access to your actual Contacts/Email Address Book and could start spamming your friends.

I learned a long time ago to create a completely phony Gmail account and use it only when I'm required to provide one to sign up to a web site. The phony account has no personal information in it and is never used to send email to real people.
0
 

Author Closing Comment

by:Dwight Baer
ID: 36595103
Thank you so much, all your comments were very helpful.  I was so impressed that you went out and actually tried to sign up for one of their accounts.  Wish I could give you more points!
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

These are on the increase and getting more common these days. Users who use the Google search engine may complain of having their search redirected to unwanted sites, regardless of what browser is used. This happens when the system is infected with…
By the time you finish reading this article, you may have already lost all your money because you don't know the simple steps to securing your BitCoin wallet. BitCoin is an incredible invention. It is a decentralized currency system, which is the…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video discusses moving either the default database or any database to a new volume.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now