1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Investigate: "hacked" friends sending spam leading to hacked blogs I suppose

Discussion in 'BlackHat Lounge' started by Calculons, Apr 11, 2012.

Tags:
  1. Calculons

    Calculons Junior Member

    Joined:
    Jan 17, 2012
    Messages:
    150
    Likes Received:
    28
    Occupation:
    Quality Manager
    Location:
    EU
    Seems some of my friends is sending out spam mail from their hotmail and outlook accounts.

    Spam mail contains only 1 link, like one of those below
    (could be hacked wp sites, dont know)

    http://www.oscearba.com.ar/wp-content/themes/twentyeleven/tenfw.html?uq=at.jig&himoj=te.reg&oeo=bicw
    http://www.contemponutrition.com/wp...ty12/tenfw.html?fs=hd.jdg&rt=onnm.ww&eec=ppvn
    http://www.helmutgranda.com/wp-content/themes/redux/rytj.html?ov=ofs.msg&osy=ofm.hsml&egc=krwr
    http://perlawater.com/ofmgo.html

    Those are redirecting to pages like this one
    http://successmarketingfromhome.net/business-news-all/index.html
    Fake page where all links goes to some make money affiliate.


    Anyone else had problems with this or know how to stop the spam from being sent ?

    Guess someone is banking big with this.
     
    Last edited: Apr 11, 2012
  2. Nigel Farage

    Nigel Farage BANNED BANNED

    Joined:
    Feb 8, 2012
    Messages:
    563
    Likes Received:
    1,495
    The spam isn't coming from the account or the friend's computer. More than likely, the "From" address is spoofed, and the real point of origin has nothing to do with your friends.

    Some malware takes advantage of security vulnerabilities that allow the infected computer's "contacts" and/or "address book" to be copied and "sent home" and then spam emails are sent out with the from field spoofed in order to gain a measure of trust from the recipients.

    It's too late for your "friends", the cows are already out of the barn. The spammers have the email list now, and can do whatever they want with it.

    It would be a good idea to make certain the infected computers are fully-updated and malware-free.
     
  3. maza_hunter

    maza_hunter Registered Member

    Joined:
    Jan 25, 2011
    Messages:
    58
    Likes Received:
    42
    Location:
    South Of The Thames
    I've been getting loads of these emails from friends on hotmail. It says there full name as sender and the subject is 'no subject' and the email just contains a link. Obviously I didn't click it. But I keep getting them this past week it's viral.


    Sent from my iPhone 4S using Tapatalk
     
  4. deanwatson842

    deanwatson842 Newbie

    Joined:
    Apr 20, 2012
    Messages:
    0
    Likes Received:
    0
    I too had this happen to me and received numerous delivery status notification failures to my hotmail address. I use several different PCs and access my hotmail account on my phone so it is a little tricky for me to pinpoint. I have taken the precaution of changing security details and run both antimalware and antivirus scans without success. As far as I can see this issue first occured on 06/04/12 ~7PM GMT. Researching google only shows people reporting this issue (ofmgo) on that date (not before or after). All of the urls in this batch of emails featured ofmgo.html.


    This has since happened again 19/04/12 ~ 330PM GMT however all the links now feature something different.
    I have changed my password again to try to prevent this.


    I would be interested in looking to see whether there is any common theme or possible cause of this. Please email me so that we can discuss.

    Dean
     
  5. Calculons

    Calculons Junior Member

    Joined:
    Jan 17, 2012
    Messages:
    150
    Likes Received:
    28
    Occupation:
    Quality Manager
    Location:
    EU
    Could you post the new links here, or send them to me ?

    Would like to take a look at them