trojan experts got a question
 

I get a email from my moms gmail account. See girlfriends self video. It's cc'd to everyone in her email and it goes to a .exe link. I tell her and email her whole list to not click on it.
Now I have her gmail set to https, she on a locked wifi network. I do a virus scan and nothing is coming up. I do a google search on it and they are talking about Chinese hackers. I check the details of gmail ip last used and sure as shit it was a chinese ip. It sent it out about 15 times yesterday in a row. I told her to shut down the system as soon as I saw the email. No emails were sent after the time I told her to shut it down. How would they get in, her password is not easy and its a combo of letters and numbers. Your thoughts?

Desperate chinese people.
They can work an unlimited amount of hours in front of a computer. So they will crack many passwords, even those we consider to be safe.

But there's also next step, how secure is her firewall? Does she surf the net as an administrator? Because if you do, all one has to do is try a few random IP addresses, wait for a response and then break in there.

Facebook, Twitter and other shit like that, does she use the same password twice? Did she click on somethig "funny" someone who shared something out of the ordinary? Has she gotten strange emails from other friends? I have two family friends with a bit elderly parents in the US and they have both experienced the same. They were on Hotmail and Gmail.

People who use the same username and password at multiple places are the easiest, because you just try to break the password at all the sites together. Or people who select silly or publicly available answer to their security questions.

Might also not be her at all. It could be one of her friends who are infected, but has your mom in their addressbook. So the trojan/virus sends itself out, but disguise itself like if it came from your mom, to make it harder to trace/catch. So if your and her address are either both stored at this infected persons addressook or you could both have been addressed in an email before or somehow linked like that before. Then the trojan/virus will do it's best to avoid detection.

When I was a senior in High School I hacked the computer network at school so the administrators had to swith to 25 character passwords and before I graduated they had also totally gone over to personal USB identification keys.

If there is a will, there is a way.

Thanks for the answer. she is on the windows 7 firewall. She has admin control the system, should I change that? Also as people get older on a computer I find they get over whelmed and click on everything without reading. I changed her pass and told her to change them all.

i had the same thing happend to me and im on a mac - im either they cracked a database to a forum that i used the same email/password combo on and then they have a program that checks that email/password combo

A normal user has NO REASON to be administrator or have those rights on the local machine. Since Windows 2000, it is not recommended that you use an administrator account for daily/normal use. You use it for administrative purposes, then log off and back in as a regular user. This way you are much more protected, simply because what ever nasties you might happen to run accross or click on, they can't get anywhere since you do not have the right to run or install them.

Set her up with a regular user and also setup a MSN account and show her how to request "remote help" or "remote desktop" from you. That way you can come in and remote control her computer.

Also make sure that ALL administrator accounts on the computer has a password on them. It is absolutely crazy to have a internet connected machine with a blank admin password, it's like leaving the front door to the house open and go on vacation. You're asking for it!

Buy her RoboForm or something, don't allow Microsoft Internet Explorer to save passwords. It's not even safe or recommended to ask Firefox to save them for you.

Windows own firewall is a good start, but I would really say get Zonealarm, Norton, F-Secure or just about any other 3rd party software for it. The Windows Defender or Firewall or what ever they call it, is, unfortunately, still more about not disturbing the user and hopelessly after the technology, speed and safety from the others.

Could be argued that "my mom does not visit bad sites". Probably true, I do not think she would visit www.astalavista.box.sk by herself, but she has friends who sends her chain mails, "funny stuff", adorable pictures of kittens, babies, funny quizzes to fill out and she will gladly click. And then we go again.

1. Make mom a regular user and PASSWORD PROTECT all administrator accounts. Best is to even rename the admin account into something which is not easily reconized as "the boss", "admin", "administrator", "owner" or similar.

2. Get a real firewall up, preferrably with some kind of antivirus combined. And make sure that program also scans her in AND outgoing email.

That should keep her reasonably safe with only little or no extra hassles for her.

good stuff

are you 100% sure that the email came from her account, and wasn't just spoofed to say it did?

Here are my own three favourites for keeping a single home computer reasonably safe and clean:

1. F-Secure Anti-Virus and Firewall
http://www.f-secure.com/en_US/produc...rnet-security/

2. SuperAntiSpyware, both as preventive measures but also if you ever get anything, this is one of the few which can handle some really complicated shit.
http://www.superantispyware.com/

3. SpyBot Search & Destroy. Has an immunization feature, to immunize your system from new threats all the time. Also now has a boot-cd for those nasties which simply won't go away while running the system normally, now you can remove them before Windows is even loaded.
http://www.safer-networking.org/en/index.html

And also, the oldest trick in the book, but free and unforgivable if you don't:
4. Schedule a weekly download of Windows updates. Make sure to schedule it during a time when the computer is ON, many old people turn off their computer at night and the scheduler often comes pre-programmed to do its updates and installs at night, which means that it rarely or very seldom happens.

Microsoft still has their Tuesday updates, all updates which are not marked as emergency updates, are released on Tuesday mornings every week. So schedule the automatic updates to take place on Tuesday lunch, afternoon or evening. Make sure it's selected to e fully automatic, without any user interaction and setup and configured so for ALL users which might be logged in on the machine.

Thank you very much great info and it will be followed.

Of course, mind reading is impossible. Otherwise, they would read passwords out of your mind, or something.

Don't trust the virus scan. I've spent some time lurking a hacking forum and it turns out that not only are there dozens of ways to make malware undetectable to all virus scanners on the market, the hackers will not attempt to release anything that is not 100% undetectable.

Adraco is right. If you are logging in as Administratror it isn't a matter of if, it is a matter of when. Good posts and insight. I got preached pretty much the same thing by some high end sys admins running the ATM networks in Canada for big banks and a major Telco. They said the same things years ago. :2 cents:

Got a question is there a way to not log in as a user and have all my programs there? I'm on xp , I log in as nonadmin and it's like a fresh install. Thx once again

Oh, you are so gonna have to rep me for this... :winkwink:

In good ole' Windows XP there is a feature called "User Profiles" and every new user is built up from the "Default Profile". And you can make this Default Profile with customizations yourself.

Do like this:
1. Create a new admin user on the machine, let's call it TONY.
2. Install all programs, printers and equipment you'll be using on the computer and arrange all icons as you want them, arrange the Start menu as you please (C:\Documents and Settings\TONY\Start Menu\Programs)
3. When everything looks like you want it, it's time to cleanup a bit.
3.1 DELETE everything inside the folder: C:\Documents and Settings\TONY\Local Settings\Temp
3.2 DELETE the file: C:\Documents and Settings\TONY\Local Settings\Application Data\IconCache.db
3.3 DELETE everything inside the folder: C:\Documents and Settings\TONY\Local Settings\Temporary Internet Files
3.4 DELETE everything inside the folder: C:\Documents and Settings\TONY\Recent
3.5 DELETE everything inside the folder: C:\Documents and Settings\TONY\Cookies

4. Now, go to: C:\Documents and Settings\ and RENAME the folder "Default User" into "old default user". If you do not see the "Default User", go Tools > Folder Options > View > and mark "Show hidden files and folders".

5. When renamed, make sure that there is no password set on the user profile TONY you are currently using.

6. Make sure there is another ADMIN account on the computer, if not, create one, let's call it ADMIN. And then log off TONY and log back in as the ADMIN user.

7. Go to C:\Documents and Settings\ and RENAME the TONY folder into "Default User".

8. Create a new user account, a regular user account, let's call it ADRACO.
Logg off ADMIN and log back on as ADRACO. Now you should see your desktop and start menu just like you created/configured it tor TONY, but with the small difference that all new users you create on the machine, will get their desktop looking the same.

If you only need to change small things you can use the two folders:
C:\Documents and Settings\All Users\Desktop
C:\Documents and Settings\All Users\Start Menu
to add shortcuts and rearrange stuff. This will then complement the setting for each individual user for their desktop and start menu.
Example, say user 1 has file X on their own desktop and you also put file Y in
C:\Documents and Settings\All Users\Desktop
then user 1 will see both file X and file Y on his desktop, while user 2, will only see file Y on his desktop.


Why I know this by heart like that, you ask? I ran a support division with 12 people working for me a few years ago. :)

I repped you once and it wouldnt let me rep you again if so I would .Thank you so much.

I gave him a rep, good info and appreciate the time it took him to type it out :thumbsup

interesting thread :thumbsup:thumbsup

change password from time to time, check computer with AV, malwarebytes, spybot, they can use password stored in system and sent mail using mom internet connection, so maybe that is why they didt sent nothing after she turned off...

Lots of people use the same password for everything,

If you saw the IP being from China on the Gmail account my guess is that they were never in the PC.

But that they had her setup an account on a site or to verify an account on a site..

With the number of people that use the same password for everything it not rocket science to do.

And please keep in mind that the location of the IP does not always matter.

A lot of excellent advise in this this thread. :thumbsup