

Ask HN: What is this email virus? - jeromec

I just received yet another spam message -- from a friend. This is the third spam email I've gotten in the past month or so, and it shows that it circulates to the sender's contact list. I think I know what is happening. Some of my less technical friends/relatives have picked up a virus somehow which accesses their address book, but what is it? It sends just a link in the message like ----pills.com, and comes legitimately from them at their hotmail/gmail account. Solving the spam issue completely would be a great startup, I think.
======
wwortiz
First off these people need to change their passwords for their email
accounts, I don't really know what virus it is but this would be the most
likely culprit is a hacked email account (by bruteforce or maybe a virus as
you say).

Second of all the only real way, that I can think of, to solve the spam
problem (as spammers are perpetually one step ahead) would be a limited web of
trust which isn't really a useful way to do email.

~~~
jeromec
Yeah, you may be right about there being no way to completely be rid of spam,
since some form of sender/receipt opening is always necessary for legitimate
mail.

------
ndimopoulos
I believe that this is a new form of attack by spammers. So far I have
observed this only with hotmail accounts and it has happened to two people I
know.

I received an email from my neighbor the other day with the title EMERGENCY.
The email is below:

\-----------------------

This had to come in a hurry and it has left me in a devastating state, it's an
EMERGENCY. I'm in some terrible situation and I'm really going to need your
help now. Few days ago, unannounced, I went on a trip to Glassglow, Scotland
(United Kingdom) and unfortunately for me I got robbed by thieves, Everything
I had on me were stolen, including my phone, credit card and cash and now I'm
stranded right now.My return flight leaves in few hours time but I need some
money to clear some bills, I didn't bring my cell phone along since I didn't
get to roam them before coming over. So all I can do now is pay cash and get
out of here quickly.

I do not want to make a scene of this that is why I did not call my house,
this is embarrassing enough. I was wondering if you could loan me some cash,
I'll refund it to you as soon as I arrive home just need to clear my hotel
bills and get the next flight home, As soon as I get home I'll def refund it
immediately.

Write me if you are willing to help so I can let you know how to get the money
to me here.

Angela.

\-----------------------

I thought that there was something wrong with it but as a matter of courtesy I
was not going to contact her family - in the case it was a legitimate email.
Instead I decided to walk my dog and go over to her house to check if she was
indeed in Scotland. As it turned out she was oblivious to what had happened
and yes she was in the US not in Scotland.

It appears that the spammers/crooks (whatever you want to call them) hijacked
her email address, changed her security question, changed her secondary email
address so that the password reminder is routed to them, wiped all the contact
information after they sent the email above to everyone.

She also told me that a lot of people called her phone offering to give her
money to help with the situation.

A similar email was received by my boss from one of our common acquaintances.
Needless to say that she did not send that email either.

Is this the new "Nigerian" scam? I don't know, but it would not hurt to employ
an aggressive password changing policy.

As for your last point - solving the spam startup - yeah it would be great if
we could do that, or even easier it would be to convince every company that
holds a mail server to not allow any email unless the domain has SPF records.
This way spoofing will cease to exist (people impersonating email identities).
Once spoofing is gone, spam mail server IPs can easily be blocked.

/0.02 USD

~~~
jeromec
Wow, your email experience is more fascinating. That's a more
creative/elaborate spam scheme. Nice of you to go ahead and physically check,
too.

I'm thinking these people may have somehow embedded spyware on the victim's
computers, and monitored their password that way. This is quite an advanced
attack, and even bypasses SPF records, because I checked the email headers,
and they legitimately had everything A-okay and authenticated, as if the
person really sent it from their own account.

~~~
ndimopoulos
I agree the attack is very elaborate. However it might not be even malware as
you suggested to sniff the password. A lot of users use the same password in a
lot of sites. It only takes one to be hacked and that is it.

~~~
jeromec
Yeah, I agree it could just be bad password management. I've got the spam from
3 different people so far, so I thought it might be some similar and
widespread attack.

