NIS 2010 upgrade infected with malware?

I upgraded to NIS 2010 from NIS 2009 through a window appearing on my desktop two days ago. Last night, something emailed every single one of my Yahoo email contacts with a message containing a link to a malicious website. Coincidence? If it didn't come from NIS 2010, then why didn't NIS 2010 detect something malicious was in my computer? How can I get NIS 2010 to actually find this and fix it?

Now I am expected to pay $99 for Norton to remove the virus from my computer? Isn't that what I paid for in the first place? Why did this happen two days after I download the new NIS 2010?

Any (free) solutions from Norton will be entertained.

 

Windows XP service pack 2.

Hi sbracco,

 

This is certainly a coincidence and probably does not involve anything on your computer at all. The issue you describe is typically associated with a compromised Yahoo Mail account. Someone has gotten or guessed your password and is using your account to send malicious spam. Change your password immediately.

 

A second possiblity is that you responded to an email that appeared to come from someone you know telling you to go to a web site to check something out, such as a photo.  Such fake invitations often trick you into allowing the site to harvest names in your address book when you try to view whatever it is that you went there to find. 

 

 

Message Edited by SendOfJive on 12-17-2009 08:58 AM

But why wouldn't NIS2010 detect that software hacking into my email account? Isn't that part of the package? 

 

Hypothetically, if it WASN'T a person who "guessed" or "figured out" my Yahoo password, but a program that I innocently downloaded, shouldn't NIS detect that hack into my Yahoo account?

 

 

To hack a mail account a software isn't necessarily needed.  As SendofJive said, perhaps you are a phishing victim and enter you Yahoo! details in a FAKE login page NOT belonging to Yahoo!  To learn about phishing visit http://en.wikipedia.org/wiki/Phishing.  It is a Wikipedia page explaining about phishing attack.

 

Secondly, perhaps Norton be part of the hacking process.  Do you use Identity safe?  When using identiy safe, all your passwords are recorded and automatically filled up when you next visit the website.

 

 

Thidrly, perhaps you have a weak password.  A user can use brute dictionary attack to repeatedly login the website until one works.  So the sofware is on the HACKERS computer not yours.

Message Edited by Wikipedian on 12-17-2009 05:14 PM

PS: I didn’t see your second possibility text until I mailed my reply. However, that doesn’t sound like something I did lately, so we’re still left with the mystery of where it came from.

As I said above, you don't necessarily have to do anything to be hacked.  All you need to have is a) a weak password b) a determined hacker

 

The software needed for a dictionary attack is installed on the HACKERS computer not yours.

There may not be any malicious software involved.  The Yahoo account is web-based, it is not necessary to involve your computer to compromise it or obtain the password.   It is most likely a case of someone breaking into your online Yahoo account rather then planting something on your computer, although the latter is a remote possibility.

If the attack was web-based on my Yahoo account and not my computer, could the hack have infected my computer with 100 cookies which were not there my last scan a day before this attack?

Cookies are small text files and do not pose a threat to the security of your computer.  They are not executable, so there is no reason I can think of for anyone with malicious intent to place cookies on an infected machine.  Do the cookies appear to belong to suspicious websites?

I don't know what websites they referred to, but it's alarming that I had 100 of them right after this incident. Normall, Norton finds about 7 in a normal weekly scan.

I'm wondering if all these cookies are related to the malicious access to my Yahoo mail account.

What could be the relation, do you think, if any, between the incident with my Yahoo mail account and all these cookies?

Hi sbracco,

 

I am reasonably confident that the cookies, like the recent Norton update, are coincidental to the email situation.  When something happens like the discovery that your contacts have received spam from your account, the first instinct is to start looking for something that might have caused it.  And of course, anything you see on your computer now immediately becomes a candidate.  However, the issues you raise about Norton causing the problem or cookies being somehow related really are not things that would normally be associated with a compromised Yahoo account or the type of issue you describe.  So the fact that all of these things happened around the same time is not a reasonable basis to assume that one caused the other.

 

As far as the 100 cookies, there was another post the other day on the Norton 360 board where the OP stated that his Norton product had suddenly detected 97 tracking cookies after months of clean scans, so there may be something that was recently updated in Norton that is causing this.  But whatever the explanation, I think you can rest assured that the cookies are not the result of malicious activity.  Have you run any malware scans on your PC since the spam?

Hi sbracco:

 

Probably cookies accrued by internet surfing.

 

Do a NIS 2010 Full System Scan and let it fix (delete) them.

 

Let us know.


sbracco wrote:

I don't know what websites they referred to, but it's alarming that I had 100 of them right after this incident. Normall, Norton finds about 7 in a normal weekly scan.

I'm wondering if all these cookies are related to the malicious access to my Yahoo mail account.

What could be the relation, do you think, if any, between the incident with my Yahoo mail account and all these cookies?


I think the increase in the number of cookies might be due to new and more aggressive cookie hunting by NIS2010.  Either way, it should be irrelevant to any other issue.  Malware on your computer isn't known to drop cookies.  And sites don't drop cookies because your account has been violated.

 


As for the email spamming under your name:

 

How do you collect your email?  Do you use either of the Outlook programs to collect your email from Yahoo?  Do you go to the Yahoo site and view it there?  Wherever your address book is kept -- on your computer or on the website, that is the place that was probably violated.

 

From what you describe, without knowing your response, my guess is that you have the usual kind of malware, an application that has taken over an Outlook (or similar account) and is pumping out copies of itself to your contact list.  No genius in that guess, and it is just a guess, but that is about the most common species of malware class making the rounds.

 

However, before any of us can make any good deductions, we will need to know how your email setup works.

 

As for NIS protecting you, there is always a window of time between the release of a new variety within a class and its discovery and then its "fingerprinting" and then the release of the detection rules.  The industry does its best, but someone always gets hit.  In fact, someone has to get hit in order for a new variety to be detected.  In this case, it appears to have been you.  Hopefully, we will get this dealt with and you won't be the one to get hit the next time.

 

But, remember, the single best security program is the attitude of the user.  Be careful out there.


mijcar wrote:

sbracco wrote:

I don't know what websites they referred to, but it's alarming that I had 100 of them right after this incident. Normall, Norton finds about 7 in a normal weekly scan.

I'm wondering if all these cookies are related to the malicious access to my Yahoo mail account.

What could be the relation, do you think, if any, between the incident with my Yahoo mail account and all these cookies?


I think the increase in the number of cookies might be due to new and more aggressive cookie hunting by NIS2010.  Either way, it should be irrelevant to any other issue.  Malware on your computer isn't known to drop cookies.  And sites don't drop cookies because your account has been violated.

 


As for the email spamming under your name:

 

How do you collect your email?  Do you use either of the Outlook programs to collect your email from Yahoo?  Do you go to the Yahoo site and view it there?  Wherever your address book is kept -- on your computer or on the website, that is the place that was probably violated.

 

From what you describe, without knowing your response, my guess is that you have the usual kind of malware, an application that has taken over an Outlook (or similar account) and is pumping out copies of itself to your contact list.  No genius in that guess, and it is just a guess, but that is about the most common species of malware class making the rounds.

 

However, before any of us can make any good deductions, we will need to know how your email setup works.

 

As for NIS protecting you, there is always a window of time between the release of a new variety within a class and its discovery and then its "fingerprinting" and then the release of the detection rules.  The industry does its best, but someone always gets hit.  In fact, someone has to get hit in order for a new variety to be detected.  In this case, it appears to have been you.  Hopefully, we will get this dealt with and you won't be the one to get hit the next time.

 

But, remember, the single best security program is the attitude of the user.  Be careful out there.


 

Or his Yahoo! Web account could be phished or the password cracked.  So... Malware might not be necessarily used on the PC.

 

In regards to cookies, maybe he browsed more sites that left cookies?


Wikipedian wrote: 

 

Or his Yahoo! Web account could be phished or the password cracked.  So... Malware might not be necessarily used on the PC.

 

In regards to cookies, maybe he browsed more sites that left cookies?


It is possible that the poster was tricked into giving away the password to his Yahoo! Web account (if that is what you mean by phished -- talk about a word coming taking on a life of its own!  :smileywink: ) or it was breached.  It is even possible that one of his relatives is trying to embarrass or trick him.

 

But as I stated, I was merely telling the poster what was most likely.  I've been working with others and my own computers for almost twenty years.  I know it happens, but I haven't yet seen someone's online account breached and used as a launching site for spam and malware.  On the other hand, I have seen over and over people's computer-based email managers hijacked and used in such a manner.

 

As for the cookies, who knows?  He may indeed have visited by a factor of 25, sites he's never visited before, all of which drop cookies far more than those of his usual perigrinations.  Only he would know how likely that is.  But given that both he and another poster have reported the same phenomenon after the same upgrade, it is to me most likely related to the upgrade.

 

Mainly, though, we need to wait for the poster to give us give data about his computer and his usage; or we can spend a lot of time just guessing what might be happening.

Hi

 

There are so many posts here, I forgot who the original poster is.:( There have been so many speculations of what may have been happening with his upgrade to NIS 2010. The OP has asked in his topic if he is infected with malware. Before we try to speculate if it came from cookies, or email hijacking or what ever, lets see if there is indeed some malware on his computer and see if we can get it cleaned up if there is anything to start with that is looming in his computer. Having a scan or 2 won't hurt his computer if it is indeed clean and it may show up things that do indeed need to be cleaned up.

 

I would suggest as a first step running a full scan with the free version of Malwarebytes.

 

Download the free version, install and update then run a FULL scan. After the scan completes you should post the logs back to this thread. Please post the log using the add attachment right below the post button.

You can find Malwarebytes here

http://www.filehippo.com/download_malwarebytes_anti_malware/

It is a safer location to get the program from than malwarebytes themselves because the malware writers some times block the security programs' websites.

I ran a scan with Spyware Doctor which your link led me to. It found 22 cookies of low threat. I couldn’t save a log w/o buying the product, so I don’t have that. It looks like the computer itself is safe, it was focused on the Yahoo account.

The link was for MALWAREBYTES' AntiMalware NOT Spyware Doctor :D

 

As for your Yahoo account, change the password ASAP!

 

Download MBAM from here: http://www.filehippo.com/download/file/83b84e0ed8430bc7e09b48fb9174c433eecbd8a225ee7747109f6037e6423b00/

 

 

This is a direct link to the file....

 

As for Spyware Doctor, I would say remove it?

Message Edited by Wikipedian on 12-18-2009 11:58 PM

Hi sbracco

 

Yes, please uninstall Spyware Doctor as that will conflict with your Norton product. Please download, install, update and run a full scan with the free version of Malwarebytes and then post the log here using the add attachment right below the post button. Thanks

Attached please find the log for Malwarebytes’ Anti-Malware full scan.