tag:blogger.com,1999:blog-606282676955748155.post7656708103870338706..comments2024-02-28T04:06:30.612+01:00Comments on Blaze's Security Blog: Hacked Hotmail accounts... and the consequencesBarthttp://www.blogger.com/profile/18326761248866196755noreply@blogger.comBlogger12125tag:blogger.com,1999:blog-606282676955748155.post-49604090314754065802015-02-05T08:42:05.202+01:002015-02-05T08:42:05.202+01:00Thank you for the excellent article. What I do for...Thank you for the excellent article. What I do for creating unique passwords for different websites and applications is add the first two letters of the application at the end.of the password. For example, with Facebook I add a 'fa' at the end of the password and so on.<br /><br />I have a blog on Internet security and privacy -- http://www.internetsecurity101.net -- so find your blog particularly interesting and informative.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-606282676955748155.post-11593033815724680032015-02-05T08:41:11.576+01:002015-02-05T08:41:11.576+01:00Thank you for the excellent article. What I do for...Thank you for the excellent article. What I do for creating unique passwords for different websites and applications is add the first two letters of the application at the end.of the password. For example, with Facebook I add a 'fa' at the end of the password and so on.<br /><br />I have a blog on Internet security and privacy -- http://www.internetsecurity101.net -- so find your blog particularly interesting and informative.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-606282676955748155.post-31728980178361203422013-09-02T22:42:16.935+02:002013-09-02T22:42:16.935+02:00nice blog.. good replies. I agree with the replies...nice blog.. good replies. I agree with the replies given in here..I understood many things from this blog. thanks to all for providing such a nice informationAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-606282676955748155.post-13385200809797117152013-08-13T09:37:27.781+02:002013-08-13T09:37:27.781+02:00Hi,
What to Do If Your Hotmail Account Is Hacked ...Hi,<br /><br />What to Do If Your Hotmail Account Is Hacked or Hijacked:<br />http://social.technet.microsoft.com/wiki/contents/articles/1477.what-to-do-if-your-hotmail-account-is-hacked-or-hijacked.aspxBarthttps://www.blogger.com/profile/18326761248866196755noreply@blogger.comtag:blogger.com,1999:blog-606282676955748155.post-86586527084360794512013-08-12T23:39:21.831+02:002013-08-12T23:39:21.831+02:00my account is hacked what i do for get back my acc...my account is hacked what i do for get back my accountAnonymoushttps://www.blogger.com/profile/09132704022079577280noreply@blogger.comtag:blogger.com,1999:blog-606282676955748155.post-38158348449955973412013-07-30T11:35:57.949+02:002013-07-30T11:35:57.949+02:00thanks for getting nice informationthanks for getting nice informationEva Smithhttp://hotmail.comnoreply@blogger.comtag:blogger.com,1999:blog-606282676955748155.post-57013834713140577072012-07-26T11:45:29.831+02:002012-07-26T11:45:29.831+02:00Hi J,
Thanks for your detailed report ! I suspect...Hi J,<br /><br />Thanks for your detailed report ! I suspect they found out their Wordpress was hacked and removed the malware.<br /><br />Another possibility is the malware authors were only looking for certain Browser/User Agents and if not matched, redirect to Unicef for example.<br /><br />Cheers !Barthttps://www.blogger.com/profile/18326761248866196755noreply@blogger.comtag:blogger.com,1999:blog-606282676955748155.post-44700094685766150832012-07-19T14:31:50.532+02:002012-07-19T14:31:50.532+02:00My hotmail account also got recently hijacked. An ...My hotmail account also got recently hijacked. An email message with an empty subject field and a body containing just one link was apparently sent to everybody on my contact list, plus addresses that I had received mail from but are not on my contact list.<br /><br />The link varied among messages, one example being <br /><br />http://ichorentertainment.com/blog//wp-content/plugins/zdexeiuourc/site.php?expression225.img<br /><br />The sites being linked to vary, but the site.php file is common to all the messages. Download and examination (in a Unix system!) reports<br /><br />"site.php: UTF-8 Unicode HTML document text, with very long lines, with CRLF, LF line terminators"<br /><br />The links actually ends up redirecting to a legitimate web site (Unicef).<br /><br />The analysis of the header of one message received in a Unix system shows an X-Originating IP in Indonesia and the messages as having been sent from actual hotmail servers. However, no copies of them were left in my "Sent" folder, although my configuration is sent messages to be saved.<br /><br />I am including below the message source, with some fields removed for privacy.<br /><br />Thanks for your work!<br /><br />J. Brazio<br /><br />========================================<br />X-Account-Key: account1<br />X-UIDL: 00010ad54c4d5b53<br />X-Mozilla-Status: 1003<br />X-Mozilla-Status2: 00000000<br />X-Mozilla-Keys: <br />Return-Path: <****@hotmail.com><br />X-Original-To: ****@lx.it.pt<br />Delivered-To: ****@lx.it.pt<br />Received: from barracuda.lx.it.pt (barracuda.lx.it.pt [193.136.221.155])<br /> by cascais.lx.it.pt (Postfix) with ESMTP id B15FF17A20064<br /> for <****@lx.it.pt>; Wed, 18 Jul 2012 15:43:56 +0100 (WEST)<br />X-ASG-Debug-ID: 1342622893-01e97b296f007a0001-G1WwBh<br />Received: from col0-omc1-s12.col0.hotmail.com (col0-omc1-s12.col0.hotmail.com [65.55.34.22]) by barracuda.lx.it.pt with ESMTP id n1gsiA9CeVIiyDUg for <****@lx.it.pt>; Wed, 18 Jul 2012 15:48:13 +0100 (WEST)<br />X-Barracuda-Envelope-From: ****@hotmail.com<br />X-Barracuda-Apparent-Source-IP: 65.55.34.22<br />Received: from COL102-W12 ([65.55.34.7]) by col0-omc1-s12.col0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675);<br /> Wed, 18 Jul 2012 07:48:10 -0700<br />Message-ID: <br />X-Barracuda-BBL-IP: 65.55.34.7<br />X-Barracuda-RBL-IP: 65.55.34.7<br />X-Originating-IP: [117.74.119.120]<br />From: **** <****@hotmail.com><br />To: ****<br />Subject:<br />Date: Wed, 18 Jul 2012 14:48:10 +0000<br />X-ASG-Orig-Subj: <br />Importance: Normal<br />Content-Type: text/plain; charset="iso-8859-1"<br />Content-Transfer-Encoding: quoted-printable<br />MIME-Version: 1.0<br />X-OriginalArrivalTime: 18 Jul 2012 14:48:10.0870 (UTC) FILETIME=[5A053160:01CD64F4]<br />X-Barracuda-Connect: col0-omc1-s12.col0.hotmail.com[65.55.34.22]<br />X-Barracuda-Start-Time: 1342622893<br />X-Barracuda-URL: http://barracuda.lx.it.pt:8000/cgi-mod/mark.cgi<br />X-Virus-Scanned: by bsmtpd at lx.it.pt<br /><br /><br />http://www.leopiccolo.com.ar/dev/dermatologia/wp-content/plugins/zoqlhnfdxc=<br />f/site.php?cave225.gif<br /><br />==========================================Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-606282676955748155.post-65771146178854890332012-05-11T15:06:04.752+02:002012-05-11T15:06:04.752+02:00Hi Shahin,
Thanks for sharing your analysis ! As ...Hi Shahin,<br /><br />Thanks for sharing your analysis ! As stated in a previous post, site owners using Wordpress should take actions to secure their website.<br /><br />Most importantly by performing Wordpress updates and plugins they might be using.<br /><br />There is indeed no sure way to say if it's sent from an infected computer(/zombie) or not. Best thing to do is contact your relatives as soon as possible to not click on any of the links you(read: the hacker) might have sent out.<br /><br />Cheers !Barthttps://www.blogger.com/profile/18326761248866196755noreply@blogger.comtag:blogger.com,1999:blog-606282676955748155.post-45443512356679568002012-04-28T06:46:07.145+02:002012-04-28T06:46:07.145+02:00Thanks for taking the time to explain all of this ...Thanks for taking the time to explain all of this so clearly and with so much details for those that do not have the skills or cannot expend in the effort to investigate.<br /> My Hotmail was hijacked and I am pretty sure it was not a key logger so more likely MS had a breach of their Hotmail database in the past 8 years (when I last changed pwd)!<br /> I dug up some info. in my own quest to get to the root of this. This person is hijacking sites with weak security or ones that have not been set up yet(default pwd?). He then puts his clone page (of the same site) under a Sub directory on the Website - under themes or styles, etc. If you access the site using default directory then you get the normal page the real owner of created with no Trojan or Malware but if you access the hacked version of the page using the Email link AND pass a variable in the link then you get the dreaded scan pop-up. <br />I looked the the sent folder and found the Emails the hacker had sent. They originated from [79.116.212.208] (Romania) and [46.134.218.228] (Spain) but for all i know they could be Zombie machines and the poor user does not know it their PC is controlled from elsewhere.<br /> In my case the links sent pointed to a inactive site and an active one, both hosted through "DreamHost" in CA.<br />Here is one bogus link (notice it is buried under Themes and passing a variable) www.emlakkonutprojeleri.com/wp-content/themes/continuum/tifle.html?=<br />eefv=3Dezs.jdg&jmi=3Dte.hkml&shc=3Dtctf <br /><br />I would have thought tracing the culprit to be as simple as tracing the merchant ID of the entity that turned in the credit card transactions, but I guess not.Shahinnoreply@blogger.comtag:blogger.com,1999:blog-606282676955748155.post-42058580744260700382012-04-26T20:34:54.402+02:002012-04-26T20:34:54.402+02:00Good point indeed. I have added it to the preventi...Good point indeed. I have added it to the prevention tips.Barthttps://www.blogger.com/profile/18326761248866196755noreply@blogger.comtag:blogger.com,1999:blog-606282676955748155.post-37704329119948553382012-04-26T16:00:57.048+02:002012-04-26T16:00:57.048+02:00ummm ... Prevention ... most important of all ... ...ummm ... Prevention ... most important of all ... use a unique password for hotmail ... don't use that password with any other websitesAnonymousnoreply@blogger.com