View Single Post
Old 01-21-2007, 05:28 PM
  #2  
Kamper
Senior MemberCaptains Club MemberPLEDGER
 
Join Date: Feb 2003
Location: Thornton's Ferry,NH,USA
Posts: 10,657
Default RE: Computer email spam hijacking questions

There are probably several ways this abuse can occur. These are the two that I think I understand.

1) Trojan Horse Program. This is a virus infection where some of your computer's capacity is taken over to generate spam. All responses to the spam go to the hi-jacker. These programs save them the expense of buying all the server time reuired for their activities. It also makes it harder to stop them because all the message tracing goes back to the "sender" which is you and the other victims.

I believe Trojan Horses can be crafted to steal your e-mail log-ons and also use false-sender formats.

You get these by going to an infected site (or openning an infected email) when your fire-wall is not running. There are game sites that claim you need to disable your fire-wall to get the inter-active program to play their games. These sites are frequently corrupt or compromised. Heck they're free, do you really think they are going to spend money to protect you? If you have kids playing on-line games this is a highly likely source for your troubles.

A hacker can also use one of these programs to actually work your computer the same as if they were at your your desk.

2) Hijacked email. You fall prey to this by a technique known as "social-engineering."

You access a page or web-site that you think is legitimate and enter your ID and password but the site is actually spurious. The address is just a little different from the real thing and you might get there by a typo error. After you try to log-in the response will be something like "rechnical difficulties try again later."

Some websites ask you to use an e-mail address as a user name and many people will use the same password as on that account. If the site is bogus or corrupted, you have just turned over your email account.

Some sites have weak internal security and hackers can format their page to look like a second log-on is required due to restricted access material. With this information they can access your account and find your e-mail address and proceed as mentionned above or they can generate intra-site spam until the moderator blocks your account. (FYI "MySpace" was riddled with false log-in screens for a while.)

If you get rejection messages on your e-mail from people you didnt send anything to, it's quite likely that you have been hijacked somehow. Change your password immediatly.

I use a "spam-trap" account for any internet activity that requires an address. That way if it's hacked my credit cards and bank information is not compromised. Traps need to be cleaned regularly or they will be overwhelmed and may miss any legitimate material you want to receive.

That's all I think I know about that.

I'm not an internet expert by any stretch of the imagination but I've been read about or been exposed to the above scenarios. Mostly by helping a friend cleanup up her computer and not my own. Thank goodness !
Kamper is offline