Email Hijacked from Wireless Infected Windows Laptop

goingjag

Member
Nov 2, 2011
3
0
Okay here's a scary one. Mostly posting this as info but if anyone has insight I'd appreciate that as well.

Neighbor known to not watch what she clicks on has laptop issues. Last time I ended up with my laptop infected while fixing hers, so this time I take my iPod and android tablet with me.

Sure enough the thing is riddled with at least 3 trojans. She's allowed one of those bogus speed up my pc software apps to be installed too. She has some odd Comcast connection into a linksys that wants a fixed ip so I stuck my zuni onto the linksys so I could have my own wireless network to look stuff up if I needed help with fixes. She also had a wireless mouse, not sure if that was bluetooth, but that's a possibility.

The tablet has my safe haven email on it, my iPod has my real email on it.

While sitting working on her computer my iPod alerts me to a new email. I check it, and it's from my safe haven email account, and of course the subject is US NEWS with a very bogus url that I didn't need to click to know it wasn't going to be a nice place. Since it was timestamped with the time I was sitting in her house, and my safe haven email was not online anywhere else, it had to have come from my android sitting next to me.

So my tablet was wirelessly invaded by one of the things running on her pc before I got them all deleted.

I went home and changed passwords on everything to be safe and I won't be firing up that tablet until I can figure out a good malware removal tool to use.

Since I have found no instance on the internet of this occurring to anyone else yet, I thought I'd post it here as a warning as well as an open invitation for input on malware detection and removal software.

I also hope this willl serve as a suggestion that others consider putting such protection on their devices, to be safe.

I'm not some crazy goof, I'm 65 and have been using computers from the time when I had to hand wire my own 64k memory. So don't think this is some hair brained post. I really didn't think I'd see a cross platform virus that would replicate itself wirelessly! But since you can talk pc to android, it should have dawned on me that the possibility was there.

p.s. this was on an ainol running cryogenic 4.1, I just noticed I haven't updated my profile from the days when I had a pandigital.
 
Last edited:

SEMIJim

Senior Member
Aug 20, 2011
359
23
Is it possible that your "safe haven" email address was spoofed by one of the trojans running on her infected PC? It is common for trojans to raid address books, especially if the trojaned machine's user(s) is/are using MS Outlook, to raid address books and use one-or-more of the addresses therein as a "From" address. Did you examine full headers on the spam/scam email you received from "yourself?"

Jim
 

Robyski

Member
Mar 14, 2012
34
9
Goingjag,

Sounds like a tough battle so far. Good luck if you're still fighting the infected laptop.

Unfortunately, antivirus software is almost a must on Android devices now. The bad guys are trying everything they can to access your data and your pocketbook. I have used AVG, McAfee and Lookout on multiple devices. All do a good job of scanning after install and notifying you of suspect apps and installs.

I agree with Jim. It's possible you just got a "spoofed" email from the infected laptop. Since you've helped your neighbor before, your email address was probably in her Contacts or Address Book.

Not sure of the exact laptop troubleshooting steps you use, but I'd like to suggest a couple that have helped me;
1. Disconnect any infected computer from ALL networks (wired, WiFi, Bluetooth, cellular, etc.).
2. Do NOT connect any USB thumbdrives or USB harddrives.
3. Uninstall all toolbars and screensavers. Legitimate ones can be reinstalled later.
4. Uninstall all versions of Adobe Flashplayer, Adobe Reader, and Java. You can reinstall later if needed.
5. Clear all browser cache/temp/history files.
6. Reboot.
7. Have some basic antivirus/malware troubleshooting software and tools burned onto a CD-R disc.
8. Install anti-malware software, run a scan, and reboot. Run another anti-malware scan and reboot again.
9. Make sure the Windows Updates are turned ON.
10. Make sure the Windows Firewall is turned ON. On is OK for most people, but some software might require that it be turned OFF.
11. You should be able to reconnect to a network.
12. Install/update Antivirus software! Some like AVG or Avast are free.

Once you've reconnected to a network, you might want to run another anti-malware scan. Some malware will "hide" and wait for a connection to the Internet. I usually use Malwarebytes or Spybot to start fighting infected devices. Spybot allows you to download manual update files and burn them to your CD-R. That way you can fight the infection with the latest updates and definitions without having to connect the infected computer to the Internet until you are ready.


Happy Hunting,

Robyski
 

goingjag

Member
Nov 2, 2011
3
0
Robyski, thanks for the reply.

There was no need for me to look at the headers of the message I received from myself, when I got home, after changing my password, I checked my sent mail on a desktop machine that I use to access that account, and the message was in my sent folder. So it had to have gone from my android, not from spoofing my address on her machine.

I agree with all of your suggestions and hope others will follow them. With the exception of number 1, I followed all those steps myself, if I had bothered putting protection on the Ainol when I got it, like I had planned, I probably never would have known this was possible. I use spybot and malwarebytes as well and have been using those for some time. However getting an older person to understand running this stuff is important is difficult (listen to me - I'm 65 and calling someone older).

I've been away and today is the first day the scheduled full scan was to have run, so I'll probably find out tomorrow if things have improved.

Since I'm afraid to turn my android on to download AVG, I guess I'll download it to a throw away stick and run it on the android from there, at a location where my wireless doesn't reach.

I guess the scariest thing about all this is that there would be a crossplatform malware out there that can jump on a wireless network and execute on a totally different platform.

Thanks again for the suggestions.
 

leeb

Member
Jul 16, 2011
463
21
Whenever I work on someone's infected computer I NEVER allow it to run on its own. I ALWAYS remove the hard drive and use an external USB connector to attach it to my protected laptop, and scan/clean it as an external device.

This method has not failed me yet... tho it is a tad more inconvenient, especially when it is an older PATA drive that needs the 'big box'.

Pity the same procedure cant be done with your Android... :D
 

goingjag

Member
Nov 2, 2011
3
0
Leeb, although I've done that with my own desktop drives, I have to be honest I hadn't thought of that with a laptop, and I have to connector to do it somewhere around here. It's a great idea, I'll probably use it if her machine is still dirty after the scan that is going on now.

Thanks for the tip. Running my scan of the Android from a program on an external card will hopefully do the trick for me on that one.
 

vampirefo.

Senior Member
Developer
Nov 8, 2011
3,836
1,394
Okay here's a scary one. Mostly posting this as info but if anyone has insight I'd appreciate that as well.

Neighbor known to not watch what she clicks on has laptop issues. Last time I ended up with my laptop infected while fixing hers, so this time I take my iPod and android tablet with me.

Sure enough the thing is riddled with at least 3 trojans. She's allowed one of those bogus speed up my pc software apps to be installed too. She has some odd Comcast connection into a linksys that wants a fixed ip so I stuck my zuni onto the linksys so I could have my own wireless network to look stuff up if I needed help with fixes. She also had a wireless mouse, not sure if that was bluetooth, but that's a possibility.

The tablet has my safe haven email on it, my iPod has my real email on it.

While sitting working on her computer my iPod alerts me to a new email. I check it, and it's from my safe haven email account, and of course the subject is US NEWS with a very bogus url that I didn't need to click to know it wasn't going to be a nice place. Since it was timestamped with the time I was sitting in her house, and my safe haven email was not online anywhere else, it had to have come from my android sitting next to me.

So my tablet was wirelessly invaded by one of the things running on her pc before I got them all deleted.

I went home and changed passwords on everything to be safe and I won't be firing up that tablet until I can figure out a good malware removal tool to use.

Since I have found no instance on the internet of this occurring to anyone else yet, I thought I'd post it here as a warning as well as an open invitation for input on malware detection and removal software.

I also hope this willl serve as a suggestion that others consider putting such protection on their devices, to be safe.

I'm not some crazy goof, I'm 65 and have been using computers from the time when I had to hand wire my own 64k memory. So don't think this is some hair brained post. I really didn't think I'd see a cross platform virus that would replicate itself wirelessly! But since you can talk pc to android, it should have dawned on me that the possibility was there.

p.s. this was on an ainol running cryogenic 4.1, I just noticed I haven't updated my profile from the days when I had a pandigital.

Honestly you are overreacting, there isn't any cross platform virus that can jump wireless, they simply don't exist. I was playing on my tablet and my car alarm went off, I went outside to find my tire was going flat, I could say a virus from my tablet caused this, by jumping into my gps in my car and set off the alarm and caused the tire to loose air, but in reality the tablet had nothing to due with the alarm or flat tire.

Anyway good luck to you.
 
Last edited:

SEMIJim

Senior Member
Aug 20, 2011
359
23
I'd sure like to know the name and nature of malware that's cross-platform and can jump across a wireless connection like that.

Jim
 

Mrhelper

Senior Member
Apr 29, 2012
216
57
It sounds like it was a browser worm, possibly on a stale version of Firefox on a PC or a Mac that your email account was used on. Avast (on a PC) detects the bad URL in the email message, so the infected machine was probably not running current antivirus software. This type of worm has been around for years. It propagates to browsers when users access content via the URL embedded in the email message. It then connects to email services via the browser, and gains access if you did not log out. It then sends the message to all of your contacts. Yahoo, for example, has the check box to stay logged in set by default, so many yahoo users rarely log out, which may explain why I've seen this happen to several yahoo email users. Also, if your tablet syncs the "sent" folder via IMAP, you might be fooled into thinking the tablet sent the message. I agree with Vampireinfo that this was probably not a WiFi attack. It was likely just a common email worm.
 
Last edited:
Top