Not good not good at all

[wanda]

Someone has haked into my computer and got my work email adress details and sent spam to over 20 000 different e mails and now my service provider has suspended my account. This is most embaracing as clearly some of my clients have been contacted with my e mail , name and company logo asking for them to forward their account details.



I hope it wont damage my business repution too much. How can I prevent this from hapening in future?

[Gav]

We'd need some more details as to the network setup and software you're running to be able to really offer much advice.

Some questions:

• Do you have a firewall? Router?
• What Operating System are you using?
• Do you use any virus scanner or malware detector?

Potentially it could be someone hacking into your Email account at a provider, capturing all the addresses over a period of time...

[wanda]

We'd need some more details as to the network setup and software you're running to be able to really offer much advice.

Some questions:

• Do you have a firewall? Router?
• What Operating System are you using?
• Do you use any virus scanner or malware detector?

Potentially it could be someone hacking into your Email account at a provider, capturing all the addresses over a period of time...

Yes I have firewall Kaperski 2010 takes care of that for me. I use XP...... Now the hosting company wants to boot me as they think my company has been sending spam

[davelowe]

Are you using a wifi connection to your router? WAP/WEP encryption is very easy to break counter to what most people think. I can (if I so choose) break into a system using packet sniffing software on a laptop in around 30 minutes. If possible, get cabled up with ethernet (if applicable).

1. First on the list is to telephone the ISP and explain the situation. I would be interested to know how their smtp server managed to relay 20,000+ messages in a short period of time. Ask for a log if you aren't sure how long it has been going on. Check the terms and conditions of your account. Be very diplomatic!
2. Install spybot search and destroy (free).
3. Install Ad-Aware (free). Install Malwarebytes (free I think).
4. Make sure your virus definition are up to date - ideally updating several times of day. Kaspersky has a good reputation - scan at least daily (schedule it). Scan all your computers and any CDs/DVDs/memory sticks you have created that you use regularly also with items 2 and 3.
5. Unshare ALL shared folders - use a memory stick to move stuff around. Buy one with inbuilt password protection so if you lose it, all is not lost.
6. Password protect the PC and don't log on as an administrator (not perfect but stops unauthorised access to your machine from others in the office).
7. Check to see if any online banking has been compromised. Go to the bank(s) to get statements or phone. Don't use the internet to check.
8. Change your passwords on everything you access and don't use the same one more than once.
9. Scan with items 2,3 and 4 any file you download before using it.
10. Change your ISP password. Use an online password creator, then change at least 4 of the digits.
11. Phone your customers and apologise. Most people have had this problem at one time or another, so they will most likely be sympathetic.

[Stranger]

Sorry to hear about this wanda and hope everything gets sorted and that your business doesn't suffer because of it.

It'd take me a while to think of all the advice that davelowe has given you, nice one dave.

[Gav]

Yes I have firewall Kaperski 2010 takes care of that for me.

So not a hardware firewall or router? I'd always be concerned that a virus or malware on a Windowx box could open a hole in a software firewall to allow access in.

[wanda]

Now I have been booted by the hosting company, lost a day worth of work trying to figure this out, I got a new hosting company and am trying to restore the back up from the website. Got a strange GZ file that isn't recognised. Well I have learned one thing scams are real just hope it doesn't happen again.

I was advised to get rid of Kaspersky 2010 and install AVG 9.0 free edition and the amount of viruses and spy ware it has found is amazing, why did I waste £29.99 when a free AVG does a much better job.

[davelowe]

Now I have been booted by the hosting company, lost a day worth of work trying to figure this out, I got a new hosting company and am trying to restore the back up from the website. Got a strange GZ file that isn't recognised. Well I have learned one thing scams are real just hope it doesn't happen again.

I was advised to get rid of Kaspersky 2010 and install AVG 9.0 free edition and the amount of viruses and spy ware it has found is amazing, why did I waste £29.99 when a free AVG does a much better job.

AVG is quite good, Antivir is my preference (lower overhead), but its a hit and miss affair with all virus scanners to some degree. Beware of false positives though - my scanner updated today and while running a scan picked up a file from ASUS (one of the hardware drivers) as being a worm. I know it isn't.

There are websites that will run scans on an uploaded file on many different providers - they do it to improve/compare their definition lists.

WRT the .gz file - it can be opened by winrar - its a file type a bit like a zip file ie compressed. Winrar is a free trial (indefinite) and other software will open it too.

Are you using CMS (content management system) software to design your site (Joomla, Drupal, Wordpress)? If so, what you will find in the .gz will most likely be a .sql file which is a backup of the database. You will need to log to your new provider and install a fresh version of the software using an FTP client, then login to Cpanel, or phpmyadmin and upload the .sql file and execute it as a query. It should then drop any existing tables and restore the database (depending on how the backup was done). It can be more complex, but usually sortable.

If you aren't using CMS. it should still be easy to fix (easier in fact). PM me if you need help.