I’ve been a long time Yahoo! Messenger (YM) user. Yahoo was my first e-mail account and most of my contacts are Yahoo!. I won’t make the intro long. So here’s what’s I want to post. There are times before where I receive an instant message from an unknown Yahoo! ID. Well, simply, that was spamming. I suspect the spammers were able to get my email address from forums or other place. But then lately (I believe it started this year), I am receiving “wierd” IMs from my yahoo buddies (those are my friends). The first one, as I recalled, was in English. I then asked that friend if some one else was using here computer. She told me nobody’s using her PC aside from her, I suspected an account hacking.
I then asked some “pro” regarding this and they told me that most probably, this was caused by a malware or a “worm”. I asked my friend to do a virus scan. She wiped out her hard drive and made a fresh install. Since then, there were no more “spam” from her.
However, another buddy got “infected” by this and sends out IMs also on a different language. But lately, I was surprised because one of my buddies were sending me IMs (in English) regarding a “diet pill”. I thought he was just promoting something. But when almost 5 buddies were sending the message, I was alarmed that they might be infected by a worm or malware.
Yesterday, I asked my brother if he was receiving messages like that and he said yes. I the asked if he received one from me, I believe he said no but when I came to office, he had sent me an email with a message coming from me. We talked in the morning and the message was timestamped at 10:35 in the evening.. I left home 10 in the evening.
Before the message reach you, your “buddy” will first “buzz” (hitting ctrl+g on yahoo messenger client will buzz or shake the other contacts IM window to get attention) you and then send out the message. If you could notice in the image, the buzz was made 10:35:01pm and the message was sent at the exact same second. With the length of that message, it is imposible to type it in split second, unless you copy – paste very quickly. The worst thing is, I am using Pidgin, an opensource, multi platform/protocol (you can have AIM, Gtalk, YM, IRC, multiple accounts on same protocol) instant messenging client. And this program doesn’t have the “buzz” feature. I am sure my wife didnt’ use YM cause she knew about Pidgin. (Thought I’m not going to make this long??)
So the question is, is my account being “hacked”. Was someone able to figure out the passwords of these users (including me) and then send spam to all our contact on our list? Or it is a worm the controls not the IM client, but the connection itself so it can send messages and command without opening an IM windows and execute a feature (the “buzz”) even if it is not supported by your client. Most probably it is a worm or malware.
I tried searching the net but not enough info. My brother gave me a link to a forum (on a different language). But when I try google’s transaltor, it is filtered in our office. So my resolution is to do a full system scan. Also run anti-malware/spyware scan. Then reformat and reinstall everything (which I will be doing anyway since my partitioning sucks), and delete any programs I downloaded from the net that I don’t need (well, those are clean programs, but I don’t need it).
Another question is, how did I get that malware/worm. Honestly, I don’t know. There are actually 3 computers at home. Two desktops and a laptop. The other desktop, is owned by my wife’s sister. I used to secure that computer but my wife’s nephew wants to do it “his way”. I turned of file and print sharing then. However the laptop was being used by my father-in-law and other people. File and print sharing is active on that one. In any case, some worm/malware can penetrate other computers on the network even if file and print sharing is off. And there are viruses, worms, and malware on the other desktop.
The laptop’s LCD is broken, and I already disconnected the other desktop from the network. Maybe this time, everything will be fine after reinstall.
Lesson to learn: Don’t trust everything on the net (websites/files/etc.) and always do a system scan (anti malware/spyware etc….) once in a while. And buy a good router with good firewall settings (that’s what I’m going to do).