Jump to content
Axe

Information regarding virus found called DOC/Fraud.agy

Recommended Posts

Hi, 
A customer of mine who has Eset on all his devices got hacked today. He received an email in AOL desktop software saying that his account was hacked and listed his actual password. Within 3 minutes of receiving that email someone logged into his aol account and started sending emails out. He then changed the password and while trying to investigate I asked him to send the email to me so I could check the headers. I use a standard email client and Eset is able to scan my incoming mail and immediately detected it as DOC/Fraud.agy. I can't find any information on exactly what that virus does. So far it looks like only his aol password was compromised. I advised him to change all his passwords and monitor his financial info. But I would feel much better if I can narrow down exactly what this virus does. Thank you.

Axe

Share this post


Link to post
Share on other sites

His password is probably found from some dump in the internet which post compromised websites passwords so you can check them with your email to know if your account is hacked in specific website, so which is your password is known to lists

These emails will use passwords from these dumps and send you the password that was found there in order to scare you to press another link which can cause more harm , or black mail you.

All you need to do is remove the email , don't open any attachments , reset your passwords and if possible secure them with 2FA.

Share this post


Link to post
Share on other sites

It appears to be just a scam mail body that is detected. I didn't find any link nor script there that could pose a risk. Most likely the sender got the password that leaked in the past; you can check it here for instance: https://haveibeenpwned.com/

image.png

Share this post


Link to post
Share on other sites

Thanks for your answer. So first I checked the website you suggested and his info has been out there apparently for a while. IDK if he changed the password but it's listed as being in a data breach in 2016 and also in Jan of 2019. I would think if it was out there for that long he would have been hacked a long time ago. Second point is that when he emailed the email to me it Eset alerted me that it had a virus. I was not able to see the email at all, but he told me he didn't open any attachments or click any links and he didn't see any attachments. SO I'm wondering whay it was detected as a virus by Eset.

Axe

Share this post


Link to post
Share on other sites

As I wrote, it was the text of the scam email that was detected.

Share this post


Link to post
Share on other sites
On 9/14/2020 at 3:45 AM, Axe said:

Thanks for your answer. So first I checked the website you suggested and his info has been out there apparently for a while. IDK if he changed the password but it's listed as being in a data breach in 2016 and also in Jan of 2019. I would think if it was out there for that long he would have been hacked a long time ago. Second point is that when he emailed the email to me it Eset alerted me that it had a virus. I was not able to see the email at all, but he told me he didn't open any attachments or click any links and he didn't see any attachments. SO I'm wondering whay it was detected as a virus by Eset.

Axe

Doc/ in detections means Document in that case which is the TEXT File

Share this post


Link to post
Share on other sites
On 9/13/2020 at 12:54 PM, Axe said:

He received an email in AOL desktop software saying that his account was hacked and listed his actual password. Within 3 minutes of receiving that email someone logged into his aol account and started sending emails out.

I assume your friend is also using AOL Gold desktop software which is a paid monthly subscription service? AOL shut down its free desktop software in 2017.

AOL Gold features note:

Quote

Premium security features to help prevent your AOL account from being compromised and hacked

https://discover.aol.com/products-and-services/aol-desktop-for-windows

As such, your friend should be informing AOL of this activity. Also perhaps dumping AOL Gold use altogether. AOL home page can be directly accesses in any browser via entering aol.com. AOL e-mail can be directly accessed in any browser via entering mail.aol.com.

Share this post


Link to post
Share on other sites

Yes, he is using aol desktop gold. I will inform him of what you said above. Thank you all for your replies.

Axe

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...