Axe 0 Posted September 13, 2020 Share Posted September 13, 2020 Hi, A customer of mine who has Eset on all his devices got hacked today. He received an email in AOL desktop software saying that his account was hacked and listed his actual password. Within 3 minutes of receiving that email someone logged into his aol account and started sending emails out. He then changed the password and while trying to investigate I asked him to send the email to me so I could check the headers. I use a standard email client and Eset is able to scan my incoming mail and immediately detected it as DOC/Fraud.agy. I can't find any information on exactly what that virus does. So far it looks like only his aol password was compromised. I advised him to change all his passwords and monitor his financial info. But I would feel much better if I can narrow down exactly what this virus does. Thank you. Axe Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 206 Posted September 13, 2020 Most Valued Members Share Posted September 13, 2020 His password is probably found from some dump in the internet which post compromised websites passwords so you can check them with your email to know if your account is hacked in specific website, so which is your password is known to lists These emails will use passwords from these dumps and send you the password that was found there in order to scare you to press another link which can cause more harm , or black mail you. All you need to do is remove the email , don't open any attachments , reset your passwords and if possible secure them with 2FA. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,250 Posted September 13, 2020 Administrators Share Posted September 13, 2020 It appears to be just a scam mail body that is detected. I didn't find any link nor script there that could pose a risk. Most likely the sender got the password that leaked in the past; you can check it here for instance: https://haveibeenpwned.com/ Link to comment Share on other sites More sharing options...
Axe 0 Posted September 14, 2020 Author Share Posted September 14, 2020 Thanks for your answer. So first I checked the website you suggested and his info has been out there apparently for a while. IDK if he changed the password but it's listed as being in a data breach in 2016 and also in Jan of 2019. I would think if it was out there for that long he would have been hacked a long time ago. Second point is that when he emailed the email to me it Eset alerted me that it had a virus. I was not able to see the email at all, but he told me he didn't open any attachments or click any links and he didn't see any attachments. SO I'm wondering whay it was detected as a virus by Eset. Axe Link to comment Share on other sites More sharing options...
Administrators Marcos 5,250 Posted September 14, 2020 Administrators Share Posted September 14, 2020 As I wrote, it was the text of the scam email that was detected. Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 206 Posted September 15, 2020 Most Valued Members Share Posted September 15, 2020 On 9/14/2020 at 3:45 AM, Axe said: Thanks for your answer. So first I checked the website you suggested and his info has been out there apparently for a while. IDK if he changed the password but it's listed as being in a data breach in 2016 and also in Jan of 2019. I would think if it was out there for that long he would have been hacked a long time ago. Second point is that when he emailed the email to me it Eset alerted me that it had a virus. I was not able to see the email at all, but he told me he didn't open any attachments or click any links and he didn't see any attachments. SO I'm wondering whay it was detected as a virus by Eset. Axe Doc/ in detections means Document in that case which is the TEXT File Link to comment Share on other sites More sharing options...
itman 1,746 Posted September 15, 2020 Share Posted September 15, 2020 On 9/13/2020 at 12:54 PM, Axe said: He received an email in AOL desktop software saying that his account was hacked and listed his actual password. Within 3 minutes of receiving that email someone logged into his aol account and started sending emails out. I assume your friend is also using AOL Gold desktop software which is a paid monthly subscription service? AOL shut down its free desktop software in 2017. AOL Gold features note: Quote Premium security features to help prevent your AOL account from being compromised and hacked https://discover.aol.com/products-and-services/aol-desktop-for-windows As such, your friend should be informing AOL of this activity. Also perhaps dumping AOL Gold use altogether. AOL home page can be directly accesses in any browser via entering aol.com. AOL e-mail can be directly accessed in any browser via entering mail.aol.com. Link to comment Share on other sites More sharing options...
Axe 0 Posted September 16, 2020 Author Share Posted September 16, 2020 Yes, he is using aol desktop gold. I will inform him of what you said above. Thank you all for your replies. Axe Link to comment Share on other sites More sharing options...
Recommended Posts