On accessing my webmail account with Virgin media, a pop up appeared on the screen advising that my account seems to have been accessed from Nigeria and should change my password.
By clicking on an activity log, it tells me it was accessed from America a day ago, Nigeria 10 hours ago as well as all the other times I have accessed it, showing IP addresses.
Now I access my webmail either
work computer
phone
home computer and thats it.
There are 4 IP addresses on the list exc the Nigeria and US ones, which start with "starcomms.net"
Now I can quite easily change my password but just wondering if this looks like a genuine alert from Virgin or a dodgy pop up!
|
Bobby, dunno if it's genuine but I'd be changing the pw pdq before someone else does and takes over the account. I make sure mine always include at least one digit and one non alpha. Though at least one bank does not allow non alpha characters :-( Dumb or what?
John
|
|
have you tried asking Virgin if they authorised the warning pop up?
|
I'd be asking them or posting in the broadband forums. Might be better to post in the forums after changing the password to one you don't use elsewhere....
I never use my VM email account. It's just forwarded to my normal one.
|
|
Will try contacting them, VM is my main email account
|
starcomms.net is Nigeria based
www.ip-adress.com/whois/starcomms.net
>> Will try contacting them,
www.virginmedia.com/myvirginmedia/contact/complaint-feedback.php
Report an Internet security concern
If you would like to report a security concern relating to someone using our internet service, there are four easy ways to get in touch with our Internet Security Team
You can contact us by phone on 02920 305 142
You can use our Internet Security form.
>> VM is my main email account
change it. never a good idea to use your ISP email as your main account.
Was your password a strong secure one?
Change your password to a secure one, and change your password reminder clues to make it impossible for anyone else to guess the answer.
check how easy it is for someone else to get your details using the virginmedia email login page where they ask:
Forgotten your details?
I have forgotten my username
I have forgotten my password
I don't know my username or password
Last edited by: John H on Wed 9 Feb 11 at 16:24
|
|
I would suspect its a dodgy pop-up
|
>> I would suspect its a dodgy pop-up
>>
Likely could be, but the mystery is why Bobby's mail activity log shows the foreign IP addresses.
|
Is the activity log the one in your Virgin account?
If so, it is trustworthy.
Not only would I be changing the password, but I'd also be doing something on my computer to see if it's infected with something which can capture your input, thereby nicking your password.
|
>>VM is my main email account
change it. never a good idea to use your ISP email as your main account.
Excuse my ignorance, but why is it not?
|
Because you may decide to move ISP is the main reason. When I first got dialup Internet it was with Demon and that was when they offered a good service. When I moved from Demon I also moved my email address (to Yahoo at the time and still use that one) so it would not affect me.
Since then I have had the all inclusive Freeserve dialup Internet, then VM broadband, a period with no broadband of my own at all between house moves, and currently have BT broadband. Email address(es) have not had to change in that time.
|
|
Also curious why not...? Surely not just the convenience in RTJs post?
|
|
I can only think it's because of what I said above. I can't see them being less reliable or secure than anything else. Not that I expect Yahoo or Google mail to be totally secure.
|
>> Also curious why not...? Surely not just the convenience in RTJs post?
>>
If it is your main email address, then your ISP account is just as easy to hack as your email account:
eg.
"My Virgin Media" - Your username is the email address which you set up when you activated your internet service
"my BT" log in username: "(This may be your email address.)"
"my account" at talktalk username is "Email address"
virginmedia "e-billing" is managed with
Your email address : ? e.g: richard.branson@virginmedia.com
PIN number : ? Your secure 4 digit pin number
BT password can be obtained by
" 1.
Provide
username Enter Username If you can't remember it, this might be your email addres
2.
Step 3
Answer security question
3.
Step 3
Email reset instruction
The security question can often be answered by from the facebook page of a victim.
If the victim has used the ISP email to register with Facebook, then their facebook account is also at risk.
If the victim has registered with the likes of energy supplier EDF, then their energy account is at risk (yes, they use your email address as the username).
If the victim has registered with the likes of Tesco Mobile, then their phone account is at risk (yes, they use your email address as the username).
Finally, this is what someone on a Which? discussion said:
conversation.which.co.uk/technology/our-poll-says-youre-sticking-to-your-isps-email/
"‘I would dearly love to leave Virgin Media – but as they also have my email address they have me by the jacob’s crackers."
p.s. Bobby has not yet said how secure or "guessable" his password was.
Last edited by: John H on Wed 9 Feb 11 at 23:22
|
>>p.s. Bobby has not yet said how secure or "guessable" his password was.
What makes a password secure or guessable - it wasn't my mother's maiden name if thats what you mean but it was letters only, although not a word as such.
|
>> What makes a password secure or guessable - it wasn't my mother's maiden name if
>> thats what you mean but it was letters only, although not a word as such.
>>
check here
www.microsoft.com/security/pc-security/password-checker.aspx?WT.mc_id=Site_Link
learn more from here
www.microsoft.com/security/online-privacy/passwords-create.aspx
en.wikipedia.org/wiki/Password_strength
|
|
I have emailed Virgin, will let you know if reply is received.
|
Well have just went through all my settings and it would appear my account has been hijacked - there has been a setting put in to forward all my incoming emails to a gmail account.
I have removed that now but what else should I do?
|
There will be a back email address probably if you forget your existing one - check that.
Take off the auto forward (you have done) and then change your password to a complex one - 16 letter/numbers
Check what mail has been sent from your account.
Its probably been a brute force attack (one that tries to guess lots of passwords)
|
what do you mean a back email address?
Will change password again
Doesn't seem to be any emails sent, certainly there are none showing in the sent box
|
|
Having said that, I sent 3 emails entitled test1, 2 and 3 from the account and they are not showing in the sent box either. Only the test 4 is showing which I sent after I disabled the forwarding box?
|
>> what do you mean a back email address?
I think he meant backup - usually one they send password reminder to,
>> Doesn't seem to be any emails sent, certainly there are none showing in the sent box
But the website won't have emails stored for items sent from a proper email client. Someone could have been spamming with your email address. There'll be no record on the webmail interface.
Check your computers for compromises... somehow they found your password. Probably a brute force attack if a simple enough password though.
Last edited by: rtj70 on Wed 9 Feb 11 at 22:04
|
Well opened my emails this morning to see 4 replies from international ebay sellers about motorbikes I have asked questions on!
Oh joy!
|
You didn't by any chance use your virginmedia ID (and used the same password there as for checking your email account) at the other motoring place which got hacked, did you?
Last edited by: John H on Thu 10 Feb 11 at 11:11
|
I see what you mean - the virgin media password can only be a max of 10 characters, must start with a letter, and can only contain letters and numbers.
So no long passwords, no symbols and you have a 1 in 26 chance of guessing that first character!
|
"So no long passwords, no symbols and you have a 1 in 26 chance of guessing that first character!"
All the more reason to open a free account with Hotmail / Gmail / Yahoo and start using it right now. It will take time to cease use of your VM account but the sooner you start...
And of course make sure your VM account is well locked up with a complete gibberish password.
May I recommend Roboform for remembering and completing passwords? I've used it for about 2 years now and I would find it hard to manage without. A 30 day free trial is available. I've recently come across LastPass which is free (Roboform costs) and similar to Roboform I believe but I've not tried it so I can't give a personal recommendation.
John
|
I ran a full MSE scan last night and it found the following 4 criticals:
Exploit:Java/CVE-2010-0094.BM
Exploit:Java/CVE-2010-0094.AA
Exploit:Java/CVE-2010-0094.BU
Trojan:Java/Rowindal.D
So I guess thats where its came from and it has managed to come in even though I am using MSE.
Any ideas where it will have came from - does the Java mean it is coming through on the Java updates? I have a pending Java update which tells me that
"
Java Update
Your system currently has an older version of Java and you are receiving this update notification because a newer version has been automatically detected.
This free update for Java (Version 6 Update 23) contains important enhancements for your Java applications:
improved performance and stability
enhanced security
support for the Chrome 4.0 web browser
language support for Brazilian Portuguese
does enhanced security mean they know something is wrong with a previous one???
|
Bobby, firstly (and sorry to be slow in thinking of this) but "opened my emails this morning to see 4 replies from international ebay sellers ". Surely that means they've logged onto your ebay account? After all, you can only ask such questions if logged into ebay.
This may be exploiting security holes in Java but will not have come in via the java updates.
"does enhanced security mean they know something is wrong with a previous one". Yes. But that is not to denigrate java. All (well, mostly all) software has security vulnerabilities. That's why you get monthly path updates from Microsoft. You'll get them from Adobe too, and others.
I'd assume the worst and start changing all passwords, starting with the most critical - banks / credit cards etc.
John
|
John, I have already been on to ebay and got everything sorted there - I hadn't bid on any items apparently, interestingly a lot of questions had been sent to Australian motor bike and car sellers . These questions did not appear on My Ebay Messages although the last item viewed was a motorbike.
I don't know if they start off by asking questions etc to see how quickly they are noticed. If like me it has been noticed then they may leave things but if they were continuing to get replies forwarded to their own email address then they would know that they have time on their hands!
Paypal account is a different password again and there had been no activity on it.
I have changed passwords for everything, email, banking, ebay, paypal, online shopping etc. And the majority of them I changed via my work's computer just in case there was anything still lingering in my own and I won't use my own until I am confident it is free of infections.
|
>> hadn't bid on any items apparently, interestingly a lot of questions had been sent to
>> Australian motor bike and car sellers . These questions did not appear on My Ebay
>> Messages although the last item viewed was a motorbike.
>>
search on google Australia www.google.com.au/
and/or ebay Australia www.ebay.com.au/
for pages that have your email address on them.
|
Phew! I hope you're ok now Bobby, all tied down and nothing untoward happening. Good luck. It just goes to show you need to be careful.
The other John's advice for clearing your pc looks comprehensive. Might take a while to get through!
John
|
>> I ran a full MSE scan last night and it found the following 4 criticals:
>>
Here is a full step by step procedure to follow:
forums.majorgeeks.com/showthread.php?t=35407
Also, as Tooslow says, change the contact email details and passwords on all your important online accounts (bank, ebay, facebook, online shopping, etc.).
(Where is Rattle when you need his professional advice? He will soon be along to tell you that, in his professional opinion, you have a rootkit infection.)
also see
blogs.computerworld.com/different_approaches_to_removing_malware
Last edited by: John H on Fri 11 Feb 11 at 11:04
|
www.pcpro.co.uk/news/security/365206/two-step-sign-in-to-strengthen-gmail-security
Not strictly relevant to the current situation but this should nail down e-mail security.
No doubt someone out there is less honest than me and can see a way to circumvent it though.
John
|
|
Cheers John, I will do that tonight when I get back on the home PC.
|
Virgin media webmail - security - Tooslow
