Help analyze this, how can she be hacked

Antonio Sun antoniosun-N9AOi2cAC9ZBDgjK7y7TUQ at public.gmane.org
Wed Dec 21 06:13:19 UTC 2011


Hi,

All of sudden one of my friend, an elder lady, started to send spams to
everybody. When I talked about it with her, she thought it all began with
her opening up a suspicious attachment from within her cell phone, and has
nothing to do with her PC.

Since she is not tech savvy at all, I am kind of not fully buying into it.
Has anyone heard of any malware that successfully infects cell phones? So I
did some research, and found another victim very similar to her.

*Am I sending out spam? *
http://boards.straightdope.com/sdmb/showthread.php?t=633043

in which the OP says,

"1)I'm ridiculously careful about that kind of stuff and I'm not sure I
> could be tricked into it.
> 2)This is a seldom used account. It's not used for any social networking
> sites, I never would have typed in the username/password anywhere other
> then on the webmail page and my phone (it's a POP3 account).. . ."
>


Yet he's been hacked. --

The fact that it sent the email to people in your contacts list is a sure
> sign that the account has been compromised.
>

I don't have a cell phone that can send/receive email, so can anyone help
me analysis the following email header, and see what kind of conclusion can
be drawn from it?

- Looks to me that the spammer did send out the spams from within YahooMail
Web Service, or it is forged as well?
- Can we conclude from the fact that the string "androidMobile" in the
Message-ID that the spammer is sending out the spams using an Android cell
phone using the YahooMail Mobile phone Web Service?

Any guesses what actually had happened to her?

Thanks

    Received: (qmail 62123 invoked by uid 60001); 20 Dec 2011 20:24:45 -0000
    DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rogers.com;
s=s1024; t=1324412685; bh=Uerd3bJ2IEQlAxxINeFmfZ/RbZ1Dqn4BLyX/qf4QVRE=;
h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Subject:To:MIME-Version:Content-Type;
b=mCaYOO18t1+C9xm1u0Fisd1s9fO5+MR6Mykku0cZMf9smq+yg2Qx70hK8mdurk97PTUDW/OsJSnLugzArQQWiApnLVG/t+CIZr+IAYdBNwFQXZ1lotAOpW1tGMtcMI6QjtFXZt9gYWOAHVamCYAKq0Vf4meMnfNGk88NisYQgE4=
    DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws;
    s=s1024; d=rogers.com;

h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Subject:To:MIME-Version:Content-Type;

b=pT7VarhBYaYQUGmhmthvyP7UjypmjidcaFIJO8yLX4FGZsqHbsy+iazsEfC1bWdo1rC/djsMlFv6tuhEoKrzjLJ45sMmDDBuQWIXZpzZjMGw5ILVRsGPrp2OeS/WDTc9pvGS6dTFiU+DjbFcWPCIncoOobSNVCSQVFdPmtQ7eKI=;
    X-YMail-OSG: JcRxq6EVM1nm3zKFcoOnAtEo23MwEaGh9nAQXyvg7XOo1J.
    tnKPDlwG_SvTEDpG8ylRTyTahWKUtOAxa4.bE_WiHzbvHbRxirSg5d3h.rjL
    LT84eL012aK0Fp835Z_7H0ahfrV6JIOlOJW_9PvPjOKllgMvEOwWbjuoOf8H
    SEUEfWQwcFbK7Oxn39c.APJmVwM5gk5ry77kt1f_pExbC9CS1TzUk_Wrw.su
    R9zfMRzAIcKKW0obEWK7d6BoeKiIhl2o5ndOOePZz7_NEoAvZKmqg5lIPSI9
    gM9jDmHVH8gS1rESp4qTSMukULc6u9d1b02PHCOum0i4g_zG4lUX7yWOIYJ3
    71qJl6YkJKjebVUt5.Ilemt2DxIy9DZ4CYTCB0eY.6itVYj7JeuS2fzvhse1
    s_wuKst.ftWlM7g34z..crd9VRL5vKoZw6SPwWII17p_XKk9mfo.a.FuZ1kW
    n0ovtEqD4ZyFbqCcRMcJjS0wx2CDmDzWx7ftt.KtZSOvl_NIvuGW9JeVK_w.
    WR4Ulzk.XiFfm3UOnBTilXKxSC_bBNubfwpzLKk1foQ--
    Received: from [117.195.97.137] by web88605.mail.bf1.yahoo.com via
HTTP; Tue, 20 Dec 2011 12:24:44 PST
    X-Mailer: YahooMailWebService/0.8.115.331698
    Message-ID: <1324412684.53494.androidMobile-cTa2G3qg0ZGvYMxfvLqCK1Z8N9CAUha/QQ4Iyu8u01E at public.gmane.org>
    Date: Tue, 20 Dec 2011 12:24:44 -0800 (PST)
    From: ......
    Subject: I DID IT!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gtalug.org/pipermail/legacy/attachments/20111221/d1d21c1e/attachment.html>


More information about the Legacy mailing list