The other day our employee was having a similar situation. But! The situation was much worse than described. The fact that the account, which appeared 3 days ago in Firefox it belongs to our client. That sort of thing.
Computer (laptop) that is having this account is personal and access NOBODY except me and the owner to him had not. However, after analyzing the situation, we found that on his computer and duplicated mail (working). We have developed several versions (was options with a diversion, a trick, to us then to catch in the data theft, since the account opened the door to the mail and everything that makes our client, however, we have refrained from reading other people's letters (we do not do such things). But that's not it. Now Yur. the Department is investigating the incident. Until the IT Department found out: how could this happen?
For several hours we could offer a technical version
of what is happening:
Trojan was written in low-level language (say, C) and sent in the attachment of our employees through the mail. At the time of launch of the virus, it [the virus] creates copies of OS cookies that belong to your Google account and a) either sends these data to the remote host (probably hacked too, i.e. as it is now very common that the spammers and hacker break sites and hang out there mailing scripts on behalf of those sites sending spam). Next, on the host, this script creates an email with content like: "Hello, my name is Marina, I am 19 years old..
. ", etc. (this is an example), but in the letter (and it is HTML format) there is a small JS in a few lines. Its main task is to write a cookie. When they open the letter JS instantly run (no one to see, especially cool Casper, who is not able to perceive an entry in the cookie risk). This script writes in stolen session cookies.
Another issue on which we fought: why we received a letter? We realized that the first Trojan (the one on the low-level language is written) probably does mailing cookies in the address book. By the way. Person (client) whose account got to our employee mainly uses the phone for email (gmail). Probably on the phone were downloaded a malicious program (like the free games or any unneeded software).Conclusion:
after the fight kurkami not waving, of course, but! We want to give some tips to avoid such stories in the future. After all, who knows, maybe now someone is sitting in Your mail, and You do not even know it.
- After work - casloginview. It is better to simply store passwords in the browser (with a master password, IESNA, which will encrypt the password), than to keep open the session in a cookie)
- Use a good anti-virus software (including any mobile device). Now Kaspersky offers multidevice solutions. They are cheap, but work fine
- Do not download from unfamiliar Internet programs/games. Especially free
- Do not use "cracked" software
- Correctly adjust network screen. Do not give access to the network all in a row programs and processes
- Check email WITHOUT opening the email. Only the headers (like, say, gmail mail.ru etc.). When opening emails (when viewing) can activate viruses and scripts. If You work using programs like Outlook or Mail (Mac Os) you need to configure the program so that she did not open the letter by clicking on its title. And disable all JS and other scripts.