Results 1 to 5 of 5

Thread: Thunderbird virus /hack ?

  1. #1

    Default Thunderbird virus /hack ?

    Hi there,

    Strange thing happened few minutes ago.
    I was surfing Internet and suddenly a thunderbird write window appeared. See the picture attached.
    I immediately disconnected my modem, removing the wire from the connector. I took the picture and closed the window. This was a thunderbird window, I opened the thunderbird Menu>Help>about to get the version.
    In the from address, was my email address, to was georgemalley@gmail.com
    Subject: Send Me Backdoor Link for Immediate Access with NO Account Needed
    The text about access to porn site.

    Then I tried to find this georgemalley in my address book or email but there is no such name.
    Then I switched off the modem, waited few minutes and on again, hoping I have a new IP address.

    I found that georgemalley is on some web pages
    [[[ Removed two URLs ]]]

    How this can happen? Do I have a virus? Hack?
    Any explanation and advice welcome.
    I am worried and need to understand and solution to avoid that.

    Many thanks
    Last edited by hcvv; 21-May-2018 at 11:45. Reason: Removed URLs, no ads allowed, even in this case.

  2. #2
    Join Date
    Sep 2008
    Posts
    2,997

    Default Re: Thunderbird virus /hack ?

    sounds like some javascript initiated the mailto: protocol which in turn started your default mail client
    the best solution would be to use an ad blocker like ublock-origin a better solution would be uMatrix see this howto about hardening firefox
    https://vikingvpn.com/cybersecurity-...y-and-security

  3. #3

    Default Re: Thunderbird virus /hack ?

    Thank you

    I use uBlock Origin, maybe I need to tweak the setting with the advices in your link. I'll read it carefully.

    Can I know what site started this javascript? Could the script be more dangerous?
    one of the sites you wore browsing
    Last edited by I_A; 21-May-2018 at 14:21. Reason: accidental no editing has been done

  4. #4
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    12,630
    Blog Entries
    3

    Default Re: Thunderbird virus /hack ?

    Quote Originally Posted by MrNice View Post
    Can I know what site started this javascript?
    You could try looking through browser history. But the chances are that it will be very difficult to find.

    By the way, I do agree with the assessment of I_A. That's the most likely explanation.

    Could the script be more dangerous?
    If you are logged in as an ordinary user, then it is hard for such an attack to damage the system. It could easily damage your own files (which is why backups are important).

    Often these nefarious scripts are attached to advertisements.
    openSUSE Leap 15.1; KDE Plasma 5;
    testing Leap 15.2Alpha

  5. #5
    Join Date
    Sep 2008
    Posts
    2,997

    Default Re: Thunderbird virus /hack ?

    Quote Originally Posted by MrNice View Post
    Thank you

    I use uBlock Origin, maybe I need to tweak the setting with the advices in your link. I'll read it carefully.

    Can I know what site started this javascript? Could the script be more dangerous?
    one of the sites you wore browsing
    it might not have been a javascript it could have been a php script here's a page with some more info
    https://resources.infosecinstitute.com/email-injection/

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •