Wireless Hotspot compromised

[kelvinmc]

Hi all
While on holiday in Turkey I used a local bar's wireless hotspot, on returning home I noticed that an email had been sent from my BT Yahoo email account to everyone in my address book. I know it was sent from my account because it is in my sent items. The email has the subject of "More Happines" and the email is below. No more emails like this were sent before or after while using this hotspot
hi friend
i introduced a good friend to you
they sell thousands of new original electrical products
such as phones computers tvs ....
<ele2006.net>
hope you like it , and make friends with them too
regards

I have checked my laptop for viruses and use Microsoft Security Essentials and also scanned my laptop with Malwarebytes.

I would like to know how they did this and how I can prevent them doing it again as I will need to use the same hotspot in the future
Regards Kelvin

[Medico]

Having a S/W firewall with inbound and outbound protection enabled might stop your PC from sending Spam to your contacts. I use the Online Armor++ S/W firewall. Keeping everything updated and booting to safe mode without networking to find the nasties may help. I believe some of these nasties actually corrupt the security apps, so having a clean copy of Malwarebytes, etc, on a flash drive may help to clean your PC.

Once cleaned, create Images and recreate new Images when changes are made to your system will help to restore to a clean system if you do get infected again.

I like the multilayer approach to security. I have to admit, I have never used any hotspots outside the US, so unsure what you might have experience. My security includes:

All apps and OS kept up to date with updates

MSE running in real time (remember no AV/AM app can catch everything, esp. new threats)

S/W Firewall as indicated above.

H/W firewall on my router (this will probably be unavailable in your environment, but who knows)

I always clean all web surfing history and cookies upon exit, and regularly use CCleaner to clear temp. stuff.

I use Last Pass to store passwords, auto fill stuff, etc. so I do not have to type passwords.

I hope this helps you. Good luck.

[ruirib]

It's likely that they simply caught your server and authentication info since it is sent over the wireless network in an unencrypted way. One way to prevent it, if that is the case, would simply be to change your login details to the account, making sure you use a hard to guess password and checking that, if there are mechanisms for you to recover access to the account, such as an alternate email address, that they keep the data you originally set. Also, if you have stuff like security questions and such, better change them too.

Accessing wireless networks in such unsafe surroundings is always risky. Using a VPN, which uses encryption, is always recommended when using a non trusted wireless network. There are (paid) services that allow you to use a VPN, which may be worthwhile if you expect to be using your laptop in similar circumstances.

[Tinto Tech]

I agree with ruirib.

BT Yahoo is a Webmail service, so it is highly likely your login credentials were sniffed off the public access WiFi.

If you haven't done so already, change your BT Yahoo login password. Then consider if you use the same password on any other sites. Re-use of the same compromised password could lead to further a break-in to other accounts.

Specifically, if you use the same password for online banking, Paypal, eBay etc, take immediate steps to verify your accounts are untouched and secure.

Then change the password on any other accounts that used the same pasword and consider the use of random password generators.

If you absolutely must use the same WiFi access point in future, use a VPN as ruirib suggests. To be honest I would avoid that access point like the plague - next time, they may mount a much more aggressive attack on your machine rather than simply sniff the data over the air.

[jscher2000]

Your account was used only while you were at the hotspot?

Some sites cloak your login using SSL, but then have you continue to use the site without SSL. Because the rest of your session is not secured, a third party in the range of the hotspot can impersonate you in your active session even without knowing your true password simply by mimicking your session credentials. Apparently this is not rocket science: remember the furor over the "Firesheep" add-on?

Many sites allow you to force your entire session to SSL; look for that option. If Yahoo mail doesn't have that option, first, complain, and second, look for one of the add-ons that forces SSL.

More info: Cloak your connection to foil Firesheep snoopers.

[kelvinmc]

Thanks Guys Yahoo mail does not seem to have an SSL option so I guess my only option is to look at VPN, has anyone got links that will help me but in simple terms and also a service that is cheap or pay-as-you go as I would only need it 4 times a year, also are there risks in using an iPad in this sort of situation

[jscher2000]

Thanks Guys Yahoo mail does not seem to have an SSL option so I guess my only option is to look at VPN

Recent thread on that: Best VPN Service?

Edit: By the way, someone has said if you just add an s after http (i.e., https://) then Yahoo will stay in a secure session. (how do I force HTTPS: with yahoo mail) Haven't tried it myself.

Edit #2: Okay, tested that, and it works but the certificate isn't valid for the server name I'm using, so perhaps that's why Yahoo doesn't do it automatically.