My hotmail account was hijacked for nearly two days by a scammer in West Africa. He was able get into my ebay account by resetting my password using my zipcode and phone number (which he must have found in one of the many amazon, overstock, and newegg order confirmation emails I hadn't deleted). Then he went on a bidding spree and sent the following email to all the sellers whose auctions he won:
I have solemnly committed to buy your item but i reside in the United State and I will like to purchase this(Samsung D900 phone(250214147847) for my friend as a gift and i will like you to help me post these lovely item to my friend. He works with British America Tobacco there in West Africa due to my workload, I might not be able to be checking my mails often. So I will be offering you the sum of **(£ 100)** for the item and postage cost as i will prefer shipment Via ***ROYAL MAIL ***.Hope the package will get to him in good condition..What is the present condition of this item and does it comes in it's original box?. I will be paying you for the item via Bank Transfer or Bank postal money order due to the fact that i presently have some problem with my pay pal account, so get back to me with your full Bank details and address of the bank or your full name and address.
There were a half dozen of these in my sent folder. No one fell for it, well one did, but I got my account back before he sent his bank details etc.
I'm wondering how my hotmail account was compromised. I guess my password could have been bruteforced, but there are safe measures to prevent that. Two theories popped into my mind. 1. Some customer service person at one of the companies I deal with was able to lookup my password and guess it from there (I had been using essentially the same password just with different underscore placements for each website). 2. I picked up a rootkit/keylogger from myspace. Malware has been blocked by Nod32 while browsing that site in the past, something may have finally gotten by.
I did a virus scan after I got my account back and Nod32 found nothing. Just in case I restored my C: drive with Xpress Recovery 2, then downloaded every virus scanner and rootkit detector I could and they all came up empty. Hijack this only brought up two entries, both were legit Nod32 files.
I'd like to be thorough here, without having to zero my hard drive. I keep reading how the only way to know for sure if you've got a rootkit is to scan the infected system with an uninfected system, but I'm not clear how to do that. I was going to install Bart Pe on a thumbdrive, but how would I use it to scan my system? I can't install Nod32 on it. If I boot from a thumdrive, am I able to run the nod32 that's installed on my C: drive? Would this be effective?