×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Hupigon virus

Hupigon virus

Hupigon virus

(OP)
I'm assuming this may be something like the Hupigon virus.  User is with AOL and uses their on-line e-mail facility, rather than a client like OE etc.

He tells me his machine has not been used all day, and yet at 18:30 this evening I get, amongst several other addressees, and e-mail containing a link to a compromised website.

I guess his address book has been hijacked and forwarded to someone spoofing his AOL address.  I have strongly suggested that he doesn't use his PC until it's been scanned for malicious files etc.

Am I right in my assumptions about the hijacking and spoofing?

ROGER - G0AOZ.
 

RE: Hupigon virus

Sure sounds like it.  Either that, or perhaps he's using a somewhat common email address?  Or else one that's been posted in publicly accessible locations?

RE: Hupigon virus

(OP)
Thanks for that KJV.  I'm no expert in reading mail headers, but this one has differences to a known good one I received from him over a year ago.

It's the usual address form, e.g. username@aol.com and I doubt if he's deliberately posted it in any public locations.

ROGER - G0AOZ.
 

RE: Hupigon virus

It could have been the address book of someone other than the user that had the user's address in it that was hijacked.  I've seen it where an address book is hijacked and one of the contacts is used as the "sender" to send to everyone else in the address book.

Hope this helps.

Please help us help you.  Read Tek-Tips posting polices before posting.
Canadian members check out Tek-Tips in Canada for socializing, networking, and anything non-technical.

RE: Hupigon virus

(OP)
Yes, I agree it's possible for it to have been the address book of someone else.  However, three things make me believe it isn't.

1.  All the list of addressees on several e-mails that have been received are in HIS address book.

2.  His SENT BOX at AOL has just been mysteriously wiped clean of all messages.

3.  He had an infection on this same machine of the Hupigon virus at the turn of the year.  I disinfected it, zapped out all Restore Points etc., and up until last night everything was fine.

His machine is now on the bench here.  However, after multiple scans of his hard disk there is no sign of the Hupigon virus.  I did find the TR/Dropper.GEN trojan which is known to mess with e-mail I believe, although not sure if it does the same kind of thing as Hupigon.

So to my next questions...  Is it likely that the original spoofer has 'restarted' operations using his original address book some nine months after the first event.  Or is the TR/Dropper.GEN likely to be now doing this evil deed?

ROGER  -  G0AOZ.
 

RE: Hupigon virus

Does the user have an iPhone that he uses to access his e-mail with?

The reason I'm asking is that there is a similar situation posted in the e-mail issues forum.  The differences are that the items still appear in the sent items folder and are involve yahoo.com.

Hope this helps.

Please help us help you.  Read Tek-Tips posting polices before posting.
Canadian members check out Tek-Tips in Canada for socializing, networking, and anything non-technical.

RE: Hupigon virus

(OP)
Don't think he has an iPhone, but as you say, there are distinct similarities between this and Goom's posting.

B-B-B I'm thinking this is the more likely cause.  User is already dealing with the password issue.  Whilst the trojan dropper and and its subsequent debris has now been eliminated, I suspect in this case it was probably a red herring...

ROGER - G0AOZ.
 

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close