Hacked Email Accounts, Java Exploits, and What to Do About It

Apr 15, 2013   //   by Jeana Cherland   //   Our Blog

At least once a week, our staff has the unpleasant task of calling a customer and letting them know that their email account has been hacked.  It’s a messy affair.  It means that we have to change the password to their account and effectively lock them out of it until they can find out how their password got into the hands of “the bad guys” and fix it.  Years ago, hackers guessed passwords by trying to login to an account with a random password generator until they could crack the password.  While that is still attempted, it isn’t usually the cause these days.  Our servers have special protections in place that block traffic from an IP address after multiple bad password attempts.  Today, hacked accounts are logged into with one try…  because the bad guys already know your password.

I Don’t Care if They Read My Email… What’s the Big Deal?

We get asked that question a lot.  Unfortunately, when hackers get into your email account, they aren’t there to read your email.  They use your account to send out tens of thousands of pieces of spam (junk mail).  When that happens, your legitimate email account, our legitimate email server, and our thousands of other legitimate email customers on that server get black listed by the rest of the internet for spamming.  No one on our mail server will be able to send email to anyone else on the internet.  Our staff then gets to spend days cleaning up the mess and begging blacklists to remove us and allow us to resume delivery of email.

While we have been lucky enough to catch most accounts before it gets that far, it doesn’t mean that it won’t happen in the future.  We are in a constant state of war.  They find a better weapon, we find a way to defeat it, they go find another weapon.

How They Get Your Password

There are a lot of ways that hackers can get your passwords.  In this article, we will discuss the most common method we have been seeing: the Java exploit.  For those of you that aren’t familiar, Java is a software programming language that is platform independent.  That means I can write a program in Java and run it on just about any operating system (Windows, Mac, Linux, Android, etc.).  It’s a great idea in theory!  It saves programmers from countless hours of re-programming for each OS and it has become very popular.  In fact, every app that runs on your Android phone is written in Java.  But like everything else in this world, Java’s popularity has also made it a target.  Hackers have recognized that they can affect many more systems by attacking it.

How are they accomplishing this?  Unfortunately, Java does one other thing that is particularly vulnerable.  It is often installed as a plugin in your browser.  That plugin allows web developers to write something called a Java Applet; a mini program that will run on a webpage and has the capability to interact with your computer’s operating system.  While many Java Applets out there do wonderful things, they are also the very thing that hackers are using to get into your computer.

Here’s how it works:  Hackers plant a virus in an applet on a web page.  You visit that webpage and the applet actually installs the virus on your computer.  The virus opens a “back door” into your machine that circumvents your anti-virus and firewall programs and announces itself to the hackers that created it.  After that, the bad guys are in.  They can see all of your files, read any information you have on the machine, and often times install “key loggers” that log everything you type.  The first time you log into your email account or online banking or any other online account, they have your usernames and passwords and can start using them.  Just imagine how much fun they could have on Amazon with your saved credit card numbers!  And don’t forget, if you’ve bought anything online and typed in your credit card number, they now have that too.

How to Protect Your Computer

The first impulse for users is to completely remove Java from their computer.  That is certainly a preventative step, but it may also stop you from using certain software that you use everyday on your computer.  Several very popular programs run on and depend on Java, such as Open Office or the very popular game, Minecraft.  Since the real culprit is the browser plugin, you can opt to simply disable it.  That has become easier to do recently, and we will give you the steps below.  Equally as important as disabling the plugins, always keep your software up to date!  Software companies are constantly writing fixes to stop hackers from using vulnerable spots in their code.  Keeping Java (and any software you use) up to date will keep you safe from exploits that hackers are actively using.  That just makes good sense.

How to Disable the Java Plugins in All Your Browsers

In February 2013, Oracle released a new Java version, Update 10, that includes a one-stop option for disabling Java in all browsers, via the Java Control Panel. Here are the steps:

1.) Open the Windows Control Panel by Clicking on Start > Control Panel.
Open the Windows Control Panel

2.) Click the item labeled Java.  If you don’t see it, switch to Classic View (in XP) or large icons (in Vista or Windows 7).
Open-Java-Panel

Control-Panel

3.) Click the Security tab.  Uncheck the checkbox titled “Enable Java content in the browser.”
Disable-Java-in-Browser

4.) Click OK, and you’re done.

If your version of Java doesn’t have this checkbox, update the software first by clicking on the Update tab and following the instructions. (The update tab isn’t visible in our screenshots, but should be visible for you when you open the Java control panel.)

What if I’ve Already Been Hacked?

If you find out that a virus is on your computer, please call us right away to have your account password changed at (605) 886-4806.  Don’t use the new password to access your email from your computer until after the virus has been cleaned up.  And, of course, if you have any other accounts that you have been accessing or credit cards you’ve used while the computer was infected, you may want to have those changed as well.

The latest batch of java exploits that we have seen are incredibly advanced and clever.  Experts say they were engineered by someone with a great deal of understanding about how anti-virus software works, because they are able to install without detection.  It’s not until we see an unusually high volume of email being sent from a customer’s email account that we have any clue there is a problem.  Many times when we ask customers to scan their computer, they don’t find the virus at all the first time.

On Windows machines, we’ve had the most luck using Microsoft Security Essentials and running a “Full Scan”.  You have to make sure that the virus definitions are up to date (just click the Update tab and then the large “Update” button to download the latest definitions)  and make sure you select “Full Scan”, not “Quick Scan”.  The Quick Scan doesn’t scan the locations that these viruses like to hide in.  If you don’t have Microsoft Security Essentials, go out and download it!  It’s a free product and because it is designed by Microsoft to run on windows, it is very light and won’t bog down your computer.  *Additional Tip:  When you install Microsoft Security Essentials, click on the Settings tab and setup a scheduled time once a week to run a FULL SCAN.  We recommend running it overnight, as the full scan will take several hours.

If you can’t find the virus yourself, get help from a professional!  There are several companies in Watertown that we highly recommend.  You will find their information below.  Tell them that Identifex sent you!

Download Microsoft Security Essentials here:
http://www.microsoft.com/en-us/download/details.aspx?id=5201

Computer Repair Shops We Recommend

A-I Computer Solutions
1337 9th Ave SE
Watertown, SD 57201
(605) 753-1337
http://www.a-ics.com/

Computer Dan’s
3 South Broadway
Watertown, SD 57201
(605) 886-4077
http://www.computerdans.com/

Connecting Point Computer Center
504 Jenson Ave SE
Watertown, SD 57201
(605) 882-1555
http://www.connectingpoint.biz/

Contact Us

Identifex, LTD
P.O. Box 44
Watertown, SD 57201

Phone: 605.886.4806

NOTICE TO ALL CUSTOMERS:
08/01/2015
Effective August 1st, 2015, Idenfiex will be closing our doors. We would like to thank all of our dedicated customers over the years. Our web and e-mail hosting services have been transferred to Kevin Harrington with Kevys.net Hosting. Please direct all future inquires to (605) 956-3900.