cancel
Showing results for 
Search instead for 
Did you mean: 

hello..friend.php - is this malicious?

Jump to solution

I received two emails from a friend with a hidden url link in, the body of which was "hello..friend.php?".  I am trying to find out if they were malicious and what to do about it.

The link was set a font size 2 and did not appear when I opened the email.  The first email I opened three times before deleting it.  I think the second I was wise enough to delete it before opening (though I did look at the properties).  I submitted the link via McAfee's 'submit a virus' process, in a password protected zip file of a text file.  I have not had a response, and I am not sure if I will get one.

The link (changed so that it is not active) was of the form:

Actual html in first email

<font color='black' size='2' face='Arial, Helvetica, sans-serif'><font color="black" face="Arial, Helvetica, sans-serif" size="2"%[http:]//gino-arte.net/hello..friend.php?[eight characters]=311&[nine characters]=59<br>

</font></font>

So the first link, in the email I opened three times was:

[http:]//gino-arte.net/hello..friend.php?[eight characters]=311&[nine characters]=59

And the link in the second email which I did not open was:

[http:]//chloromax.in/hello..friend.php?[six characters]=737&[six characters]=97

Where [eight characters], etc., represents a string of seemingly random letters, and [ & ] have been used to stop the links from being active links on this discussion.

I emailed my friend from a new email, and he said that his AOL email had been hacked, and that AOL were assisting him.

My questions are:

Are these links malicious?

Has my computer been attacked or affected in any way?  Am I now part of a botnet?  Is there any way I can find out more, to ensure that my PC is secure?  A full system scan after opening the first email showed no issues on McAfee scan results.

Is there a better forum to explore this further?

I would be grateful for any helpful comments.

Windows 7, 64 bit Ultimate, McAfee Total Protection (reinstalled 24 Aug 2012 on account of McAfee update issue, I think).  My PC uses a static IP address, and sits behind a BT firewall router (2Wire Gateway BT 2700HGV) and a Cisco PIX 501 firewall.

Message was edited by: safeuser1 on 25/08/12 14:09:35 CDT

Message was edited by: safeuser1 on 25/08/12 14:10:18 CDT
1 Solution

Accepted Solutions
exbrit
Level 21
Report Inappropriate Content
Message 2 of 5

Re: hello..friend.php - is this malicious?

Jump to solution

I think you can at least safely assume that they are unfriendly if not malicious.  I'm not about to go there to find out.  

Obviously some malware has taken hold of either your friends machine or someone on his mailing list perhaps and is sending out spoof emails.

I doubt you've been infected but run Stinger and Malwarebytes Free which you'll find in the last link in my signature just in case.

4 Replies
exbrit
Level 21
Report Inappropriate Content
Message 2 of 5

Re: hello..friend.php - is this malicious?

Jump to solution

I think you can at least safely assume that they are unfriendly if not malicious.  I'm not about to go there to find out.  

Obviously some malware has taken hold of either your friends machine or someone on his mailing list perhaps and is sending out spoof emails.

I doubt you've been infected but run Stinger and Malwarebytes Free which you'll find in the last link in my signature just in case.

Hayton
Level 18
Report Inappropriate Content
Message 3 of 5

Re: hello..friend.php - is this malicious?

Jump to solution

Re: hello..friend.php - is this malicious?

Jump to solution

Thank you very much for your comment; the link to the Anti-Spyware/Malware and Hijacker Tools which I am sure I will use again.

Your reply is the most useful one I have ever had from a forum, and I have posted on a few.

I am also very grateful for Hayton's comment.

exbrit
Level 21
Report Inappropriate Content
Message 5 of 5

Re: hello..friend.php - is this malicious?

Jump to solution

You're welcome and good luck ;-)