4 Replies Latest reply on Sep 2, 2012 10:27 AM by exbrit

    hello..friend.php - is this malicious?

      I received two emails from a friend with a hidden url link in, the body of which was "hello..friend.php?".  I am trying to find out if they were malicious and what to do about it.


      The link was set a font size 2 and did not appear when I opened the email.  The first email I opened three times before deleting it.  I think the second I was wise enough to delete it before opening (though I did look at the properties).  I submitted the link via McAfee's 'submit a virus' process, in a password protected zip file of a text file.  I have not had a response, and I am not sure if I will get one.


      The link (changed so that it is not active) was of the form:


      Actual html in first email

      <font color='black' size='2' face='Arial, Helvetica, sans-serif'><font color="black" face="Arial, Helvetica, sans-serif" size="2"%[http:]//gino-arte.net/hello..friend.php?[eight characters]=311&[nine characters]=59<br>



      So the first link, in the email I opened three times was:

      [http:]//gino-arte.net/hello..friend.php?[eight characters]=311&[nine characters]=59


      And the link in the second email which I did not open was:

      [http:]//chloromax.in/hello..friend.php?[six characters]=737&[six characters]=97


      Where [eight characters], etc., represents a string of seemingly random letters, and [ & ] have been used to stop the links from being active links on this discussion.


      I emailed my friend from a new email, and he said that his AOL email had been hacked, and that AOL were assisting him.


      My questions are:

      Are these links malicious?

      Has my computer been attacked or affected in any way?  Am I now part of a botnet?  Is there any way I can find out more, to ensure that my PC is secure?  A full system scan after opening the first email showed no issues on McAfee scan results.

      Is there a better forum to explore this further?


      I would be grateful for any helpful comments.


      Windows 7, 64 bit Ultimate, McAfee Total Protection (reinstalled 24 Aug 2012 on account of McAfee update issue, I think).  My PC uses a static IP address, and sits behind a BT firewall router (2Wire Gateway BT 2700HGV) and a Cisco PIX 501 firewall.


      Message was edited by: safeuser1 on 25/08/12 14:09:35 CDT


      Message was edited by: safeuser1 on 25/08/12 14:10:18 CDT