I received two emails from a friend with a hidden url link in, the body of which was "hello..friend.php?". I am trying to find out if they were malicious and what to do about it.
The link was set a font size 2 and did not appear when I opened the email. The first email I opened three times before deleting it. I think the second I was wise enough to delete it before opening (though I did look at the properties). I submitted the link via McAfee's 'submit a virus' process, in a password protected zip file of a text file. I have not had a response, and I am not sure if I will get one.
The link (changed so that it is not active) was of the form:
Actual html in first email
<font color='black' size='2' face='Arial, Helvetica, sans-serif'><font color="black" face="Arial, Helvetica, sans-serif" size="2"%[?[eight characters]=311&[nine characters]=59<br>
So the first link, in the email I opened three times was:
?[eight characters]=311&[nine characters]=59
And the link in the second email which I did not open was:
?[six characters]=737&[six characters]=97
Where [eight characters], etc., represents a string of seemingly random letters, and [ & ] have been used to stop the links from being active links on this discussion.
I emailed my friend from a new email, and he said that his AOL email had been hacked, and that AOL were assisting him.
My questions are:
Are these links malicious?
Has my computer been attacked or affected in any way? Am I now part of a botnet? Is there any way I can find out more, to ensure that my PC is secure? A full system scan after opening the first email showed no issues on McAfee scan results.
Is there a better forum to explore this further?
I would be grateful for any helpful comments.
Windows 7, 64 bit Ultimate, McAfee Total Protection (reinstalled 24 Aug 2012 on account of McAfee update issue, I think). My PC uses a static IP address, and sits behind a BT firewall router (2Wire Gateway BT 2700HGV) and a Cisco PIX 501 firewall.
Message was edited by: safeuser1 on 25/08/12 14:09:35 CDT
Message was edited by: safeuser1 on 25/08/12 14:10:18 CDT