question for the computer wizzes...

cwiert · cwiert's Garage

A virus or something has been playing havoc on my wife's email account. Unknowingly, she is sending an email to EVERYONE in her email address book with a link to some product... like discounted viagra from overseas, for example. The subject line is usually a women's name, most recently, "Karin Sieberg".

It's just embarrassing for her and I don't know how to stop it from happening.

I'm extra annoyed because I just bought the full version of Malwarebytes Anit-Malware a few months ago and this is still happening.

If anyone has any idea how or why this is happening, or better yet, how to stop it, i'd sure appreciate it.

Thanks,
John

stomachmonkey · 03-11-2010, 05:22 AM

Unless you are running your own mail server her email is not being "sent" directly by her.

Mail is transferred from the local machine to the server that does the actual sending.

Who is the email provider? If there is a virus affecting her account it would would most likely be affecting a good number of users on the same server and they should be aware of it already..

1st thing is obviously to change her password. Many ISP's require user/pass for sendmail/SMTP to work. The user/pass is normally stored and passed without you knowing it so changing it shuts out anyone that may have gained access to it.

If it's got her entire address book it's more likely that she signed up for one of the less reputable social network sites. They encourage new members to "add all their friends to make them easier to find". It grants access to her address book and will send out invites as if they are coming from her. Same info can be sold/used as a spam list.

Spammers also spoof the from address. Meaning the mail says it's coming from her but it really is not.

I get spam from "myself" all the time. I especially like the ones telling me that the system administrators (which is me) are performing maintenance and click here to authenticate your new settings.

Unfortunately it sounds likely that her address book has been compromised and really there is not much that can be done to prevent it at this point.

Christien · Christien's Garage

I also get spam from myself all the time. Usually it's from an old email address that I deactivated a couple years ago, because I was receiving so much spam on it (up to 100 a day!). The name and address have been "stolen" and used as the return address on spam emails. So it doesn't necessarily mean your wife's address book or email software has been compromised. Not much she can do about it now, except change her name on her outgoing emails, so that the stolen one can be blocked by her friends. For example, if her name was Catherine, change the "from" field to Cathy or something.

cwiert · cwiert's Garage

ugh... we'll that's kinda discouraging. thanks for the reply, though.

yeah, i forgot to mention, it's a yahoo mail account. Never had the problem until recently. It's weird. I've gotten the email from "her" with a link to some viagra page, or male enhancement pill page and the name and address on the email is hers. I can even replay to the email and my wife will get it. In fact, many people from her address book have replied to her saying "WTF" or "you trying to tell me something?"

I didn't think about Facebook. She's on there. Maybe that site somehow got access to the address book and sold it to some spammers.

So first thing is to change the password and then maybe change her name to a nickname or something. Other than that, not much I can do, huh?

So this doesn't sound like a computer virus? More likely a hijacked email and password?

Christien · Christien's Garage

Changing the password won't likely have any effect. If she changes her nickname, it might help it get past her friends' spam filters, but likely she'll have to get a new address.

cwiert · cwiert's Garage

it's weird. if you go into her yahoo "Sent" folder... you can actually see all the 100 or so messages (to the 100 or so peeps in her address book) that were sent out. F'n DB spammers!

stomachmonkey · 03-11-2010, 06:27 AM

Changing the password will prevent her account from being used by someone else. But it's highly unlikely that they are using her actual account.

Yahoo will see the high traffic that spamming generates and would just shut down her account.

But if her list is already compromised nothing will stop it.

Facebook themselves are not a problem. It's some of the things that you get "invited" to join. Some of them will ask for access to her Facebook contact list and that's how they get her friends email addresses.

stomachmonkey · 03-11-2010, 06:28 AM

Quote:

Originally Posted by cweirt

It's weird. if you go into her yahoo "Sent" folder... you can actually see all the 100 or so messages (to the 100 or so peeps in her address book) that were sent out. F'n DB spammers!

Change her password.

At least 8 characters, use a combo of numbers and letters.

Neilk · 03-11-2010, 07:45 AM

Quote:

Originally Posted by stomachmonkey

Change her password.

At least 8 characters, use a combo of numbers and letters.

If you see outgoing e-mails from her account, definitely change her e-mail password with something harder to decipher. Monitor her outgoing e-mails for the next day. If you still see spam leaving her account, I would consider changing her password on another PC and not logging in her PC for a few days to see if any spam has left her account. It's possible that her PC has been compromised with a key logger.

cwiert · cwiert's Garage

ok... thanks. i changed her password, on another PC.
When I did, yahoo said that she had previously authorized the following sites to access her account... Facebook, Flickr and LinkedIn. I de-authorized all those sites and will wait to see if that solves the problem.
Thanks all for the help.

911pcars · 03-11-2010, 10:05 AM

While I have you computer types are here, can you discuss some strategies to prevent junk spam from automatically populating a vBulletin forum? Anyone know how Wayne keeps them out? I hardly seen any here as opposed to a forum run by a non-profit group I work with. Ring tones anyone?

Sherwood

stomachmonkey · 10:32 AM

Aggressive captcha on registration with emailed link verification.

We do get them here as well but the community generally spots and reports them by the 3rd post so unless you're on here 24/7 you never see them.

You could require X number of posts that are moderated before a user can post without moderation. Makes too much work for the manual spammer to make it worthwhile, but, more work for the board operators as well.

I have a board related to one of our products. Nothing but 10-13 year old girls. In addition to all the other COPPA stuff we moderate each and every post. Any attempts at asking for or posting personally identifiable info is dealt with severely.

911pcars · 03-11-2010, 12:52 PM

Thanks. Will look into that.

S

WolfeMacleod · 03-11-2010, 12:59 PM

Quote:

Originally Posted by stomachmonkey

Unless you are running your own mail server her email is not being "sent" directly by her.

Mail is transferred from the local machine to the server that does the actual sending.

.

There are lots of viruses that install thier own mini mail servers and send out mail by themselves. Spammers control these remotely...

OP, if a program like Outlook is being used instead of web-based email, PM me the headers and body of one of these emails.
I used to make it a hobby to track down spammers daily.

Check otu the Anti-spam forums at DSL · Cable · VOIP · Security · Satellite · Fiber · News · Tips · Reviews · Community · Tools - dslreports.com
Also, check The Spamhaus Project