Spyware, Viruses, & Security forum

General discussion

Help, Email sending out spam without me knowing.

by Yamma69 / October 8, 2010 10:48 PM PDT

Hey, I need some help with this problem.

I don't know too much about computers, but I've picked up something which is sending out spam from my account to all my contacts.

I've run full scan's using Windows Defender and Avast, without success. Any idea how to rectify this?

Here's an example of what I'm sending:


From: (my email)
Subject: (contact's emails)
Date: Sat, 9 Oct 2010 10:33:37 +1030


www.iis-ferraris.it/mas6.html


--------
That is all the email contains, that one link.

I've changed my password but I think it's still sending, help asap will be appreciated Happy

Note: This post was edited by forum moderator to disable potentially dangerous link on 10/09/2010 on 8:24 AM PT

Post a reply
Discussion is locked
You are posting a reply to: Help, Email sending out spam without me knowing.
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Help, Email sending out spam without me knowing.
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
edit
by Yamma69 / October 8, 2010 10:57 PM PDT

I realise I worded that last part poorly, the links I've been sending vary, but always end with /mas6.html.

Collapse -
Try scanning the computer using...
by Donna Buenaventura / October 9, 2010 2:41 AM PDT
Collapse -
sending emails to all my yahoo contacts
by goodguy1234ass / October 9, 2010 10:26 AM PDT

Not sure hacked or virus or trojan. Symptoms are exactly same as the original posters.
Emails sent to all of my Yahoo address book contacts. Each email had about 9 email addresses from my address book in the To: field. The Subject was empty and the Body contained only URL link. Different URL's in each email but with same pattern. Something like:
http://DOMAIN.it/und9.html
DOMAIN - different domain names with no 'www.' as prefix. The '.it/und9.html' part was same in all emails.

My yahoo account is set up to save a copy of 'Sent' mail in Sent folder. I checked my 'Sent' folder and found it empty. Meaning virus probably emptied 'Sent' folder.
There are few bounced back emails in my Inbox. From these emails I guessed that the virus sent spam link to all of my contacts. Some of the emails in my address book are no longer valid as friends changed companies or removed accounts etc. So the emails sent to these were bounced back to me.

I haven't used this particular account recently.
I have run Avira Antivir, Malwarebytes, S&D, Superantispyware they all came negative.

I have now changed password.
Exported Contacts to a file on computer and removed all contacts from yahoo address book.

Just google 'und9.html' and you will find spam posted in blogs/mailing-lists/groups etc.

Collapse -
? To Both To Clear Confusion....
by tobeach / October 9, 2010 3:19 PM PDT

Are you saying spam is sent from Yahoo Mail (internet mail) only? OR
Does your ISP route your ISP mail thru Yahoo! ?

In the first case your Yahoo mail account may be infected WITHOUT your computer itself being infected.

In second case (Both ISP & Yahoo! Mail) your computer itself is likely infected.
I use ISP Rogers Cable which got rid of it's own mail server and sold us off to
Yahoo's mail server (to save costs/increase profit) and it's now very confusing & hard to be sure where the problem lies as ALL mail to contacts show as coming from Yahoo mail server!

Likely best way to tell is are ONLY contacts listed in net mail getting spammed, Not ones listed in your ISP address book that are NOT listed in net mail address book?

All of the "net" mails (Yahoo/Google/MSHotmail/Live mail) have been suffering from various account hijacks in recent months. Thanks for clarifying if you can! Happy

Collapse -
snippet of email header, from IP address probably forged
by goodguy1234ass / October 9, 2010 3:52 PM PDT

From email headers I checked the From: IP addresses in couple of spam emails. One points to IP address in Slovenia and another points to Mexico. I'm in Canada.

Check the IP 89.143.176.238 and 201.164.93.152

snippet 1:
....
Received: from [89.143.176.238] by web112604.mail.gq1.yahoo.com via HTTP; Thu, 07 Oct 2010 12:06:44 PDT
X-Mailer: YahooMailClassic/11.4.9 YahooMailWebService/0.8.106.282862
Date: Thu, 7 Oct 2010 12:06:44 -0700 (PDT)
From: [my-email-id]@yahoo.com
Reply-To: [my-email-id]@yahoo.com
To: [my-email-id]@yahoo.com, [friend 1]@yahoo.com, [friend 2]@yahoo.com,.....[9 email addresses from my yahoo email contacts.]
....


Snippet 2:
....
Received: from [201.164.93.152] by web112612.mail.gq1.yahoo.com via HTTP; Wed, 06 Oct 2010 22:41:29 PDT
X-Mailer: YahooMailClassic/11.4.9 YahooMailWebService/0.8.106.282862
Date: Wed, 6 Oct 2010 22:41:29 -0700 (PDT)
From: [my-email-id]@yahoo.com
Reply-To: [my-email-id]@yahoo.com
To: [friend 1]@yahoo.com, [my-email-id]@yahoo.com, [friend 2]@yahoo.com,....9 email addresses
....
I don't use ISP mail account..don't even remember if I did set one. I use web only email accounts ( yahoo, hotmail, gmail, ..). I haven't tried signing into other accounts as I first want to get this resolved.

Collapse -
Thanks For Posting Info
by tobeach / October 10, 2010 4:11 PM PDT

Pretty clear that the problem lies with Web (net) mail only, especially if scanners found nothing to report...they're all good ones.

Possibility exists for cross contamination from Yahoo to any other web mail address's you have listed in Yahoo book (GMAil/Hotmail etc.) Follow Donna's advice & re secure those if any exist.

I would also be extra careful of downloading mail for a few weeks & follow "Best Practices" involving sending un-opened mail to a "Mail Folder" (create on Desktop)
which you can right click scan w / anti-malware before opening any of the contents. A pain I know but, particularly now, better safe than sorry! Good Luck! Happy

Collapse -
Reply
by Yamma69 / October 10, 2010 1:39 PM PDT

I'm fairly certain that the spam is only sent through my Hotmail account.

I rescanned my computer with Malwarebytes Anti-Malware, and then changed my password again. The problem has ceased for a day, but I'm a little bit apprehensive on whether it was a result of my computer being infected, or just my account.

Thanks for all the help so far Happy

Collapse -
Did Malwarebytes found/remove any infection?
by Donna Buenaventura / October 10, 2010 1:55 PM PDT
In reply to: Reply

Hi again,

If MBAM and other scanner found infection and was removed, that is likely the cause.
If no infection is detected and the problem ceased after you changed the password, then it is likely a compromised account. I suggest changing also the security question for your email accounts in Hotmail or Yahoo, if you have both or any.

Collapse -
Also affects Hotmail/OutlookConnector account
by BKStrelioff / October 11, 2010 9:01 PM PDT

I have been seeing this since Thursday, Oct 07 from one of my Hotmail accounts. I have changed the password, but so far no security software has been able to detect the issue. I did find a copy of the Java torjan OpenStream.AK, but even after that was removed the spam (in my case ...und9.html) appears to have continued.

Interestingly, some of these emails appear to be dated as sent while my system was completely powered off. Also not all of the domains were *.it, some were *.org or other countries.

Collapse -
Security: Web Mail Password Hacked: Contacts Spammed
by denkile / October 12, 2010 9:22 AM PDT

My webmail was hacked (password discovered) in August
and used to send porno spam to all my contacts.
(Whoever did it was nice and did not change my password
but did change my screen name and picture.)
This happened while my computers were completely
disconnected for a month of redecorating.
Zone alarm logs and scans before and after
showed no intrisions...likely server hacked.
I was able to login and change my password.
It was a weak, single word password.
A month before, hotmail required a friend to change
to a stronger password and add a secret question.
I have had a daily Google Allert for "hotmail hacked"
and it seems this subject has been sanitized.
See: Computerworld: Microsoft sounds alert on massive Web bug: ASP.Net
?www.computerworld.com/s/article/???_Web_bug

Popular Forums
icon
Computer Help 47,885 discussions
icon
Computer Newbies 10,322 discussions
icon
iPhones, iPods, & iPads 3,188 discussions
icon
Security 30,333 discussions
icon
TVs & Home Theaters 20,177 discussions
icon
HDTV Picture Setting 1,932 discussions
icon
Phones 15,713 discussions
icon
Windows 7 6,210 discussions
icon
Networking & Wireless 14,510 discussions

Tech for the school year

Smart tech for smart students

Forget the pencils and notebooks. Gear up your students with these portable and powerful note-taking machines.