General discussion

Help, Email sending out spam without me knowing.

Hey, I need some help with this problem.

I don't know too much about computers, but I've picked up something which is sending out spam from my account to all my contacts.

I've run full scan's using Windows Defender and Avast, without success. Any idea how to rectify this?

Here's an example of what I'm sending:


From: (my email)
Subject: (contact's emails)
Date: Sat, 9 Oct 2010 10:33:37 +1030


www.iis-ferraris.it/mas6.html


--------
That is all the email contains, that one link.

I've changed my password but I think it's still sending, help asap will be appreciated Happy

Note: This post was edited by forum moderator to disable potentially dangerous link on 10/09/2010 on 8:24 AM PT

Discussion is locked

Follow
Reply to: Help, Email sending out spam without me knowing.
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: Help, Email sending out spam without me knowing.
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Comments
- Collapse -
edit

I realise I worded that last part poorly, the links I've been sending vary, but always end with /mas6.html.

- Collapse -
Try scanning the computer using...
- Collapse -
sending emails to all my yahoo contacts

Not sure hacked or virus or trojan. Symptoms are exactly same as the original posters.
Emails sent to all of my Yahoo address book contacts. Each email had about 9 email addresses from my address book in the To: field. The Subject was empty and the Body contained only URL link. Different URL's in each email but with same pattern. Something like:
http://DOMAIN.it/und9.html
DOMAIN - different domain names with no 'www.' as prefix. The '.it/und9.html' part was same in all emails.

My yahoo account is set up to save a copy of 'Sent' mail in Sent folder. I checked my 'Sent' folder and found it empty. Meaning virus probably emptied 'Sent' folder.
There are few bounced back emails in my Inbox. From these emails I guessed that the virus sent spam link to all of my contacts. Some of the emails in my address book are no longer valid as friends changed companies or removed accounts etc. So the emails sent to these were bounced back to me.

I haven't used this particular account recently.
I have run Avira Antivir, Malwarebytes, S&D, Superantispyware they all came negative.

I have now changed password.
Exported Contacts to a file on computer and removed all contacts from yahoo address book.

Just google 'und9.html' and you will find spam posted in blogs/mailing-lists/groups etc.

- Collapse -
? To Both To Clear Confusion....

Are you saying spam is sent from Yahoo Mail (internet mail) only? OR
Does your ISP route your ISP mail thru Yahoo! ?

In the first case your Yahoo mail account may be infected WITHOUT your computer itself being infected.

In second case (Both ISP & Yahoo! Mail) your computer itself is likely infected.
I use ISP Rogers Cable which got rid of it's own mail server and sold us off to
Yahoo's mail server (to save costs/increase profit) and it's now very confusing & hard to be sure where the problem lies as ALL mail to contacts show as coming from Yahoo mail server!

Likely best way to tell is are ONLY contacts listed in net mail getting spammed, Not ones listed in your ISP address book that are NOT listed in net mail address book?

All of the "net" mails (Yahoo/Google/MSHotmail/Live mail) have been suffering from various account hijacks in recent months. Thanks for clarifying if you can! Happy

- Collapse -
snippet of email header, from IP address probably forged

From email headers I checked the From: IP addresses in couple of spam emails. One points to IP address in Slovenia and another points to Mexico. I'm in Canada.

Check the IP 89.143.176.238 and 201.164.93.152

snippet 1:
....
Received: from [89.143.176.23Cool by web112604.mail.gq1.yahoo.com via HTTP; Thu, 07 Oct 2010 12:06:44 PDT
X-Mailer: YahooMailClassic/11.4.9 YahooMailWebService/0.8.106.282862
Date: Thu, 7 Oct 2010 12:06:44 -0700 (PDT)
From: [my-email-id]@yahoo.com
Reply-To: [my-email-id]@yahoo.com
To: [my-email-id]@yahoo.com, [friend 1]@yahoo.com, [friend 2]@yahoo.com,.....[9 email addresses from my yahoo email contacts.]
....


Snippet 2:
....
Received: from [201.164.93.152] by web112612.mail.gq1.yahoo.com via HTTP; Wed, 06 Oct 2010 22:41:29 PDT
X-Mailer: YahooMailClassic/11.4.9 YahooMailWebService/0.8.106.282862
Date: Wed, 6 Oct 2010 22:41:29 -0700 (PDT)
From: [my-email-id]@yahoo.com
Reply-To: [my-email-id]@yahoo.com
To: [friend 1]@yahoo.com, [my-email-id]@yahoo.com, [friend 2]@yahoo.com,....9 email addresses
....
I don't use ISP mail account..don't even remember if I did set one. I use web only email accounts ( yahoo, hotmail, gmail, ..). I haven't tried signing into other accounts as I first want to get this resolved.

- Collapse -
Thanks For Posting Info

Pretty clear that the problem lies with Web (net) mail only, especially if scanners found nothing to report...they're all good ones.

Possibility exists for cross contamination from Yahoo to any other web mail address's you have listed in Yahoo book (GMAil/Hotmail etc.) Follow Donna's advice & re secure those if any exist.

I would also be extra careful of downloading mail for a few weeks & follow "Best Practices" involving sending un-opened mail to a "Mail Folder" (create on Desktop)
which you can right click scan w / anti-malware before opening any of the contents. A pain I know but, particularly now, better safe than sorry! Good Luck! Happy

- Collapse -
Reply

I'm fairly certain that the spam is only sent through my Hotmail account.

I rescanned my computer with Malwarebytes Anti-Malware, and then changed my password again. The problem has ceased for a day, but I'm a little bit apprehensive on whether it was a result of my computer being infected, or just my account.

Thanks for all the help so far Happy

- Collapse -
Did Malwarebytes found/remove any infection?

Hi again,

If MBAM and other scanner found infection and was removed, that is likely the cause.
If no infection is detected and the problem ceased after you changed the password, then it is likely a compromised account. I suggest changing also the security question for your email accounts in Hotmail or Yahoo, if you have both or any.

- Collapse -
Also affects Hotmail/OutlookConnector account

I have been seeing this since Thursday, Oct 07 from one of my Hotmail accounts. I have changed the password, but so far no security software has been able to detect the issue. I did find a copy of the Java torjan OpenStream.AK, but even after that was removed the spam (in my case ...und9.html) appears to have continued.

Interestingly, some of these emails appear to be dated as sent while my system was completely powered off. Also not all of the domains were *.it, some were *.org or other countries.

- Collapse -
Security: Web Mail Password Hacked: Contacts Spammed

My webmail was hacked (password discovered) in August
and used to send porno spam to all my contacts.
(Whoever did it was nice and did not change my password
but did change my screen name and picture.)
This happened while my computers were completely
disconnected for a month of redecorating.
Zone alarm logs and scans before and after
showed no intrisions...likely server hacked.
I was able to login and change my password.
It was a weak, single word password.
A month before, hotmail required a friend to change
to a stronger password and add a secret question.
I have had a daily Google Allert for "hotmail hacked"
and it seems this subject has been sanitized.
See: Computerworld: Microsoft sounds alert on massive Web bug: ASP.Net
?www.computerworld.com/s/article/???_Web_bug

CNET Forums

Forum Info