A few months ago, I got a spam email from my wife to my yahoo account and my work account. I also noticed that it was sent out to her entire contact list. The subject line was blank and the body contained a single link. I figured it was spoofed and deleted it without clicking on the link.
About a month ago, I got an email in my work account from my yahoo account with the same MO; an empty subject line and a single link in the body. It was sent to my entire contacts list which is quite different than my wife’s, so I know it wasn’t just copied from my wife’s email. In my yahoo account, I got a lot of bounced email notices from friends that let those particular accounts expire.
It happened again yesterday.
I changed the password and security questions on my yahoo account, but from what I’ve been reading online, it seems that I have a virus or something that is stealing passwords and logging into accounts and sending the spam.
I am figuring that it must be our home computer. It has stolen both my wife’s and my yahoo account access. We only access both accounts from that computer. My wife and kids likes to download games to that computer also, despite my warnings not to.
Last night I ran my Norton 360 scan with definitions that had been updated 8 hours earlier and it detected no viruses or anything else.
I’m afraid to use that computer since it may steal my password again. Is there anything else I can do?
I found a similar thread started by Frylock earlier this year, but there doesn’t seem to be any resolution.
I’ve had the same problem. As has a friend of mine who is a cyber security expert. We haven’t found an answer yet either, but I’ll come back and share when/if we do.
Yahoo won’t admit it but awhile back their data base got hacked and a bunch of mail accounts and passwords were compromised. Same thing happened to my neice about four months ago. Once they harvest those addresses from the accounts, they are available to the hacker or whoever they pass them on to for all time. They can’t hurt you other than sending spam. You can filter them. Changing the Yahoo password is always a good thing, but they did not come back to my neice’s account even though she has not changed her password. In her case, I receive periodic email pushing a retail site and they make it appear it’s from her.
Separately, some Asian site must have gotten my Yahoo info. First I noticed was when mail was being returned to my mail with bad addresses. The mail had been sent to Chinese government agencies, but they had bad addresses for them. You can understand why the Chinese might desire this deception to send taunts to their government. I changed my password and everything stopped cold.
Bottom line: I doubt you have any virus. Yahoo had the problem and those addresses can’t be recalled.
PS. If you look at the mail headers you can spot the foreign address IP and that it is different from the correct one coming from the person being spoofed.
If you EVER go online (or have any service which connects all by itself):
ASSUME EVERYTHING ON YOUR COMPUTER WILL BE COPIED
If you keep your “contact list” on a piece of paper taped to your monitor (or in a file with the emails disguised). You (won’t/might) not be compromised
I don’t doubt your expert status, but I’d like to see actual statistics on often people are attacked. It seems to me it would be easier to get email addresses from the various lists that are sold to everyone, than to waste the amount of time it would take to hack someone’s account. Those seem to be attacks of opportunity caused by the user not taking the base level of caution.
Plus, I’m not too worried about people getting my friends’ email addresses. It’s not like they’re some big secret, and if you have even the most basic spam protection, spoofed email is going to be detected.
Try Spybot Search and Destroy (download from safter-networking.) It tends to catch stuff other antivirus doesn’t. Also, since it is doing a scan from it’s database, it does not interfere with a file-by-file scan like McAfee. I used to run both simultaneously, and it was faster than doing one at a time.
Another thing I do is to use Task Manager (ctrl-alt-delete) and then use google to identify every application being run.
It is also possible that your account wasn’t compromised. It’s quite simple to set the “reply-to” in an email message to anything you want. Every so often, I get one of those bounced emails, but the spammer just randomly guessed my address.
I do not connect even a single computer to a hot internet connection without an router/switch between my computer and the modem. I carry spares for when traveling.
Am very careful about WiFi at motels with our laptops.
