Computer sending spam. I thought I was protected

This morning my computer decided to send a link to a Canadian pharmacy website to what seems to be every person I’ve ever sent an email. I have a complete antivirus, antispam antieverything package (Norton) which runs every day. I thought that was supposed to prevent things like this from happening. What gives?

P.S. I’d like to apologize to everyone who received that email this morning. I personally do not believe all of you are impotent, and even if you are, I would not recommend Canadian pharmaceuticals as a blanket treatment.

Could you be more specific?
[ul]
[li]Did your email app/account send out emails without your knowledge/expressed action?[/li][li]Or is your computer infected so that it acts as a zombie and a hidden program is doing it?[/li][/ul]

Do you use a POP email client (like Outlook) or do you use web-based email (like Yahoo or Gmail)?

It’s a Yahoo based account (ATT) and the offending email was sent out this morning before I had even turned my computer on.

My account has no trouble filtering spam emails right into a junk folder.

Somehow your email password has been acquired by a spammer. Usually the spammer changes the password and locks you out, but if this hasn’t been done yet change it yourself NOW. If your password has already been changed by the hacker, contact Yahoo immediately and tell them what happened. After a bit of confirmation they will allow you access to change your password.
Edited to add-when you get your email back, send an apology email to all, explaining that it wasn’t you sending the spam.

Here’s a good overview of how anti-virus software works. Not even the best such software can ever make you completely immune from this sort of thing. The hackers and malicious programmers will always be ahead of the protections against them. The only way to be 100% safe is to run offline 100% of the time.

Just recently, I got the exact email OP is describing from somebody on my email list.

A similar thing went around Facebook a while back (you’d get a message from a friend with a link, when you click on it, it looks like you’ve been logged out of Facebook, but you’re actually on another site that looks just like the Facebook login page. When you try to login, the bastard gets your FB password, and sends the same thing to everyone on your friend list).

I wonder if something similar is spreading through email.

There’s two different possible scenarios here:

  1. Your computer itself sent these emails. That is, some program on your computer connected to the mail server and sent the email.

  2. A hacker logged into your yahoo account from some random location around the world and sent the email.

Do you know for sure which scenario this is? A savvy computer person can look at the headers of the email and determine the computer which sent it.

Likely it is #2. Somehow your email and password was compromised. In any case, you should immediately change the passwords for all your accounts. Furthermore, the password you use for your email should be unique. That is, the password on your email account should never be used on any other site ever.

Think about all the websites, stores, forums, etc where you signed up for an account and given your email address. How many of those sites share the same password as your email account? If any of those sites get compromised, the hacker will have access to your email and a possible password. He can then log into your email account and send spam. He can also look at all the emails in your inbox looking for bank accounts, online trading accounts, etc.

Your computer is not sending spam. Your web-based email was hacked. You do not need to distrust your anti-virus program or download seventeen different anti-malware apps. You need to change your web-based email password.

I am going to post what I posted in last week’s thread about malware and spam.

Another possibility is that a spammer is doing the sending, and forging your e-mail address.

But definitely changing your e-mail password would be a good step to take.

I’ve changed the password on my email and sent an apology to everyone. It turns out the offending emails are sitting in my SENT box.

Anything else I can do?

If your password is simple (like “INTERNET”) change it to something more like “fl32er991y”. And be careful when logging into Yahoo that it is really Yahoo you’re logging into.

Hopefully you changed your email to something a bit more random in nature. If you are ever redirected to a Yahoo sign in, ignore the redirect and use your own bookmark to get there. Keep an eye on your “sent” file for things you don’t remember sending. As has been said before, keep you password for your mail unique and never use it for anything else on the web.