I just got an email addressed from someone I know, but it was just spam, and the person whose address was in the “from” field says he did not send the email. It was sent to a list of that person’s contacts (whether it was all of this person’s contacts I don’t know). And it was sent from a Yahoo account. And the person says he only uses web-based email, no Outlook or anything like that.
He ran virus scanners and so on and found nothing. What else does he need to do?
You too, huh? Seems like a lot of that going around.
Really? But … Frylock! I thought for sure you knew something about my daddy bits and was expressing concern for a fellow Doper by sending me that email regarding those “special pills!” Oh well, I hope they arrive on time!
Is this just something you’ve heard from several people, or are you reading about this online somewhere?
Change his Yahoo password, and make it something complex. The “from” field on an email is not necessarily indicative of where the email came from. You can send out emails using an “from” address you wish. Looking at the email header and tracing its path might help you some. But, if the email went out to a list of contacts he has in his Yahoo account, then most likely his Yahoo account has been hacked and the email was sent from his account. In fact it might show up in his sent mail folder.
Either way, change the Yahoo password. Use letters and numbers, upper and lower case, and so on.
As far as I can tell, the spammers involved are the ones described here: The Spamhaus Project - The Top 10 Spammers
though in the link in the spam I received (yes I clicked on it! I just wasn’t paying attention!) it’s called “Canadian Health & Care Mall”. But it uses one of the same images as one of those displayed on the page linked above describing the spamming org and its scheme.
And as far as I can tell, they get people’s contacts through botnets, so it looks like the person whose email addressed was used to spam me really is infected. His anti-virus-etc software isn’t finding anything, though.
And now I gotta go check since I did click the link and all… 
Nothing. His computer wasn’t involved in sending it. This is how it works: the programs involved with spam somehow manages to infect a computer where it captures all e-mail addresses it can find and uses them as senders of the mails.
I’m not following this. The addresses sent to were all contacts of this person, so it seems his email account was hacked, even though it might be that his computer itself was not hacked. So it may be that he doesn’t need to do anything to his computer–but surely he needs to change his email password at least, right?
Meanwhile, how was his email address hacked? As I mentioned above, some research seems to show that these people use botnets to get into email accounts. The only way I can figure they can use botnets to get into email accounts is through keyloggers or something. But I’m not really sure about that. But if I’m right, then he does have something on his actual computer itself, right?
A large percentage of an email header can be faked. I can trivially send an email that superficially looks like it was sent by obama[at]whitehouse.gov. The full header (which many email programs hide by default) will show a list of servers the email passed thru. Sophisticated spam programs will set it up so that the real origination is, say, the third server in a list of five. (The last 3 being good and the first 2 being faked.) It is not easy for even humans to tell the true sender of some emails.
99.99…% of the people out there who claim the email couldn’t possibly come from them aren’t smart enough to know how to really check their computers for viruses. Never, ever trust someone who says their computer is virus free unless they are a serious pro in such matters. If the email was sent to a bunch of people on that person’s contact list, the chance of them having a virus infection is nearly 100%.
Your friend is using a web based service, there is NOTHING on his computer to hack. His yahoo account is on yahoo’s servers. There is nothing to stop a person or automated program from trying any number of password guessing methods to gain access to a yahoo account.
He needs to change his Yahoo password. Make it complex.
You know those chain letter or glurge emails that people forward to everyone in their contact list? - they usually contain copies of all the previous headers, with all of the previous list of forwards.
If, after being forwarded many times, such an email falls into the hands of a spammer, they can very easily harvest all of the addresses from it.
So it’s possible that your friend has either:
[ul]
[li]Forwarded a glurge mail to everyone in his contact list at some point in the past, or[/li][li]Been the recipient of one sent by someone who has largely the same set of friends (even if he didn’t forward the copy he got, his address, and all the others will still be in all the other copies that went to everyone else)[/li][/ul]
Definitely very possible in this case.
It’s one aspect of back-scattering. This is one of the worst aspects of email, and the people who perpetrate this horror deserve severe punishment. Sadly, it seems to be a crime that anyone can commit with near-perfect impunity.
As for someone hacking into your account, there are some steps the average user can take that will help. Use strong passwords, and change them often. Never forward dodgy material or click on links that might be suspect. And open an email account with a provider that seems to have good security practices and tech staff who at least try to defend against hacks.
This happened to us - we started getting spam bounces containing emails forged to look like us. And the list of addressees looked an awful lot like our email list. However, I knew that the spam did not originate in our computers - we use linux for our main computers, and the firewall blocks SMTP traffic out anyhow.
A closer look showed some email addresses I did not recognise. From this, it is clear that someone who has received one of our widecast emails has been the source of the address list. We never figured out whose it was.
The reason botnets do this is that if I receive an email from someone I already email and trust, it is less likely to be caught in my spam trap (which whitelists all the addresses in my contacts). I do need to tone down the weighting on those addresses, though. And remove my own address - I keep sending myself emails about Russian woman I apparently chatted with once in the past :smack:
Si
There is no authentication of users in SMTP email. Essentially the spammer needs to type in only:
RCPT TO: <youremail address>
FROM: <yourbuddy’s email>
Nothing involving your buddy’s computer
This, by the way, is a good response to all those that say, “I have no need for an antivirus program, because I never open email from people i don’t know.”
It’s also a good reason not to accept or forward glurge.
If you want an exact term for what it’s called, it’s “Spoofing”
Just popped in to say that I have lately been receiving these emails from a person in my contact list that I know, without any shadow of a doubt, is not sending them. His computer is not hacked, either. I am certain of this because my friend died several years ago. His email, however, lives on. I just never deleted him from my Yahoo! contacts.
So, from the great beyond, my friend is making sure I am satisfying my wife in the sack. Thanks, Buddy.
I usually don’t even look at the sender to decide if it is spam or not (if it is from myself it most certainly is), it’s enough to look at the subject.