Help - some malware used my contact list

While I was out of town for a few days, everyone in my contacts list in Yahoo Mail received an email from my Yahoo email address. The only thing in the email was a url: http://torresvivuwe.chat.ru . I ran Spybot Search and Destroy and Lavasoft Ad-aware on both computers that I use. Spybot found nothing. Ad-aware found 53 files and got rid of them. As best as I can tell from the timestamps of the emails, these emails went out at a time when both computers were turned off. None of the people who have replied to “my” emails reported an issues caused by the emails. There was no outbound email matching this in my “Sent” folder.

Can anyone here point me in the direction of 1) a good online primer on what kind of software this was and how it does its work, and 2) a way to find out if it still has any presence on my computers?

Really, any education about this type of software would be very helpful. Thanks.

There was nothing on your computer. They hacked your Yahoo account directly (your computer was not involved).

Same thing happened to me and a friend of mine. Really nothing you can do except change the password.

Thanks. That scenario fits the facts better than a resident malware for a number of reasons. Password changed.

Hopefully to something that’s not in the dictionary…

I assume you’re implying that it was a brute force attack to get the password. It could have also been just a little social engineering which was EXTREMELY common on myspace. One of your friends (who’s account had been hacked) would put a link on your page telling you to check out some mutual freind’s sexy/hot/drunk/etc picture. When you clicked on it you’d be directed to the myspace login page and told that you had to be logged in to view that picture. Assuming you were accidentally logged off, you’d type in your username/pw and go from there. The thing is, the login page was fake and you just gave the hacker your username and password. Now they can log on to your page and send out more spam.

To the OP, did you at any time have to log on to your yahoo mail at what seemed like an odd time, maybe after clicking on a link someone sent you?

To add to the above, I believe Yahoo! has a security question option that will ask you a question after you give your user name, so you’ll know if you really need to give your password.

If you are asked to log in, always go back to the main homepage manually before putting in your info.

I don’t recall anything like that, and I am pretty sensitive to such tricks, I think. I don’t use myspace, but I do use facebook. I suppose I could have fallen for a trick.

I just looked for this and couldn’t find it. I have security questions set up, but they are only invoked when I have forgotten my password.

My old password was a word coined by Frank Zappa, so it is not in any ordinary dictionary. :smiley: My new one is a bit more complicated.

Always have at least one number and a mix of capitalization.

oN32THreE4F1V36

I use passphrases. Easier to remember, harder to guess