It looks like some piece of malware has infested one or the other of my computers…I’m apparently sending Viagra ads to everyone on my Yahoo! Mail contacts list.
I’ve got a PC (laptop) at work, and a Mac at home. How do I know which one is infected? And how do I fix it?
It’s probably your PC, since most malware seems to target the PC because it is the more popular platform.
One thing you could do is do an experiment where you only had one plugged in at a time, and tested with a Yahoo Mail contact list that is stripped of all contacts except a test receving account, and seeing when you receive messages, though this may be dangerous since you don’t know what else the malware is doing.
Or, take them both to Geek Squad.
What kind of security is the laptop behind? It might be just your mail account has been hacked. As far as possible infection, the odds are vastly in favor of the PC being the culprit.
Can you install software to the laptop? If it’s a work laptop, your IT Dept. should be the one to consult.
download and run malwarebytesasap
Stay away from Geek Squad – unless you like wasting money. Geek Squad consistently are shown to upsell unnecessary services and overcharge on those they do provide. Not to mention horror stories about replacing perfectly good hard drives but not backing up any of your data first.
Use Malwarebytes.
How do you know that it’s your computer that is actually sending the spam? Your contacts could simply have been harvested, and another computer could be sending the messages. Are you seeing a lot of outbound mail traffic on your local network?
Very good point. Here’s how a lot of malware works.
In someone’s infected computer, it gathers all the email addresses it can find from not only address books, but documents, favorites, etc., and puts them in one gemongous list.
Next, it randomly picks out two addrs from that list, puts one in the “TO” field and the other in the “FROM” field, then mails it out.
So if someone gets one of these buggers, they assume the FROM field is where it came from. Maybe not. If your address was in someone else’s computer, that’s all it takes to appear to be the spammer.
If you use Yahoo mail strictly as a web mail service (you don’t download to your computer and send via a mail client) then your computers are probably fine. Your Yahoo account got hacked. Not via your computer, just by someone trying to hack your account.
Check your sent folder in Yahoo. If the sent folder has these viagra ads, then someone used your Yahoo account via a browser to send, not via your computer.
My friend sent me a viagra spam this morning from his Yahoo account. We’ve had several SDMB members complain about their Hotmail and Gmail accounts being hacked in the past month. My sister-in-law’s AOL account got hacked last week and before that, her sister’s hotmail account.
There’s a rash of webmail hacking going on lately and perhaps if the US president wasn’t a secret socialist Muslim* we might hear about it on the news.
Anyway, your computers are probably fine. Your Yahoo account is probably not. Change the password to something very unique. No dictionary words.
*He’s not.
Interesting…my Sent folder has a bunch of mailer daemon messages from Yahoo, saying that it was unable to send a message to several people in my contacts list. The message it had trouble sending, was the spam.
And the date & time on the error message was a time when the PC was powered off.
So I take this to mean that it is my Yahoo! account that got hacked; not that I have a virus. Correct? And that the solution is to change my Yahoo password?
If you have any question whatsoever that you might have been hacked, you should change your password immediately. It won’t hurt.
Also, if you use the same password for more than one account, you should also change those, as well (and not to the same thing). You really should not use the same password for more than one account. Yeah, I know it is a hassle.
If you must, use a scheme where you have a password base and a “uniquifier” for the service. So, if your favorite password is “BobArrgh” (and hey, who’s isn’t?), then you might use “BobArrgh!Yahoo” and “BobArrgh!Gmail”.
Which reminds me, it’s time to change my passwords. Again.
Not necessarily but it can’t hurt.
You say that you have bounce messages, but you don’t have the actual outgoing emails? If someone is spoofing your email address as the FROM address and is somehow accessing Yahoo servers to send them out, then you would get the failure messages even if your account has not been touched. If someone had actually hacked into your account then you would see in your Sent folder all the messages they had sent.
I’m seeing both. For some reason, some of the outgoing messages are bounced (and the bounce message wound up in the Spam folder); some succeeded, and are in the Sent folder.
Unless they sent and then deleted their sends from the sent folder.
If the OP doesn’t keep their address book locally on their computer - which they probably don’t do seeing how they don’t use a local email client - the probable way in which those email addresses were attained is via their actual Yahoo account, through a browser.
Spoofing - your email address is used on someone else’s computer to send email to a bunch of random email addresses that you don’t know. While return notices might come to your email address (as it was used as the FROM address), it is extremely unlikely that your machine or network was compromised. Email headers will indicate that in no way was your network involved and quite likely your mail server was not involved either (as in, if your address is @yahoo the sending server is most likely not going to be yahoo). There is nothing you can do to stop this.
Webmail hacking - someone logs in to your webmail account via their computer and sends spam to all of the contacts in your address book and/or random lists of contacts already culled from somewhere else. Your contacts’ email addresses are most likely harvested and sold to other spammers as well. Emails are sent via your account but all of the action happens on the webmail servers and not on your computer or network. Email headers will show that the emails originated from your webmail service’s server but in no way touched your local network. The way to stop this is to change your webmail password so that the hacker can’t log in again.
Computer hacking - someone logs on to your computer using backdoors opened by malware and uses your computer to send email. The hacker may or may not use your email address as the FROM address (they may use someone else’s address as outlined above in “spoofing”) and they may or may not send to your address book. If you don’t have an email client on your computer and/or don’t have an address book stored there and/or don’t have a built-in smtp server it is highly unlikely that emails got sent from your machine. Most ISPs require SMTP authentication these days in order to send anything on port 25, and that requires your login information to be saved somewhere like in an email client. So it’s hard to even use your ISP’s smtp server without a little help. But if they did send via your computer, your IP address would show up in the email headers.
My bet is that your webmail account got hacked and the only recourse you have is to change your password. I’m almost positive your computer didn’t get hacked but if you want to scan for malware and viruses it doesn’t hurt.