Ok we keep getting threads like this one and this one where the OP is looking for help cleaning malware from their machine because they are spamming their friends.
People helpful try to get the OP to download various sorts of anti-malware apps, reinstall their OS or get a new AV app.
The actual problem is not on the OP’s computer. You’re sending them down a rabbit hole with your responses. They don’t know the difference between POP mail and webmail so getting them to try all sorts of goofy other stuff is not going to be helpful.
I sympathize with the folks who don’t understand the difference between POP mail and webmail. I keep trying to explain and not get mad. I don’t sympathize with the folks who keep sending them down the wrong path.
If you use Outlook, Thunderbird, Eudora, Entourage or any program that physically downloads email to your computer, and your contacts start getting spam email from you, then yes your computer is compromised.
However, most people are complaining that their Yahoo, Gmail, Hotmail and AOL addresses are sending out emails to their contacts. If you go to a Web site to send and receive email, as in most cases with these services, you are using Web mail. Your email is not on your computer. Your contacts are not on your computer. No one is sending email from your computer because it doesn’t exist there.
In the past few months I’ve gotten spam from friends at Yahoo, Hotmail and AOL. Upon checking their accounts we’ve seen that in their SENT folder are copies of this spam. This spam was not sent from their computer, it was sent by someone logging in to their webmail account and using it to send spam.
Just the same as how you can use any computer in the world to check your Gmail as long as you have the username and password…anyone else anywhere in the world can log on to your Gmail account as long as they have the username and password. This has nothing to do with your computer.
“But how do they get my username and password if not through my computer?”
Simple - I saw this just the other day on one of my hosted clients’ sites.
A hacker uploads a malicious script to a Web site. Usually the site is built around a popular pre-made system such as the shopping cart osCommerce. Being familiar with the system, the hacker knows where the database connection file is stored and what tables in the database holds the userbase’s email addresses and passwords. Their malicious file connects to the database and downloads everyone’s email address and password. Now they have all of the email addresses and passwords from the userbase of this site.
There’s a good chance that mary12@yahoo.com, who uses the password Mary12 on the freshly-hacked site, uses Mary12 as her password for Yahoo mail too. The hacker tries this login info at Yahoo and viola! They’re in.
Now the hacker can send spam to all your friends, which they will open because they know you. And they can grab your friends’ email addresses for later use, since you probably only keep valid email addresses in your address book.
NONE of this transpired on your computer. YOU didn’t get hacked but possibly one of the hundreds of Web sites where you have a stored login did get hacked. There’s nothing YOU can do about it except - and this is important - change your webmail password.
Also important, and also suggested in other threads (eventually) is that you try not to use the same passwords everywhere. Or, at LEAST, make your webmail password extremely unique and don’t use it anywhere else. And don’t use dictionary words.
You might not give a toss if your SDMB password and your fantasy football accounts get hacked (they probably won’t) but if your email address and password at one site match your login on your webmail site…that is just bad news.
There really is a rash of this going around right now. For real. Please change your password, make it secure, and make it unique.
And stop agreeing when people think they are hacked. Unless you’re sure that the person is using a POP client, they aren’t.