email contacts are receiving virus emails via yahoo

F

Foz2001

[H]ard|Gawd
Joined
Aug 25, 2001
Messages
2,029
I have a clients computer and she is claiming people on her contact list are getting emails she did not send and which also turn out to be virus's. I have formatted the system and it is still doing it. How would we go about stopping this? Has her account been compromised? Does she need to change her password maybe?
 
Foz2001 said:
I have a clients computer and she is claiming people on her contact list are getting emails she did not send and which also turn out to be virus's. I have formatted the system and it is still doing it. How would we go about stopping this? Has her account been compromised? Does she need to change her password maybe?
Click to expand...

Are these emails actually from her account/server? Or do they just have her address as the From in the email?
 
^^^ likely this.

turn off her computer for a day, and see if anyone gets an email during that time...


it could be the other people have a virus and it is pulling her address from some saved contact list.
 
Foz2001 said:
if thats the case, is there anything that can be done?
Click to expand...

What I alluded to and MrGuvernment continued with, is that worms usually grab two addresses out of the address book on the infected machine and use one as the From address and one as the To address. If the "sender" and the recipient have mutual contacts, this is very likely. If the recipient and your client don't have any mutual contacts, then most likely the problem is from your client's PC/account (since that would be the only link from the recipient to your client).

http://pctech.invisibill.net/?page_id=30 has details on how to decipher the headers of an email to figure out where it's really coming from, if you're not familiar with it. Often you'll see the IP address of the email client in addition to the server info. This should tell you if the emails are coming from her server, and possibly even her PC.

There are a few possibilities of how these messages could be originating.
  • Your client's PC is infected and sending junk out. You need to clean up her PC and probably want to reset any important passwords to make sure nothing else is compromised.
  • Your client's account is compromised and someone else is accessing it from their own machine or botnet. You need to change the account password so that the other person can't access it anymore.
  • Your client just happened to be the unlucky address that some random worm picked to be the From address. The owner of the infected machine (the mutual contact between "sender" and recipient) needs to clean up their PC.

Remember that the From address is like the return address on a snail-mail envelope. The sender can put anything they want there. Looking at the chain of connections in the email headers is like looking at the postmark on an envelope to see where it really came from.
 
I use gmail, and I have others who use gmail, and they are getting spam from my gmail address, even when I have not logged on for a couple of days.

Does this indicate they have me on a list with my friends, vs. a bot or something?

What can I do about this? Change my password? Or is there something more with webmail accounts?
 
not1germ said:
I use gmail, and I have others who use gmail, and they are getting spam from my gmail address, even when I have not logged on for a couple of days.

Does this indicate they have me on a list with my friends, vs. a bot or something?

What can I do about this? Change my password? Or is there something more with webmail accounts?
Click to expand...

InvisiBill said:
Are these emails actually from her account/server? Or do they just have her address as the From in the email?
Click to expand...
This applies to you too. Are they really coming from the GMail server and/or your account? Or do they just have your name in the From field?
 
They seem to mostly come from different servers, although 1 or 2 seem to come through gmail's server.
 
You could actually Analyze email headers and look for the originating ip address or Received: from see if you could trace that to something, then you could run something like a ip address finder or this is a little tool that i use it's called Visual router Here you go.. hope this works

http://visualroute.visualware.com/
 
You must log in or register to reply here.
Back
Top