email contacts are receiving virus emails via yahoo

Discussion in 'Networking & Security' started by Foz2001, Jul 5, 2009.

  1. Foz2001

    Foz2001 [H]ard|Gawd

    Messages:
    2,032
    Joined:
    Aug 25, 2001
    I have a clients computer and she is claiming people on her contact list are getting emails she did not send and which also turn out to be virus's. I have formatted the system and it is still doing it. How would we go about stopping this? Has her account been compromised? Does she need to change her password maybe?
     
  2. |CMF|SoulAssassin

    |CMF|SoulAssassin Limp Gawd

    Messages:
    334
    Joined:
    Mar 3, 2008
    i would start by changing all her personal passwords,bank, email etc.. anything important and use keypass for extra protection for a while till all the problems go away....

    http://keepass.info/
     
  3. InvisiBill

    InvisiBill 2[H]4U

    Messages:
    2,608
    Joined:
    Jan 2, 2003
    Are these emails actually from her account/server? Or do they just have her address as the From in the email?
     
  4. MrGuvernment

    MrGuvernment [H]ard as it Gets

    Messages:
    19,159
    Joined:
    Aug 3, 2004
    ^^^ likely this.

    turn off her computer for a day, and see if anyone gets an email during that time...


    it could be the other people have a virus and it is pulling her address from some saved contact list.
     
  5. Foz2001

    Foz2001 [H]ard|Gawd

    Messages:
    2,032
    Joined:
    Aug 25, 2001
    if thats the case, is there anything that can be done?
     
  6. InvisiBill

    InvisiBill 2[H]4U

    Messages:
    2,608
    Joined:
    Jan 2, 2003
    What I alluded to and MrGuvernment continued with, is that worms usually grab two addresses out of the address book on the infected machine and use one as the From address and one as the To address. If the "sender" and the recipient have mutual contacts, this is very likely. If the recipient and your client don't have any mutual contacts, then most likely the problem is from your client's PC/account (since that would be the only link from the recipient to your client).

    http://pctech.invisibill.net/?page_id=30 has details on how to decipher the headers of an email to figure out where it's really coming from, if you're not familiar with it. Often you'll see the IP address of the email client in addition to the server info. This should tell you if the emails are coming from her server, and possibly even her PC.

    There are a few possibilities of how these messages could be originating.
    • Your client's PC is infected and sending junk out. You need to clean up her PC and probably want to reset any important passwords to make sure nothing else is compromised.
    • Your client's account is compromised and someone else is accessing it from their own machine or botnet. You need to change the account password so that the other person can't access it anymore.
    • Your client just happened to be the unlucky address that some random worm picked to be the From address. The owner of the infected machine (the mutual contact between "sender" and recipient) needs to clean up their PC.

    Remember that the From address is like the return address on a snail-mail envelope. The sender can put anything they want there. Looking at the chain of connections in the email headers is like looking at the postmark on an envelope to see where it really came from.
     
  7. not1germ

    not1germ n00b

    Messages:
    49
    Joined:
    Apr 17, 2007
    I use gmail, and I have others who use gmail, and they are getting spam from my gmail address, even when I have not logged on for a couple of days.

    Does this indicate they have me on a list with my friends, vs. a bot or something?

    What can I do about this? Change my password? Or is there something more with webmail accounts?
     
  8. InvisiBill

    InvisiBill 2[H]4U

    Messages:
    2,608
    Joined:
    Jan 2, 2003
    This applies to you too. Are they really coming from the GMail server and/or your account? Or do they just have your name in the From field?
     
  9. not1germ

    not1germ n00b

    Messages:
    49
    Joined:
    Apr 17, 2007
    They seem to mostly come from different servers, although 1 or 2 seem to come through gmail's server.
     
  10. |CMF|SoulAssassin

    |CMF|SoulAssassin Limp Gawd

    Messages:
    334
    Joined:
    Mar 3, 2008
    You could actually Analyze email headers and look for the originating ip address or Received: from see if you could trace that to something, then you could run something like a ip address finder or this is a little tool that i use it's called Visual router Here you go.. hope this works

    http://visualroute.visualware.com/