Is my computer compromised?

Discussion in 'malware problems & news' started by acr1965, Dec 10, 2010.

Thread Status:
Not open for further replies.
  1. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,995
    My system is Windows 7 Ultimate, 32 bit with Applocker enabled.

    I have had a problem with my web email sending out spam to people in the respective address books. For instance, my live.com, yahoo and aol email have all sent out spam. I have scanned my computer repeatedly with all the top antimalware scanners (eset, avira, HMP, MBAM, Kaspersky, Avast, MSE, Prevx...on and on and on) but there has never been any infection shown.

    The spam stopped after I changed my password on my yahoo and live.com email but recently the spam happened with my aol email. I have 3rd party cookies blocked and I have not even checked my aol email in months when the spam happened. The content of all the spam is usually some web address for online pharmacies.

    What are the possible causes of this? Is this the result of some password stealing malware that is purely web based? Or is it more likely that someone is specifically targeting my email and cracking the passwords for their personal, vindictive/nosy reasons?

    Everyone I have spoken to says that there is either some malicious program/ keylogger on my computer or I am imagining things.

    Any ideas or thoughts?

    Any ideas?
     
  2. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,113
    Location:
    Sofa (left side)
    Have you accessed your webmail accounts from another computer at all?
    How complex is that password you use for these accounts - is it easily guessable?
     
  3. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,995
    1. I don't believe so, except for my cell phone which is/was a Blackberry.
    2. My password is not that complex- 6-8 letters or letter/number mix. It's the same for a couple emails and different for the others.
     
  4. RCGuy

    RCGuy Registered Member

    Joined:
    Aug 7, 2005
    Posts:
    541
    I don't know about the cell phone part, but I had an email account that didn't have a complex password and someone hacked into it and started sending out Spam to the people in my Contacts/Address book.
     
  5. axial

    axial Registered Member

    Joined:
    Jun 27, 2007
    Posts:
    479
    A friend had a similar problem last week on his Win7 system. The e-mails were going out at about 2am, containing links to online pharmacy sites. They seemed to be using very old addresses from his Outlook address book.

    He called MS support and was extremely pleased at their response, 2+ hours phone troubleshooting through a couple of levels; the MS tools didn't detect any problems.

    Eventually they (MS) had him run Vipre Rescue,
    from http://www.sunbeltsoftware.com/home-home-office/vipre/
    which fixed the issue.
     
  6. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,995
    I have to wonder- maybe if somebody is able to crack the info at McDonald's and Gawker to get emails and passwords for those sites, plus the fact that a lot of people use the same password for many different sites, web email, etc...I wonder if by getting the email and password info from these places (McDonalds/Gawker) that the thiefs are abe to associate the stolen email addresses with the passwords to the respective web mail sites by just trying to log into a web mail account using the same password that was stolen from, say McDonalds or Gawker?

    I bet the success rate is pretty high for this and would help explain another reason for stealing this info in the first place.

    https://www.wilderssecurity.com/showthread.php?t=288795
    https://www.wilderssecurity.com/showthread.php?t=288733
     
  7. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,321
    Location:
    AmstelodamUM
    Interesting!
    Could you tell me, did they/MS advice him to use Vipre among other programs (MBAM etc) or did they only recommend to use Vipre Rescue?
     
  8. JuanP1000

    JuanP1000 Registered Member

    Joined:
    Aug 25, 2010
    Posts:
    43
    Is the spam actually going out from your account?? You have to check the email headers, cause it could be a case of non delivery message where the email address can be easily spoof, sometimes spammers have access to someone's address book and use it to send spam to your friends that look legitimate.
     
  9. axial

    axial Registered Member

    Joined:
    Jun 27, 2007
    Posts:
    479
    I'm not 100% sure on this (friend is not avail. for confirmation at the moment) but I believe they tried first with the various MS utils, they connected to his system for a couple of hours, but finally they recommended Vipre. I asked yesterday whether he'd used the downloaded free version or what, and his answer was:

    I'll confirm details when I can and post back.
     
  10. axial

    axial Registered Member

    Joined:
    Jun 27, 2007
    Posts:
    479
    acr1965, are you able to view the headers of one of the spam mails that somebody on your contact list has received?

    I just looked at my friend's spam and found the following:

    X-Originating-IP: [xx.zz.172.118]
    X-Mailer: Zimbra 6.0.5_GA_2431.RHEL5_64 (ZimbraWebClient - FF3.0 (Win)/6.0.5_GA_2427.RHEL4)
    X-Spam: exempt

    I've obfuscated the IP address temporarily; with the first two packets available, would somebody here be able to identify where the IP points to?

    My friend is on Comcast HSI and I see his IP in the headers also, but the one shown above isn't his IP.
     
  11. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    97,440
    Location:
    U.S.A.
  12. axial

    axial Registered Member

    Joined:
    Jun 27, 2007
    Posts:
    479
    Thx, JR. It's from Malaysia.

    Are there ways/places to report a specific IP as sending spam, or does just having some other IP in the header just mean one more spoof level so having that IP doesn't really mean conclusive "proof" anyway?
     
  13. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    97,440
    Location:
    U.S.A.
  14. axial

    axial Registered Member

    Joined:
    Jun 27, 2007
    Posts:
    479
    In retrospect I'm thinking this isn't really a spam issue as much as it was a "malware" issue, because the way I understand it:

    1) 2+ weeks ago "something" compromised his Outlook address book (the addressees are all his contacts, and he uses Outlook 2010 locally, not webmail).

    2) that something started sending out spam using his e-mail address and his address list. The first "received" header is one of the Comcast mail servers, but the "originating IP" indicates Malaysia. I don't know how many are being sent out; I received 2, one each Sunday.

    Since the Vipre fix I think he's been cleaned of any malware on his system, but I'll triple-check ASAP that he's changed his passwords for his Comcast account, and I'll also encourage him to submit whatever report he can to Comcast.
     
  15. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,995
    I have not been able to see any messages in my "sent" folder. But I have some messages returned to my accounts because they bounced.

    In my hotmail a few weeks ago there were actually several messages deleted.
     
  16. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,995
    I have a copy of an email sent from my aol address and the Ip is from aol. I don't have any others that I'm aware.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.