Virus in my email? Sending spam?

By dardra
Aug 19, 2010
Post New Reply
  1. Hello, i just happen to notice that in my email inbox i get "Delivery Status Notification (Failure)‏" from the postmaster to dozens of emails that i never heard of or sent an email to and believe i have some sort of virus doing this. The email talks about some world of warcraft scam but how do i fix this?
  2. jobeard

    jobeard TS Ambassador Posts: 13,030   +222

    it's NOT 'in your email' but rather someone has hijacked your email address :(

    there is only one solution that really works
    1. get another email address
    2. inform all your contacts of the change
    3. discontinue using the old address
    4. inform the ISP of the fact and have the OLD account disabled
    The issue is how that email address was made so easily available;

    As email users, we owe it to one another to use the BCC feature when adding multiple
    recipients. If a correspondant forwards a group list to someone else, at least the addresses of your friends are hidden.
  3. SNGX1275

    SNGX1275 TS Forces Special Posts: 12,266   +218

    I had this happen to me and a few people I knew a while back. We are pretty sure that its actually a facebook breach, which is where they got your gmail address. We think this because we all used the same password between gmail and facebook. Of course it could have been a different site, or gmail itself, but facebook seems the most likely.


    So, for how to fix it:
    Luckily there doesn't seem to be any malicious intent other than sending spam, for example they don't go trying to change your password on you. So first thing I'd do is change my gmail password, and if you have facebook it might be worth changing that too. Next... and this part sucks.. you need to think of all the accounts you've registered that you used your gmail address, and I'd go ahead and change their passwords too. This is because while they had access to your gmail account they could have copied your folders with your registrations and passwords if those were included in the email.

    You can confirm you are clean by looking at the Details link after a line similar to this at the bottom of your gmail window: Last account activity: 21 minutes ago on this computer. Details
    That will tell you where and when your account has been accessed for the last 48 hours.
  4. dardra

    dardra Newcomer, in training Topic Starter Posts: 75

    Oh... how did someone hijack my email address?
  5. SNGX1275

    SNGX1275 TS Forces Special Posts: 12,266   +218

  6. dardra

    dardra Newcomer, in training Topic Starter Posts: 75

    Hmmm, how could my facebook be breached, say they find my email address thats with my facebook account how can they find my password?
  7. SNGX1275

    SNGX1275 TS Forces Special Posts: 12,266   +218

    I don't know for sure, it was just a common theme between the people I know that were affected. I imagine FB or some other account that you use the same password on got hacked and they got your password there, then just tried that password on your gmail (which is likely a contact email for you on FB), when it worked they just sent a ton of spam.

    I admit I don't have any hard evidence proving this, so it could be wrong, just concidental.

    There is actually lots of discussion on this over on google's gmail stuff that I looked through when trying to figure this out myself.

    But its in your best interest to at least do the rest of what I said immediately.

    Edit: here is an example of what happened to you being discussed on the gmail forums. http://www.google.com/support/forum/p/gmail/thread?tid=38569835b18232a9&hl=en Was your facebook password the same as your gmail one?

    Edit 2: Actually I vaguely remember reading a news article a while back saying there may have been some exploit with mobile gmail? All the IPs came from mobile phones when I looked at where my account was being accessed..

    Edit 3: Found what I was talking about.
    Source
  8. dardra

    dardra Newcomer, in training Topic Starter Posts: 75

    interesting.... btw though i got a hotmail not gmail
  9. jobeard

    jobeard TS Ambassador Posts: 13,030   +222

    It's simple - - everytime you USE it, it is shown to the recipient and that's ok, but if they foward it, then it is exposed.

    Facebook, MySpace, YouTube, ... all those social sites expose your email to 'your friends' one way or another.

    In addition, if you have a website, the email address needs to be encoded so it is not easily 'reaped'.
  10. SNGX1275

    SNGX1275 TS Forces Special Posts: 12,266   +218

    Ah, well if its not gmail then I don't have any insight into how it happened, but very well could be a similar thing.

    My advice still stands though on changing the password and all the passwords on accounts associated with your email address.
  11. dardra

    dardra Newcomer, in training Topic Starter Posts: 75

    wow turns out i have a virus on my computer too, i downloaded metasploit a few days ago and since i have avira antivirus has detected dozens and dozens of malicous things in my computer, doing a google search it said metasploit would be detected as a virus, so i thought everything was okay but it kept detecting things and then that whole email thing happend and then just an hour ago avira went crazy and detected more viruses and then this anti virus doctor BS started scanning my computer and trying to make me go to infected websites and give them money etc and then i realized i do have a situation on my hands, so i did a system restore to ... well i wanted to go like a week back in time but 2 days ago is the furthest i had so i used that, and i deleted metasploit. im not sure if im safe but im going to do a avira scan later, i was going to do a reformat but im lazy and dont want to loose all my precious stuff on my hard drive which i dont want to reinstall again etc
  12. LookinAround

    LookinAround TechSpot Chancellor Posts: 8,284   +154

  13. jobeard

    jobeard TS Ambassador Posts: 13,030   +222

    Access to the POP3 or STMP servers for the specific account is not necessary at all -- which is why I said the only effective solution is to terminate the account.

    For obvious reasons I can't prove that statement in a public forum, but due to the simplicity of
    email, it takes very little to forge the email account from anywhere and errors such as those being reported WOULD come back to the real account.

    This does not diminish the system infection issue, but IS a separate condition to be delt with.
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.