Productivity Virus in my email? Sending spam?

[dardra]

Hello, i just happen to notice that in my email inbox i get "Delivery Status Notification (Failure)‏" from the postmaster to dozens of emails that i never heard of or sent an email to and believe i have some sort of virus doing this. The email talks about some world of warcraft scam but how do i fix this?

 

[jobeard]

it's NOT 'in your email' but rather someone has hijacked your email address

there is only one solution that really works

1. get another email address
2. inform all your contacts of the change
3. discontinue using the old address
4. inform the ISP of the fact and have the OLD account disabled

The issue is how that email address was made so easily available;

As email users, we owe it to one another to use the BCC feature when adding multiple
recipients. If a correspondant forwards a group list to someone else, at least the addresses of your friends are hidden.

 

[SNGX1275]

I had this happen to me and a few people I knew a while back. We are pretty sure that its actually a facebook breach, which is where they got your gmail address. We think this because we all used the same password between gmail and facebook. Of course it could have been a different site, or gmail itself, but facebook seems the most likely.


So, for how to fix it:
Luckily there doesn't seem to be any malicious intent other than sending spam, for example they don't go trying to change your password on you. So first thing I'd do is change my gmail password, and if you have facebook it might be worth changing that too. Next... and this part sucks.. you need to think of all the accounts you've registered that you used your gmail address, and I'd go ahead and change their passwords too. This is because while they had access to your gmail account they could have copied your folders with your registrations and passwords if those were included in the email.

You can confirm you are clean by looking at the Details link after a line similar to this at the bottom of your gmail window: Last account activity: 21 minutes ago on this computer. Details
That will tell you where and when your account has been accessed for the last 48 hours.

 

[dardra]

Oh... how did someone hijack my email address?

 

[SNGX1275]

I had this happen to me and a few people I knew a while back. We are pretty sure that its actually a facebook breach, which is where they got your gmail address. We think this because we all used the same password between gmail and facebook. Of course it could have been a different site, or gmail itself, but facebook seems the most likely.

 

[dardra]

Hmmm, how could my facebook be breached, say they find my email address thats with my facebook account how can they find my password?

 

[SNGX1275]

I don't know for sure, it was just a common theme between the people I know that were affected. I imagine FB or some other account that you use the same password on got hacked and they got your password there, then just tried that password on your gmail (which is likely a contact email for you on FB), when it worked they just sent a ton of spam.

I admit I don't have any hard evidence proving this, so it could be wrong, just concidental.

There is actually lots of discussion on this over on google's gmail stuff that I looked through when trying to figure this out myself.

But its in your best interest to at least do the rest of what I said immediately.

Edit: here is an example of what happened to you being discussed on the gmail forums. http://www.google.com/support/forum/p/gmail/thread?tid=38569835b18232a9&hl=en Was your facebook password the same as your gmail one?

Edit 2: Actually I vaguely remember reading a news article a while back saying there may have been some exploit with mobile gmail? All the IPs came from mobile phones when I looked at where my account was being accessed..

Edit 3: Found what I was talking about.

April 20, IDG News Service – (International) Drug-dealing spammers hit Gmail accounts. Google is investigating a growing number of reports that hackers are breaking into legitimate G-mail accounts and then using them to send spam messages peddling Canadian pharmaceutical websites that promised to send cheap drugs to U.S. customers. The problem started about a week ago but seems to have escalated recently. “The G-mail team takes security very seriously and is investigating the reports we’ve seen in our user forums over the past few days,” Google said April 20 in an e-mailed statement. “We encourage users who suspect their accounts have been compromised to immediately change their passwords and to follow the advice at the following page: Gmail accounts are often compromised after phishing attempts or via malicious programs, which can seek out and log online credentials from a hacked computer. It is note that hackers appear to be sending spam via G-mail’s mobile interface - which gives mobile-phone users a way to check their G-mail accounts. The G-mail users wondered if there may be a bug in the mobile interface that is allowing criminals to send the spam.

Source

 

[dardra]

interesting.... btw though i got a hotmail not gmail

 

[jobeard]

Oh... how did someone hijack my email address?

It's simple - - everytime you USE it, it is shown to the recipient and that's ok, but if they foward it, then it is exposed.

Facebook, MySpace, YouTube, ... all those social sites expose your email to 'your friends' one way or another.

In addition, if you have a website, the email address needs to be encoded so it is not easily 'reaped'.

 

[SNGX1275]

Ah, well if its not gmail then I don't have any insight into how it happened, but very well could be a similar thing.

My advice still stands though on changing the password and all the passwords on accounts associated with your email address.

 

[dardra]

wow turns out i have a virus on my computer too, i downloaded metasploit a few days ago and since i have avira antivirus has detected dozens and dozens of malicous things in my computer, doing a google search it said metasploit would be detected as a virus, so i thought everything was okay but it kept detecting things and then that whole email thing happend and then just an hour ago avira went crazy and detected more viruses and then this anti virus doctor BS started scanning my computer and trying to make me go to infected websites and give them money etc and then i realized i do have a situation on my hands, so i did a system restore to ... well i wanted to go like a week back in time but 2 days ago is the furthest i had so i used that, and i deleted metasploit. im not sure if im safe but im going to do a avira scan later, i was going to do a reformat but im lazy and dont want to loose all my precious stuff on my hard drive which i dont want to reinstall again etc

 

[LookinAround]

See if the malware experts can help you. Start here for Virus/Malware removal Instructions Attach your logs for review in Malware removal forum

 

[jobeard]

Ah, well if its not gmail then I don't have any insight into how it happened, but very well could be a similar thing.

My advice still stands though on changing the password and all the passwords on accounts associated with your email address.

Access to the POP3 or STMP servers for the specific account is not necessary at all -- which is why I said the only effective solution is to terminate the account.

For obvious reasons I can't prove that statement in a public forum, but due to the simplicity of
email, it takes very little to forge the email account from anywhere and errors such as those being reported WOULD come back to the real account.

This does not diminish the system infection issue, but IS a separate condition to be delt with.