email invaded

[krusty]

A friend has had a problem over night . An email was sent from her yahoo.co.uk email address to everyone on her contacts list.

it was this :-

Hey
How is going now !
I got a good webiste ,that guys sell electronics,the price is cheap and quality is nice .
Go and check it.**********

sent at 03.30 am

does it mean they have her password ?

 

[Will]

Was it really sent from her address, or was it sent from somewhere else with her address forged? That's called spoofing and is very common practice by spammers.

[krusty]

Yes really from her address , shows up in the sent box.

[suein56]

[quote user="krusty"]Yes really from her address , shows up in the sent box.[/quote]

Has she tried a thorough scan with her anti-virus? Followed by a scan with something like Xoftspy or Spyware Doctor to help identify the problem, so it can be removed.

Sue

[Kevinmc]

Happened to me last year with my hotmail account, immediately after I used the free access at the B&B chain.

It was a week before I was able to settle somewhere and start the laborious process of updating virus software (just in case), asking this question on various forums through google etc. By now, they´d also stripped my address book and left it totally empty.

I set up a new hotmail account in the interim and did a complete rebuild of my laptop as I was no longer confident that there wasn´t something hidden. I´m also using a different password technique, using letters, numbers and special characters. This is important, because once the bad guys gave identified a password, they then have software which generates versions of your original password, e.g. incrementing a suffix, 1,2 ,3 etc, or substituting numbers for letters, e.g. 0 for O or 1 for l. I use a phrase that is meaningless to anyone else but clear to me e.g. My pet cat dingo and me luv the living france forum becomes MpCd&moiLtLfF. Generating passwords randomly in sequence using real words would take a long time to crack this one. Admittedly, my password is a little shorter.

I now get the occasional email of that type from people who were on my mailing list and have presumably received the same treatment I have.

I´m very cautious these days about using my laptop on open networks     

  

 

[krusty]

Thanks all for your replies , when she told me about the problem , I told her to immediately change her password to something completely different , which she has done.

Too much snow today for going out , but when I do get to see the machine I will give it a good scanning .

[AnOther]

Lets hope she hasn't got a keylogger trojan as that will have captured her new password [blink] [:'(]

In circumstances like this the only safe way to change passwords is on another known clean machine.

Until the problem is positively identified and cured and I would stay offline and what I would recommend is for someone to download and run Hijackthis then submit the log for analysis.

[krusty]

Thanks Ernie , sounds like good advise , I will use "hijackthis".