I've been hacked!

At least two people have received emails form my address that were not sent by me. I'm frightened that everyone in my address book may have received similar emails. The email in question had no subject title, and contained a web link.

Unfortunately, until further notice, you should treat any email from me with suspension. I don't suppose there can be any harm in plain text, but any links should be ignored and any executable files attached should not be run. Any attachments should be scanned for viruses, and only opened if you feel confidant that they are safe, and that the security measures on your computer are adequate.

I hurts and embarrasses me to have to post this message. I have often heard of similar things happening to other people, and have felt rather smug, thinking my own security was adequate. The smug smile has been wiped from my face. As yet I have not been able to find the cause of the problem.

I would appreciate advice any of you may have to offer on this problem, and how to track down the cause, or cure it.

The email account in question is yahoo web based mail, accessed through FireFox v3.6.18, which has NoScript installed. I am running the ZoneAlarm fire wall and AV, and SpyBot Search & Destroy, under W2k sp4.

Sorry for any inconvenience this problem with my emails may have caused. :(

Les.

My first thoought was that your avatar's excessive smoking was responsible for that hacking. 

It could be someone who has you in their address book getting an infection, rather than your machine, or your address could have been harvested from Yahoo Groups posts.

Scan your system with Malwarebytes and see if it finds anything-it's effective and free...

http://www.malwarebytes.org/products/malwarebytes_free

I don't think you were hacked. It sounds like a computer virus that is spoofing addresses.

Update your antivirus software and do a virus scan.

Also do an adware scan using malwarebytes

And for good measure, run Dr. Web's Cureit.

Delete everything that each finds.

I got one too. I knew something was up because only you and a couple of others I have ever given that address.

It happens. It's not like I'm getting 50. It was just the one.

Good luck on curing it.

I use disposable email addresses for this reason. I have given Rendo, RDNA, Daz, every airline, travel site, and pretty much every person I've traded 3D files with, a unique disposable address. They all forward to my real address, which I give to nobody. When one gets hacked, I know who to tell that they got hacked. You are not alone.

So far, the following companies have caused me to receive spam. In each case, I shut down the associated disposable address and either gave them a new one or did not give them my address again.

Renderosity

Orbitz

American Airlines

T J Maxx

There were also two individuals - buddies from Rendo forums - but I will not embarrass them by naming them.

This is nothing to feel bad about. You can't avoid this. It is a statistical certainty. I'm just glad that I have managed to keep my account spam-free for 10 years now.

Should anybody want to do the same, the service is free at:

http://www.spamgourmet.com

I've received quite a few from other people exactly as Les said, no subject and one link inside. In each occurrence they have had a yahoo address. Wait untill you get a email from yourself offering cheap viagra like I did.

Hey Les, I got the mail too but as there was only a link I decided to delete it.

4 or 5 years ago someone used one of my e-mail-adresses for spam mails and when i came back from vacation, I had about 20.000 returned e-mails and during the next days about 20.000 more.

Shit happens :(

So far, so good.  Had the same email for 14 years with a minimum of fuss.  

Don't worry, time to time I receive an email from myself.

If you use Yahoo web mail, your computer has nothing to do with this. Someone had his computer infected and had your email in his address book, of course he used Outlook for email. Your email is added to a list together with the addresses of the address book and other's computer addres books. Then the virus begins to send email with spam or virus where the addesses of "from" and "to" are picked from the list. Some stupid virus don't check if "from" and "to" is the same address and so, you receive email from yourself.

Once your address was added to the list it begins to propagate to other infected computer and spreads everywhere. As the list has a limited length, within some time your address extinguishes being replaced by a fresh one from a newer victim.

yeah I heard Weiner said that too.

Since you are running Windows 2000, you may have a harder time finding the trojan as I think some of the better trojan elimination tools like Microsoft's free Security Essentials need a more advanced OS (double check, though).

If you have been using web-based e-mail for some time and it's sending out e-mails to everyone in your address book, you will probably start seeing a bunch of undeliverable messages in your inbox because of old e-mail addresses that no longer work. If that's the case, then some keystroke trojan got your password and sent it back to its host.

If you are using the web version of Yahoo mail, get to another clean computer and change your password. The e-mailings will then stop. I went through this a while back with the blank subject line and a link to viagra sites. I can't remember the name of the trojan but Microsoft's Security Essentials was the only one that found it and got rid of it.

I was probably spared more grief because I only surf the web in a user mode, not as an administrator.

Kevin

As everyone has already said thus happens and unfortunatley is a fact of life so don't beat yourself up over it.   I know how I felt when I sent a virus my checker had not noticed to a recruitment agency.  Luckily their anti-virus picked it up.......oh and I didn't get the job.

I have also added my contact details to my pwn contact list.  That way if something hyjacks my list I get a message as well so at least I am aware it has happened.

If you're a Facebook user (shudder), cancel your membership.....now. Professional goons hacked my email account through that god-awful site, but because I use the same method bagginsbill described to protect myself, the damage was minimal.

A friend of mine Todd, wasn't so cautious, or fortunate. Thanks to the Facebook lurkers, his life was a living hell for four or five weeks. Then he got gob smacked again by the Playstation security collapse. That hit didn't do any real harm, but he had to renew all his credit cards to play it safe. I wonder how many customers Sony lost because of that fiasco?

Hi

Run Malwarebytes.

It's the best software I've found for removing these things.

I would suggest that you run it in Safe Mode.

Get the free one!

http://shop.malwarebytes.org/lpa/342/3/7268/index_b.html?_kk=malwarebytes&_kt=77dafa20-d875-4e0a-b98a-54dc2c93bd02&gclid=COWi_JPlqaoCFQEKKgodKE0wqA

Mike

"If you're a Facebook user (shudder), cancel your membership.....now. Professional goons hacked my email account through that god-awful site,"

you used the same password there as your email? there was your mistake... different passes each site or account... basic security...

Quote - Wait untill you get a email from yourself offering cheap viagra like I did.

I have. Now I am wondering where I got the viagra from? Yahoo is terrible for this.  I have my yahoo filters set up so that if it's not addressed directly to me, it goes in the spam folder. It's cut down over the years, I still get two or three a day, but in the beginning, it was more like 230 per day.

And amazingly enough, I am still seeing the email from Nigerians who have 30 million in cash they want to give me if I just give them my bank account numbers...

Thanks to all for the suggestions.

So far I have run these scans, with nothing showing up; ZoneAlarm AV, DrWeb CureIT, SpyBot Search & Destroy, Malwarebytes. One thing for certain, someone, or something, has access to my yahoo list of contacts. I even received an email from myself, as predicted by kawecki.

Quote from kawecki:

If you use Yahoo web mail, your computer has nothing to do with this. Someone had his computer infected and had your email in his address book, of course he used Outlook for email. Your email is added to a list together with the addresses of the address book and other's computer address books. Then the virus begins to send email with spam or virus where the addresses of "from" and "to" are picked from the list. Some stupid virus don't check if "from" and "to" is the same address and so, you receive email from yourself.

One thing I don't understand, if it has nothing to do with my computer, how come they seem to have access to my yahoo contact list? The only thing I can think of is that they have discovered my yahoo password, and are able to log on as me.

@rokket

Quote - And amazingly enough, I am still seeing the email from Nigerians who have 30 million in cash they want to give me if I just give them my bank account numbers...

The Nigerians are trying to cheat you, hold out for 50 million. ;)

I just want to know how the hacker got those nude photos of you.

Quote - If you are using the web version of Yahoo mail, get to another clean computer and change your password. The e-mailings will then stop.

It solves nothing because is not Yahoo that is sending the emails. It is a virus SMTP server that is using your email address as "reply to" or "from" address

Quote - One thing I don't understand, if it has nothing to do with my computer, how come they seem to have access to my yahoo contact list? The only thing I can think of is that they have discovered my yahoo password, and are able to log on as me.

First you must understand what is a SMTP server.

A SMTP server is something useful that allows you to send emails from your computer without having a POP3 account. Used together with a group emailer you can send scheduled emails to a group of people from a list or data base, for eample once you configurated the emailer each time you have a party with a single click you send an invitation email to all your friends from your own computer. If you have a company you can notify all your customers each time a product is updated and so on. Of course spamers work exactly in the same way.

Now you have a SMTP server, a group mailer and a list. The SMTP server is a piece of software that allows you to send emails from your computer. The group mailer allows you to send the same email to a group of people from a list. And the list is just a list of email addresses of people that will receive your email.

The next thing is the configuration of the SMTP server and you must setup who is sending the email and you can put any address you want, even ones that do not exist.

In the example above about the company you set the email address of your company, but let now suppose that you have no company, only you are doing a service for a company from your home. You are sending the emails from your computer, but you don't want that someone that receive your email to reply to you, is not your business, you want them to reply directly to the company. For this you set the SMTP server with the email of the company. You are sending the email from your computer, who receive the email will see that who send the email was the company and not you and will reply to them and not to you.

Now the virus, a virus does exactly the same thing. It has a SMPT server, a group mailer and a list of email addresses. The virus is installed in some infected computer, the list can come together with the virus or the virus can acquire the list conecting to some hacked or malvare site.

Once a virus infects a computer it scans Windows address book and send all the email addresses to the hacked or malvare site creating the list and the begins to send spam or virus emails from your computer using the email addresses from the list. The information for the SMTP server of whom is sending the emails comes also fro the list, picked in a random way.

In you case as you use Yahoo web mail, I suppose that you have no addresses in Windows address book, so even your computer is infected the virus has no way to know the emails addresses that you use in Yahoo.

What probably happened is that some of your friends or people you know had is computer infected, he use Outlook for email and had your email in Windows address book and probably many yours friends and people that you know were also in the address book. The list was created with your email and many friends too, but not all.

Once the list was created and propagated, your friend can clean or shut down the computer and this will change nothing because the list is alive for itself and so you, your friend and other people that you know begins to send eamils one to each other from computers of people that you never heard in your life.

The person that had his computer infected not necesarly needs to be your friend, only your email addresswas in his address book.

If you receive that your bank account was cancelled, how to enlarge your penis, the magical vitamineses, the lonely Russian lady and the classical and unforgetable Nigerian, it was not me that send the email.

Quote - I just want to know how the hacker got those nude photos of you.

And why was he wearing a lamp shade on his head?!?

Kawecki, thanks for the very detailed explanation. I think I understand a little more now.

I have also found out that that someone defiantly has been getting access to my yahoo account. I found a yahoo page that lists my "Recent Login Activity", it says I have logged in from Poland and El Salvador. I have never been to those countries! Below are the IP addresses that logged into my account:

Poland 83.4.112.241
Poland 79.186.186.194
El Salvador 190.87.181.69

I have now changed my password. I hope that stops any further access to my account, but I guess it's locking the stable door after the horse has bolted.

Thanks again to all who have tried to help with suggestions, explanations, and encouragement.

Les.

P.S.
@kyhighlander59,

Quote - I just want to know how the hacker got those nude photos of you.

I hardly think that they count as nude, what with the lamp shade, pink tutu, and leather jock-strap (and yes I really am that big).

Quote - I have also found out that that someone defiantly has been getting access to my yahoo account. I found a yahoo page that lists my "Recent Login Activity", it says I have logged in from Poland and El Salvador. I have never been to those countries! Below are the IP addresses that logged into my account:

Well, if you was not using a proxy server then someone discovered your password. How he/she/it did it is a big question. Changing the password probably will solve the problem.

Is a good advice to run some antivirus to scan your whole hard disk. The problem with anti-virus is that they are only able to find virus known by the anti-virus. If the virus is a fresh new one the anti-virus will not find it. The virus must be known for anti-virus work. Also sometime the anti-virus software finds a virus in something that is not a virus and is an headache to make the anti-virus shut up its mouth.

A good practice is to open the task manager in administrator mode aand look at all the tasks and services that are runing in your computer. You will see a lot of runing tasks and if you have little experience with this you will not know what is this. With time you will discover what is each service and to whom it belongs.

Once you have a good experience knowing all the tasks, it is very easy to discover a virus, a spy or anything else that some program has installed without your knowledge (Google update, hollyschit notification, blah, blah, blah).

Quote - I found a yahoo page that lists my "Recent Login Activity"

Where can I find this page ?

Quote - Where can I find this page ?

Top left of the yahoo mail, click your name, click Account Details, you will be taken to another login page, after login, under "Sign-In and Security" there is a link "View your recent login activity". Or use the URL:
https://api.login.yahoo.com/login/history?

I use Gmail.  When you give out your address to someone, you can add a label to it so that when you do get spam, you can look at the recipient address and get a clue to where it originated from.

For example, let's say your email address is you@gmail.com.  When you give out your email address to someone, you can append a label to your address like so:  you+Bob@gmail.com.  When you get spam and you see that it's sent to that address, you know that Bob's email account probably has been hacked. 

Now you can create a filter for that email address so that as soon as you receive any more spam to that address, the filter will automatically delete it.  So this works like the spamgourmet that BB mentioned.

Quote - Top left of the yahoo mail, click your name, click Account Details,

I found it and all is OK.

I was going to suggest  changing your password.  It might be you were not hacked/cracked at all: Yahoo was.  I too use the site, and would be bummed if someone started sending from my address.

The mail forwarding with dummy accounts is a good idea.  I have a couple of public sets that forward to my more private accounts.  Still, I use the Yahoo account for business and public sites like Renderosity.

Hope you get things sorted out.
Rªnce

This is what I was talking about regarding Facebook. When I was hacked, the only damage done was tons of spam and scammer emails. Not dangerous, but irritating that people would do such a thing. Eliminating that disposable address is a simple cure.

So is staying away from those so called "social networking" sites. The only thing social about them is the sociopaths that hang out there.

Quote - I use Gmail.  When you give out your address to someone, you can add a label to it so that when you do get spam, you can look at the recipient address and get a clue to where it originated from.

For example, let's say your email address is you@gmail.com.  When you give out your email address to someone, you can append a label to your address like so:  you+Bob@gmail.com.  When you get spam and you see that it's sent to that address, you know that Bob's email account probably has been hacked. 

Now you can create a filter for that email address so that as soon as you receive any more spam to that address, the filter will automatically delete it.  So this works like the spamgourmet that BB mentioned.