OT How was my Email Hacked?

This often happens when computers are infected and are sending lots of spam emails.

Start by changing all your passwords.

Do you have any of the emails? If so, can you post up the headers and we may be able to work out something from them.

Andy

I am out at the moment, I have one on my Iphone, but if i'm able to see headers on that, I don't know how.

Cheers

Chris

No. Start by doing a deep virus scan using a bootable CD made on a trusted uninfected machine or an online service. Don't assume that your AV is working any more if it has allowed spam to go out. If you change passwords on a machine infected with a keylogger you are in big trouble.

Also check that the spam really did come from you and not just forged to be "from" you by random hinet or 126 spammers. A sample of the spam would probably be good enough now to ID it as AV packages generally catch up after about three or four days. Submitting a copy to

Will probably ID it for you and then you can take countermeasures.

If you have clicked on links in mail the probability is that you have been phished and there's now a Trojan on your computer that is sending mail from your PC to everyone in your address book.

It's more likely to be your PC, but phones aren't immune either.

You need to virus scan your PC ASAP with a good, recently updated, tool. You need to do this exhaustively not just a quick scan.

If that turns up nothing you will have to look at your phone. AFAIK the only option there is to restore the phone to factory settings and rebuild the OS. Obviously backing up your phone will just reinstall the Trojan when you restore so you need to restore either to a date before the infection or just do a factory fresh and lose anything stored on the phone.

If you have a Yahoo based email and use an online address book then the answer is pretty simple. The hackers have all the time in the world to find out the password to the webmail and then simply send everyon a junk emailwith whatever they like inside it. if they do not change your password you are none the wiser. Its happened to a number of friends of mine with bt and yahoo emails. the common thing is that they all use online address books. If you use webmail via the mobile then you probably do the same and so, the obvious thing is to make the password completely unguessable.

Or do as I do, do not use online address books. Use an email client and an off line address book as then you will be in charge of who is getting in. Of course I guess if the payload on that site is clever enough to get around the anti virus on your machines, then one can still harvest more addresses. These can be used to spambot the machines of unprotected people. So in a way, they only need one genuine hack to get the thing going. Brian

That's certainly one way people get caught.

If your webmail is POP3 and set to keep a copy of inbox messages on the server (common for people using multiple PCs to access one mailbox) that is as substitute address book to the spammers, similarly if the webmail uses IMAP4, your inbox, outbox and all other folders are there to be harvested.

If you use webmail, set a very good password, don't let your browser remember it for you, logout when not actively reading email, hope your provider locks accounts when they detect brute force attacks and make sure your provider knows an unrelated email address (or phone number) so they can verify that you are the owner to unlock it.

From a potentially compromised machine that may have a keylogger installed? right-oh.

MBQ

Happened to me with my Hotmail account, so I don't keep any contacts there any more. I did make the mistake of telling Hotmail that they had been hacked and they closed my account for a month!

Jonathan

You need to identify your ISP and their email provider as this could be very relevant to diagnosis of the problem.

X-TM-AS-Result: No

You're inside the NHS? Contact your IT helpdesk.

Andy

And they will come and change your ethernet cable. (it seems to be their cure-all for everything!)

Wrap it round the goat's neck and tie it to the car bumper?

The email was sent TO the NHS.

Don't get me started on the reserves of dislike I have for NHS "security". As for example them permitting any member of staff to bring their own devices to work and use them to access NHS networks.

Well, the email was RECEIVED by my NHS account, so it's not the trusts IT Departmewnt's problem.

Actually, our trusts 1st line support is very good, they fix a lot of problems without having to pass them onto 2nd or 3rd line (and without installing new ethernet cables)

2nd Line is Mary Poppins standard (Practically Perfect in every Way (it consists of me and my opposite number)) we also rarely replace ethernet cables, so rarely in fact that I spent quite a while the other day trouble shooting a machine that said it's network cable was unplugged only to discover that in this particular instance the network cable really was unplugged!)) However, whilst I solve lots of desktop type problems in the "corporate" world on a daily basis this present conundrum at home (or wherever it's occured) isn't one i've come up against before.

We also have some 3rd line people who are good at the specialized stuff they do, but I don't feel I can bother them with this and again it's not mostly what they do on a daily basis AFAIK.

Wheras I know there is a huge amount of knowledge of the computer arts in uk.d-i-y.

Oh, and this here trust doesn't allow people to bring their own devices along.

C

It is if their corporate AV product didn't detect and strip the inbound hostile binary attachment and quarantine the dodgy email!

Which is probably very wise of them if their practically prefect in every way second line IT support team doesn't know how to reliably delouse their own computer and has to ask here on uk.d-i-y. Offhand I can't think of a more inappropriate forum for expert computer advice. Just look at some of the insane suggestions made so far!

There is the residual question of why the countermeasures on your PC or Smartphone were not up to the task of defending against this malware. And then the perennial question of why you are running a defective application that keeps its mailbase and contacts list unencrypted so that any hostile that does get in can send itself to all your contacts.

Zero day exploits are fairly unusual but you can get caught if you are unlucky or are tricked into installing it. It annoys the hell out of me that some major players in the PC market do *NOT* digitally sign their installation packages so that end users are used to clicking on security overrides for installing unsigned potentially dodgy code.

Sending a copy of the suspect binary to the URL I pointed to earlier will get you a consensus analysis by the major AV products of what it is, how many can see it and then look for something to clean it up.

Failing that try an angle grinder.

Hahahahahahahahahaha!!!

(Like all corporate IT depts. the help from an IT helpdesk can range from utter disinterest & incompetence to, *very* occasionally, actual helpfulness.)

That was stopped where I worked a good few years ago - a real bugger for people needing to take confidential documents home to work on. Dropbox still worked though.