Solved: A friend's address has been stolen

[jayd]

Problem. HELP.

A friend I've known for many years sent an email the other day. Without thinking I opened it as I often have.
Well, no surprise I guess. It wasn't from her at all but one of those Viagra ads. I closed it and wrote to her informing her I thought her email address has been hacked. Or stolen. Or whatever the term is.
Now of course, I am getting mail that says it's from her but I know it isn't by the subject line.

Even with the first one I opened, the subject line had a name I didn't know but since it was from her (I thought), I opened the damn thing.

I have run scans on my pc and nothing has been found but of course, I still have no way of knowing if my book has been compromised. Do I? Unless I hear from ppl. Meanwhile .... what do I advise her? And what steps need to be taken by me if any? Once I report it as spam, I am liable to block all legitimate mail from her. I think.

Oh Boy.

 

[Mumbodog]

Your friends PC is infected, the malware is using her address book to send spam or worse, it is trying to spread the infection to other PCs.

what do I advise her?

advise her that her PC is infected.

Do not open any emails from her, they may be infected also, which will infect your PC. Delete them.

.

 

[jayd]

Wow. That is damn scary Mumbodog. She isn't a youngster so may or may not listen. My hope is she will. In the meantime, my puter seems to be running okay although I did receive two more mails from her address which I did not open. But I did open the very first so that is no doubt why I have received three more. One yesterday and two, today.

I have run my Spybot S&D and Malwarebytes, they show nothing wrong. Which of course doesn't mean I am clean here.
I wrote to her knowing (or guessing correctly) her account was compromised. She never answered which is ok. I'm pretty good about security and do what I can, but I was sure asleep this time. Anything I should do at my end other then the scans I did?

 

[jayd]

Mumb ... another scary thought just now came to mind.
I wrote to her today telling her she had a problem. If her account has been taken, there isn't any way to know if she actually received my missive. Is there? I mean, the bad guy could have received it instead, and so now has my address. Would that be correct?

 

[Byteman]

Since this thread is most likely not going to involve malware removal by the infected friend, let me move this back to General Security where Mumbodog can reply to you some more..... This thread was moved to our Malware Removal forum, in anticipation of some malware removal work-- that is a restricted forum, not everyone can reply there....

Not a problem-

If your friend would like help looking for any malware have them join TSG and post their message in Malware Removal (Start a new thread there and post a Hijackthis log. Mumbodog can assist you or the friend to get started. Have a good day.

 

[Mumbodog]

If her account has been taken

The account has not been taken most likely, if she uses an email client like Outlook Express or the like, then there is malware on her PC that has read the address book in that email client and is using that to send spam right from her PC.

Or

If She only uses Webmail like Yahoo or other, then yes her email account may have been broken into, she can log into that account on the web and change her password if it has not been changed by the hacker, if she cannot change the password, then she needs to contact Yahoo or who ever she uses and notify them of the highjacking of her account.

.

 

[Snagglegaster]

There are lots of possibilities here. Your friend's computer might not be infected at all, but a computer owned by a contact of hers could be infected with a worm or Trojan and is sending email with a spoofed address. Some malware will send spam with an email address chosen at random from the address book of the infected machine. Email addresses are also bought and sold by sleazy companies, and can even be collected by harvesters.

Your friend should run scans with reputable malware removal tools and AV software, but there's an excellent chance her computer isn't really the source.

 

[jiml8]

The malware very well may NOT be on your friend's computer, but it is on some computer someplace that has your friend's email address in it, possibly (probably) in an outlook or outlook express address book.

I would mention it to your friend, but not panic. She should look, of course, but if she finds nothing don't worry about it. Someone someplace has an infected computer. So what's new?

Personally, I have a bunch of email addresses that are all over the place (I have a business on the web). I get literally thousands of spam emails a day as a consequence, and do you know what? Some of 'em are purportedly from me!

Don't worry too much about it, once you are sure your system and your friend's system is clean. Just put some spam blocker software in place and forget about it.

I use two layers of spam blocking; a loosely set spamassassin on my mail server that catches probably 90% of the incoming crap, and a more tightly set spamassassin on my workstation that collects the email for me to see. Result is that maybe 4 or 5 spam emails a day actually get to me.

 

[jayd]

To all of you guys my thanks. I really appreciate it. I did send her the link to this site but have no idea if she'll use it. She should but she isn't tech oriented and thought it was going to cost her $300 to repair her computer. So that gives you an idea of the mindset.

My personal belief is that one of her contacts sent one of those usual, YOU MUST FORWARD this "Little Known FACT," and used the CC: line instead of Bcc:

I think my own worry now is that since I did open that one email from her address, my own email account might get spoofed as well, since by opening the mail I inadvertently made known my address was a current legitimate one.

Can anyone please tell me if it's still safe for me to contact her at her (compromised?) email address. Or does that expose my own address book as well?
I have told her to open another account or change password.

Thanks Again.
JayD

 

[jiml8]

If your own email addy resides in the address book of any computer anyplace that has been infested with the right kind of rogue ware, then your email addy IS being spoofed, and there is nothing you can do about it.

Personally, these days I just don't worry about it - except when I get a "mail not delivered" or "mail rejected" or some such from some clueless ISP or website that doesn't know about spoofing. Then I land all over that site for spamming; they should know that I didn't originate the email so sending me the notification is nothing other than sending me spam.