Watch out- It's Not Who You Think The Email Is From

[+ Lucky]

A couple of our Hooville buddies have had their email accounts invaded by spammers. If you receive an email that includes a link to a site ending with.ru, don't open it.

The email is not from your friend, it is from a spammer. The one I opened was about Canadian drugs, but who knows if it contained a virus or worm to get my contacts too.

I opened mine on my cell phone, so hopefully my email contacts list did not get invaded too.

 

So, watch out, don't wathc out...I can't change that title!

[+ David-SF]

yep I got it too

 

included was a very long list in the to: line of every escort I have ever heard of and many i have not along with many friends from this MC I did not open it but did alert the supposed person it was sent from

[+ Lucky]

Would changing the password prevent further intrusions by the spammer, or are they in for good?

[+ David-SF]

unknown

 

but the person I received the email from was notified and I hope he will change it seems to be happening quite a bit.

 

I received emails from him to all my email accounts and I know he did not send them. he was certainly hacked.

[+ deej]

Would changing the password prevent further intrusions by the spammer, or are they in for good?

 

As a general rule of thumb, changing passwords regularly is the single best defense against intruders. That said, I suspect that isn't what this is about.

 

Someone clicked a link granting rogue software access to their contacts list. Once that list is acquired, there's no need to come back to the source. The horse has left the barn.

 

It doesn't have anything to do with passwords.

 

On the other hand if the rogue software remains resident on your computer, granting the author perpetual access, no amount of changing the password will do any good -- they're already on the inside.

 

Don't confuse invasive malware (and potential identity theft) with spam. They're very different things. There's not enough information in this thread to know which is going on.

 

It is also possible that none of the above applies. Spoofing a "from" address is so easy you can do it in a Word or Excel macro.

[Boomer]

If you're using WiFi make sure it's secured.

[JT Brooklyn]

but the person I received the email from was notified and I hope he will change it seems to be happening quite a bit.

 

I received emails from him to all my email accounts and I know he did not send them. he was certainly hacked.

 

Yup! I received 2 Canadian Drug ADS thru an email address from an old friend on Daddys email address!

[OneFinger]

Also received the same e-mail. But, I've noticed that the spam e-mail typically does NOT have a subject line.

 

Unfortunately, I've had to add that e-mail address to my junk mail filter to stop the spam. I'll probably just use private messages on this site to communicate with him.

 

Since he's recently had computer problems, I suspect his e-mail was compromised when he was innocently using a public computer.

[+ Lucky]

Well, "he" isn't the only one now. I got the same email from another Hooville poster in Montreal.

[Lookin]

I got a couple of these from a friend who has nothing to do with Daddy's. It appears his Yahoo mail account has been hijacked by a spammer. The spammer didn't hijack his computer: it hijacked Yahoo.

 

I wonder how many here who are receiving this recent batch of spam emails are getting them from Yahoo accounts. Other mail providers have been infiltrated in the past, and I wonder if it's Yahoo's turn now.

[+ deej]

I got a couple of these from a friend who has nothing to do with Daddy's. It appears his Yahoo mail account has been hijacked by a spammer. The spammer didn't hijack his computer: it hijacked Yahoo.

 

I wonder how many here who are receiving this recent batch of spam emails are getting them from Yahoo accounts. Other mail providers have been infiltrated in the past, and I wonder if it's Yahoo's turn now.

 

Before you start a panic of gold rush proportion, Yahoo has not been hijacked.

 

One of the most common spam techniques is to use ANY known-to-be-valid email address as the "from" address. It's a good bet the email didn't come from a yahoo server at all.

 

ANY sender can put ANY email address in the "from" field.

[+ David-SF]

Question for Deej

 

the email i received was

from: "long time poster X"

 

addressed

 

to: myself and about 100 other escorts, posters, unknown people

 

I recognized many of the email addresses and obviously did not know some of them.

 

and a link (which i did not click on)

 

does that mean that this persons email was hacked and his contacts harvested to send spam ??

 

It may be a dumb question but its worth a shot

[Lookin]

Before you start a panic of gold rush proportion, Yahoo has not been hijacked.

 

One of the most common spam techniques is to use ANY known-to-be-valid email address as the "from" address. It's a good bet the email didn't come from a yahoo server at all.

 

ANY sender can put ANY email address in the "from" field.

 

Fair enough. I can understand how the spoofer could have got my friend's Yahoo email address for the "from" field, but how did it get his Yahoo contact list for the "to" fields?

 

A few years ago, my email address was spoofed for spam sent to a bunch of people I never heard of, probably after I clicked on a .ru link. But the spammer never got hold of my contact list, which I keep on a local hard drive and not on someone else's server. My friends and contacts didn't get the spam, which is what's happening here.

 

Not challenging your wisdom or expertise or anything, but I've never seen spam like this before, and here we have a number of posters reporting the same thing all within a few days of one another. Maybe it's all a coincidence, but it seems like something's up.

[Guest Dane Scott]

I was included as well

 

.... but so far nothing weird is going on, on my end.

[+ deej]

Fair enough. I can understand how the spoofer could have got my friend's Yahoo email address for the "from" field, but how did it get his Yahoo contact list for the "to" fields?

 

Access is granted the same way no matter where the contact list is stored: you click on something. IOW, THE OWNER grants permission. Where it's stored doesn't matter. Once you've granted access, they have a copy.

 

I just checked the IP number in the headers of the emails. It showed that the first email was originally sent from Quito in Equador on the 6th of May. The second one was sent from Malaga in Spain on the 10th of May and the third was sent from Sevilla in Spain (on exactly the same day and time as the second).

 

In theory it would be possible to travel from Equador to Span in just a few days, but it's impossible to send an email from as well Malaga and Sevilla on exactly the same moment (= the same date, hour, minute and second). In addition I know for sure that the supposed sender is travelling in the US.

 

That's a classic Botnet. The client piece of the bot software waits for the unsuspecting to flay open their address book and sends it to the mothership. The net has slave bots located all over the world waiting to respond to commands from the mothership, which tells the net to spam the world.

 

The cost of doing this is next to nothing, time aside. And time is cheap since most of the authors are anti-social teenage nerds named Howie. Their botnets will live forever, or until people come to their senses that they really haven't won an Irish lottery they didn't enter, Bill Gates really isn't trying to give them millions of dollars, and there really isn't Nigerian royalty desperately trying to get funds out of the country.

 

The only question remaining here is whether the originating PC was infected and continues as a participant in the botnet, or whether this was a smash and grab and the only harm was exposing the contacts list.

[Lookin]

I've just received the infamous 'Message Center' email with the invitation to click on a .ru website. I didn't.

 

The alleged sender is a poster here on the Message Center, and many of those on the copy list are too. I've never corresponded with him.

 

Like my friend, the 'sender' has a Yahoo email account. Anton also mentioned a Yahoo source for at least one of the emails he got.

 

Others have not mentioned the source of their emails, so it may be just a coincidence that all of mine have come from the Yahoo mail server.

 

Time will tell.

[Diverdan]

Original Computer Compromised

 

While I have not received this particular email, I was subject to something similar a couple of years ago. My computer was infected and the malware or spyware continued to operate in the background and as a result many of my friends received spam with so many different come-ons that it was hard to keep track, and all of them "came from me". A good friend of mine who is in the computer field spent six hours before we got the virus out of my computer. Another friend of mine had a similar event occur and it took another friend, also in the computer business almost 8 hours to get rid of the virus. I am not a techie, so I can't tell you all that they did, but the moral of the story is that probably everyone who got an email and opened it has the potential to have their computer infected with the virus. For those of you who got the original stuff, please get back to the person whose name was on it and make sure he has his computer cleaned by an expert. Otherwise, it will just sit on the computer until it gets instructions from somewhere in the world to do more damage. While some of the programs "grab or catch" and move on, most infect the very innards of the programs and hard drives which is why they are so difficult to eliminate.

[Diverdan]

Great Suggestion Anton

 

That was a great suggestion, Anton. I should have mentioned it too. I NEVER LEAVE MY COMPUTER ON when I am not using it. I always turn it off, that way if some hack is out searching, he or she won't be able to get on my unit.

[+ ArVaGuy]

I received an email from an escort I've been corresponding with the last couple of weeks. It had a blank subject line which is unusual for our exchanges. Consequently, I automatically deleted the message. Then sent another message to the escort asking if he had sent me any messages today and the reply was that he had not. He's getting his computer checked now for any trojans or viruses.