Help with unauthorized Yahoo access
Topic(s): Q&A
Submitted by: Anonymous – Wed, 11/04/2009 – 15:32
Comment: Your computer has a "back door".
some time in the recent past, you downloaded a spybot of some kind. This one contains a keylogger that allows whomever sent it to you, to watch as you type in your password.
No matter how many times you change it, they will know what the new one is as soon as you use it on that computer.
Be aware that these programs are frequently attached to movies, music, and other programs that you may be downloading.
Like Astinik said you need to run a malware sweep to clean up your system. I would run several sweeps with different programs myself.
Remember to keep your anti-virus and anti-spyware programs up to date and active. Go through your "whitelist" (the list of trusted sites and trusted email addresses) to see if there is anything that doesn't belong. And lock down your fire wall. Remove all of the exceptions from your firewall and only add back in those that you are 100% sure about.
If that doesn't work, format your hard drive(s) and re-install clean copies of the programs that you use. Close your current yahoo email account and open a new one (maybe think about going with one of the other "free" email services, like gmail or even hotmail).
And above all, don't let someone else use your computer as they may the ones that got your keylogger installed.
Mortimer14 – Wed, 11/04/2009 – 23:48
Comment: One final step
Use that account yourself to email abuse@yahoo.com and tell them that the account has been compromised and is being used to send spam.
Morely – Thu, 11/05/2009 – 12:20
Comment: probably spoofed
It is trivial to spoof the source of an email. There is no authentication used in SMTP.
The email is probably spoofed to appear to come from your yahoo account. An analysys of the email headers would show this. I suggest you get assistance from Yahoo with this. Assuming they even provide help for free email accounts.
oldami – Thu, 11/05/2009 – 15:45
Comment: Maybe spoofed, maybe not.
"sending out emails with attachments to all of my contacts on my Yahoo email account"
The inference is that they are in fact coming from the Yahoo account because they are going to the user's contacts; only someone with access to that account would have that list of contacts.
If any of them are the slightest bit savvy, they could easily look at the headers to see if the source is indeed Yahoo.
Morely – Thu, 11/05/2009 – 19:42
Comment: cc: Harvesting...
Contacts can also be pulled from an e-mail sent to a bunch of friends. You know, the kind of e-mail where somebody sends out a link to a YouTube video and cc:'s half of their contact list. All it takes is one of those recipients to have an infected PC.
.
The virus pulls the addresses from the incoming e-mail, spoofs one as a return address and spams the rest. It then looks like someone's contact list has been compromised when in reality it was a lucky harvest.
.
I *think* using bcc: cuts down on this sort of trouble.
.
Either way, examing the e-mail headers should determine the source of the e-mail.
KirkW – Fri, 11/06/2009 – 15:38
Comment: There's something fishy here...
It is possible that one of the computers you use to change the password or login afterward is infected and sending the messages.
I would boot from a Linux live CD and change the password on the Yahoo account; then on each computer boot to the original OS to run a few thorough security scans, not using those computers with that Yahoo account until it is all clean.
My suggestions: MalwareBytes Anti-Malware, Avira Anti-virus, Spybot Search and Destroy, ComboFix, and best first an online scan such as housecall.trendmicro.com