We help IT Professionals succeed at work.

how/why is spam being sent from hotmail account to select users in contacts list

bwierzbicki
bwierzbicki used Ask the Experts™
on
I have a client that uses a hotmail email address. He uses outlook to handle this account. Recently there has been emails sent, with no subject, to several contacts in his contact list, me being one of them. It contains a link to a website (different sites) and I expect they are pornographic, but haven't opened any.

Typically I would think someone is just spoofing him, but these email show up in his "Sent" folder in hotmail. I looked at the header info (included in an attachment) and it shows a reply address different than email sent from his Outlook account. The reply address is the one he has set up in his hotmail account settings. To test, I sent an email from his outlook, and one from webmail (hotmail). only the one from webmail showed that reply address. I looked at the originating IP and they are from a couple of places in Europe.

I recommend he change the password on his hotmail account but am wondering if someone is getting information with a trojan or something like that. I find it odd that they only send to several people, and that it's only occurred 4 times in the last couple of months.

He is using Windows 7 with pcCillin Internet security.
editedforEE.doc
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Commented:
This is no doubt a local virus.
It uses his address list and IP address to send spam.

He needs to have a professional check his PC.
Nowadays an anti-virus is not enough. A good anti-virus / anti-malware / firewall is needed.

The very first thing I would do is to get a firewall like comodo (has free version) and set to learning mode.
It then asks you which programs you want to allow internet access.
It won't fix the overall problem but will stop spam temporarily.

Author

Commented:
Actually, it's not using his IP address, the originating IP address has been from a couple of places in Europe.
Budi SantosoIT Infrastructure Manager
Commented:
That caused by virus spam bot.
Clean the virus, don't forget to change email password.

Author

Commented:
client is out of town til the 15th.
Upon his return I will suggest a clean using several scanners and see what happens.
I will post and close once I find out.
Thanks

Author

Commented:
turned out to be an issue on the secretary's pc. It finally got taken over w/ trojans/rogue spyware and there hasn't been an occurrence since I cleaned the machine.

Thanks for your comments