Solved

SPAM and Hijacked Outlook Contacts

Posted on 2010-11-28
5
879 Views
Last Modified: 2012-05-10
I recently began getting notices from some of my Outlook contacts that they have been contacted by "ME" via email with a link (one example of the link is:  http://bogdan.110mb.com/html.php).  This has happened several times, each time with a different "selection" from my Contacts list, and always with a link that ends in "php".  I have not followed the link fearing it is malware, and have notified everyone in my list to avoid opening attachments or following links UNLESS they come with a specific, non-generic cover note.  However, now that this is continuing, I am wondering if there is a way to stop it without cancelling my long-term email account.  I have run several scans of my system, and there doesn't appear to be anything ON my system.  Advice?

Thanks,

Phil

0
Comment
Question by:philsimmons
5 Comments
 
LVL 30

Assisted Solution

by:renazonse
renazonse earned 100 total points
ID: 34226930
You may have a rootkit or someone may be spoofing your email address or may have hacked into your email account. First, change your email password. Second, run scans with ComboFix (http://www.bleepingcomputer.com/download/anti-virus/combofix), Malwarebytes (http://www.malwarebytes.org/) and Hitman Pro (http://www.surfright.nl/en/downloads). Hitman Pro gets rid of rootkits that nothing else can touch.
0
 
LVL 9

Accepted Solution

by:
ken2421 earned 200 total points
ID: 34227094
0
 
LVL 11

Assisted Solution

by:ocanada_techguy
ocanada_techguy earned 200 total points
ID: 34230878
Change your passwords.
Do you use this email account for Facebook?  A a rule use different passwords for facebook and the email account associated with facebook.  Why?  Because rogue apps on FB will sometimes fool one into giving their credentials and then the first thing the rogue developers do is try that same password and email address to see if they can get in the email.
A similar but different phish that's a classic is websites that entice people to provide their email and password to find out who has them blocked on messenger or some other seemingly very useful and appealing but totally BS offer.

This is "social engineering".  Another bit of social engineering is they feel as though people are more likely to follow links and open their junk if it appears to come from somebody you know as opposed to a complete stranger.  Therefore what they often do, is once they get on someone's machine or get into someone's email, they look at all the email messages of the past, and then use the email addressesfoud in the messages as to who to pretend to be from and who to send to.

Example: among all the email messages there is aemail that was forwarded to B, C, D, E, and F, from you A, and a bit further in the body of the message it showsit was sent to you A, along with P, Q, R, S, T from original sender Z.  Well, then the spammers send a spam A to B, D to A, S to Z, etc and so on, figuring these people "know" each other.

So you see, it might be something bad on your computer, or it might not be "on" your computer at all, it might be a website that you disclosed your credential to, or it might be a friend or aquaintance's email that was actually compromised and now it pretends to be all that person's friends.

By the way, this doesn't have to be people doing this, they write rogue programs to do it.  "bots"  That is what 90% of hijack virus spyware is used for, to try to capture your passwords, or get into your content, or glean your online banking information, or to hijack your computer and use it as a phony email server to send or be a relay point to send spam via.

Another big one is to get into the address book or online contacts.  Using Outlook are you accessing this email account as a hotmail, yahoo, or gmail account that simultaneously offers webhosted email?  Something else to check if it is a hotmail (aka Windows Live) is some of the latest hijack bots are also going into your account and deleting contacts and emails.  In hotmail on the menu Contacts> Manage contacts you can now undelete any contacts deleted in the last 30 days.  If they had deleted all of your emails, or most of them, you'd have to contact a Windows Live technician via the Windows Live forum fairly quickly, preferably within 24 hrs to a week, and they might be able to restore your email account contents.

If they are "spoofing" your account, what that means is they are sending email from a completely different email server but in the "from" field they are pretending to be you, and whatever different email server they are using for this has lowsy security or is phony and allows that to happen.  There's not much you can do about that, but luckily suchemailusuallygets directed to peoples Junk folder as coming from suspect or blacklisted sources.

"Good" email servers now make sure that one signs on with correct credentials and are a liegitimate user of that email server before allowing them to send.   That is why if the bad hacking hijack scripts and robots actually got into your actual account their spam email will be sent more succesfully.

If you can examine the full header information of the spam emails that some of your friends are receiving supposedly from  you, with a little skill one can figure out what email servers the message was routed through and what original IP address the message was sent from.

If someone forwards you at least two of them at once as an attachment (because a traditional normal forward or reply strips the header), then you should be able to open them and look at their full headers.

IF for instance, the message was routed from your hotmail through nothing but hotmail servers as its origin, well that would be evidence that your actual account was actually compromised.
On the other hand if it is going through bad or phony servers, best thing we all can do is identify it as junk, so the good servers and filters will learn, which is just a click away in hotmail, yahoo or gmail.

Unfortunately once they've got those email addresses in their list(s), they'll continue to try to send to them.

You want to make it difficult to use yours, and be fairly certain your system is not still compromised (using anti-spyware anti-malware anti-virus techniques already given by experts above), AND you most definitely want to be certain that your accounts are secured.
0
 

Author Comment

by:philsimmons
ID: 34232385
Together these comments formed the most thorough (and, hopefully, most effective) solution I've ever received.  THANKS !!
0
 

Expert Comment

by:amountainclimber
ID: 35319631
When I start outlook up, it starts sending emails to my contacts.  I have downloaded and installed all of this stuff, and NOTHING is finding anything.

This must be something new, any ideas?
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Check out this infographic on what you need to make a good email signature that will work perfectly for your organization.
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup". After a while, you have entered a loop for Auto repair which does not fix anything and you will be in a  panic as all your work w…
Get people started with the process of using Access VBA to control Outlook using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Microsoft Outlook. Using automation, an Access applic…
This Experts Exchange video Micro Tutorial shows how to tell Microsoft Office that a word is NOT spelled correctly. Microsoft Office has a built-in, main dictionary that is shared by Office apps, including Excel, Outlook, PowerPoint, and Word. When …

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now