Virus sending spam emails to all contacts. What should be done?

My wife's contacts have been receiving spam emails from email addresses with different domain names but the name infront of the @ symbol is the same in all cases.  It is the same as her yahoo account.  At the bottom of the email it contains the proper email address of her yahoo account.
Can someone tell me how this is likely to be happening? Has someone managed to get into her email account? How have her contacts been obtained?  What would explain this?  Is there a virus on one of her devices?...or has she managed to give up her contacts somehow?  Have the contacts been sent to someone online and added to a spam database....so all her contacts will receive spam forever.

Next, what do we do to stop it from happening?
She uses PCs, an android phone, an iPad and a Macbook.
Thank you for your help
LVL 1
Now ThenNot applicableAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

andreasSystem AdminCommented:
1st change password of all e-mail accounts and scan all devices you are using for malware.

If malware is found reinstall the devices too.

The reasons could be that she entered login details on a fake login page
or that one of her devices is compromised.
could also very well be a roughe app only on one of the mobile devices that stole her contacts and the spam is not comming from your devices or your account at all.

More details can be found in the header lines of the e-mails sent out, you need to look at  the received headers especially to trace back the origin of the mails.
0
Now ThenNot applicableAuthor Commented:
What am I looking for in the header? There was no mention of yahoo in the header, only other domains. So, does that mean that it did not come from yahoo?
0
andreasSystem AdminCommented:
can you post a header example. You need to check for the last received line(s)( there could be some forged ones trying to hide origin) to find out which is the originating IP (the last lines are the 1st ones produced and are at the bottom of the received header lines, the times and ips should match from line to line, this way you might find forged lines at the beginning).

it depends on the mode of sending the mails (SMTP, Via the WEB-interface) on how the originating IPs needs to be interpreted.

So posting some headers might be helpful, you might remove personal informations such ad the partzs b4 the @ sign,...
0
ON-DEMAND: 10 Easy Ways to Lose a Password

Learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees in this on-demand webinar. We cover the importance of multi-factor authentication and how these solutions can better protect your business!

David AndersTechnician Commented:
9 Things You Need to Do When Your Email Is Hacked
http://blog.credit.com/2013/07/things-to-do-when-your-email-is-hacked-67568/
0
andreasSystem AdminCommented:
Now the 1st question is to find out WHY he sees the mails to find out if hes hacked or not.
As a precaution applying the tips of davidanders will not harm at all. But if it was not a hack but a normal spam attack using your user part as sender it wont help stopping those mails.

So if possible post the recived headers of some (2-3) of the mails and we can look at it to find out where the mails come from, from your account or from random hosts.
0
Now ThenNot applicableAuthor Commented:
Sorry for the lengthy delay.  Fingers crossed that there is still someone out there.

Here is a header from one of these emails. I have tried to remove anything that reveals personal details. Please let me know if there is something in here that I should delete.
Thanks

Delivered-To: [MY EMAIL ADDRESS]
Received: by 10.51.14.164 with SMTP id fh4csp2071045igd;
        Tue, 18 Aug 2015 02:19:14 -0700 (PDT)
X-Received: by 10.180.188.49 with SMTP id fx17mr42321933wic.74.1439889554457;
        Tue, 18 Aug 2015 02:19:14 -0700 (PDT)
Return-Path: <peg.paste@fun.ac.jp>
Received: from mailex.mailcore.me (mailex.mailcore.me. [94.136.40.61])
        by mx.google.com with ESMTP id ff10si32461420wjc.32.2015.08.18.02.19.13
        for [MY EMAIL ADDRESS];
        Tue, 18 Aug 2015 02:19:13 -0700 (PDT)
Received-SPF: neutral (google.com: 94.136.40.61 is neither permitted nor denied by best guess record for domain of peg.paste@fun.ac.jp) client-ip=94.136.40.61;
Authentication-Results: mx.google.com;
       spf=neutral (google.com: 94.136.40.61 is neither permitted nor denied by best guess record for domain of peg.paste@fun.ac.jp) smtp.mailfrom=peg.paste@fun.ac.jp
Received: from celery.fun.ac.jp ([210.225.229.210] helo=dpmail02.fun.ac.jp)
      by smtp01.mailcore.me with esmtp (Exim 4.80.1)
      (envelope-from <peg.paste@fun.ac.jp>)
      id 1ZRd32-00085m-TK
      for [MY EMAIL ADDRESS]; Tue, 18 Aug 2015 10:19:13 +0100
Received: from [123.18.62.120] (123.18.62.120 [123.18.62.120])
      by dpmail02.fun.ac.jp (deepsmtpd.sk)
      with ESMTP id <8F3EEBCD-A481-45A1-FC64-F1E90EFF9179@fun.ac.jp>
      for [MY EMAIL ADDRESS]; Tue, 18 Aug 2015 18:18:56 +0900
From: "Peg Paste" <peg.paste@fun.ac.jp>
Content-Type: text/plain;
      charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (1.0)
Subject: From: Peg Paste
Message-Id: <8F3EEBCD-A481-45A1-FC64-F1E90EFF9179@fun.ac.jp>
Date: Tue, 18 Aug 2015 11:15:33 +0200
To: [MY EMAIL ADDRESS]
X-Mailer: iPhone Mail (8A400)
X-IP: 123.18.62.120
X-FROM-DOMAIN: fun.ac.jp
X-FROM-EMAIL: peg.paste@fun.ac.jp
0
andreasSystem AdminCommented:
As the header shows, the mail was sent out from Vietnam (IP 123.18.62.120) so its not originating from your devices. So its not very likely that you are hacked. Its most probalby that some misused attacker used you e-mail address.

of course you could be hacked first and so the attcker got hold of your e-mail address. But sending out the mails is clearly done by a system in vietnam.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Spyware

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.