How was this spam generated?

jwriter

Valued Member
Somebody is sending spam using my friend's return address. For discussion, let's say her address is "mary@yahoo.com". Please see snippets below taken from three of these messages.

Received: from [86.111.112.160] by web62302.mail.re1.yahoo.com via HTTP; Thu, 21 Apr 2011 14:38:00 PDT
Received: from [194.126.111.66] by web62301.mail.re1.yahoo.com via HTTP; Sat, 09 Apr 2011 06:39:32 PDT
Received: from [83.50.79.219] by web125413.mail.ne1.yahoo.com via HTTP; Fri, 17 Jun 2011 06:20:02 PDT
1) Was the computer that generated the spam connected to the listed IPs?
2) I believe these are in Poland, Estonia, and Spain, respectively. How does the spammer do this? Is there malware running on computers in these locations without their owners' knowing?
3) Does it appear that somebody logged onto yahoo and that yahoo accepted the messages as valid and sent them?
4) Did the spammer use a legitimate yahoo email address and password to do this?
5) Can we assume that the return address "mary@yahoo.com" was spoofed? Is it just a coincidence that she uses yahoo and the originating server is also apparently yahoo?
6) Can yahoo inform the legitimate user so that he/she can change their password?
7) Since the IP numbers are geographically far from my friend's location, can I assume her computer is not the source?
8) Is it likely that my friend has malware on her computer? In other words, does this problem indicate she might also be used as a spam source, and should she have her computer checked?
 

lmj1000

New Email
I believe that I have the same problem! My contacts are receiving unsolicitied emails from my account and I don't know how to stop it.
 

EQ Admin

EQ Forum Admin
Staff member
Somebody is sending spam using my friend's return address. For discussion, let's say her address is "mary@yahoo.com". Please see snippets below taken from three of these messages.

Hello,

Yes, it looks like you found the correct line of the email headers that shows the IP addresses that are connecting and sending spam emails from your friends account. My answers are in italics and follow the questions below.


1) Was the computer that generated the spam connected to the listed IPs? Yes


2) I believe these are in Poland, Estonia, and Spain, respectively. How does the spammer do this? Is there malware running on computers in these locations without their owners' knowing? It could be spyware on their computer. Other possibilities include that your friend may have replied to a phishing email asking for their password to "confirm their account details", that a different account using the same password was compromised, or that the password was used unencrypted over a wireless (wi-fi) network.


3) Does it appear that somebody logged onto yahoo and that yahoo accepted the messages as valid and sent them? Yes, they should change their password and all account reset information immediately.


4) Did the spammer use a legitimate yahoo email address and password to do this? Yes, it appears your friends account is compromised.


5) Can we assume that the return address "mary@yahoo.com" was spoofed? Is it just a coincidence that she uses yahoo and the originating server is also apparently yahoo? If they don't match check the account for additional email alias that have been created. Yahoo Mail allows users to create a secondary email address that can be used as an alternate From: and Reply-to: email address.



6) Can yahoo inform the legitimate user so that he/she can change their password? Maybe. If it's your friend are you able to call / email / IM them or contact them at an alternate address to let them know they need to change their password and check all of their account reset information too?


7) Since the IP numbers are geographically far from my friend's location, can I assume her computer is not the source? It may not be the source of the sending, but their computer could still be the source of why the account was compromised. They should do some virus/spyware scans and maybe even a system restore back to a point from before the problem started.

8) Is it likely that my friend has malware on her computer? In other words, does this problem indicate she might also be used as a spam source, and should she have her computer checked? It can't be proven, but it doesn't hurt to scan her computer too.



If you do find the source of the problem please feel free to let us know how to account was compromised.

:welcome: to Email Questions!
 
Top