How did I get infected?

I tell people to use puppy Linux when surfing indiscriminately on the web. The newest puppy just works, and that is with router and firewall FIOS. And, it is a nice clean interface. To be honest, there are times when a virus/trojan is a puzzle to solve, and other times when it is time to hit F11 with TI.

There is something "missing" from your tips, and it is the most common form of "infection." The situation is:

• Your computer is locked down and all guidelines have been followed
• You don't use email on your computer. You use yahoo, aol, or something similar... Google seems to not have so many problems
• Someone starts sending out spam and infected emails using your email address
• You run all the virus detection methods. Your computer is clean. You are not being rerouted.
• You call the email provider and all they say is "change your password"
• They can not describe "how" your username and, apparently, at least some of your contact list was hijacked.

Would someone please explain how this is happening? What are the techniques used? Is "changing your password" the remedy? Should you send an email to everyone telling them what they are receiving is a hoax, or will this allow the hacker to gain access to more of your contact list?

I think this is the most common infection I find in my experience as an amateur security consultant to my community.

Edited by aninkling, 02 March 2012 - 11:06 AM.

Email spoofing is the most common reason. Google that term and you'll have more information than you could have hoped for.

Good write up here to get you started. http://ask-leo.com/someones_sending_from_my_email_address_how_do_i_stop_them.html

Adding to Leo's comments.

A spambot is a type of web crawler designed to scan the Internet and extract e-mail addresses and hyperlinks from various sources (newsgroups, bulletin boards, web pages, chat rooms, etc) in order to build mass mailing lists for sending unsolicited e-mail (spam). The spambot stores the email addresses to use as targets for spam, and then follows each hyperlink to a new page, where it starts the process all over again. Spambots and Email relays typically come packaged with rootkits so I'd be concerned about what happened. Rather than take a chance, I would change all my passwords to be on the safe side...that's most likely why the the email provider advises to change them.

If using a router, I would also reset it with a strong logon/password before connecting again.

I tell people to use puppy Linux when surfing indiscriminately on the web. The newest puppy just works, and that is with router and firewall FIOS. And, it is a nice clean interface. To be honest, there are times when a virus/trojan is a puzzle to solve, and other times when it is time to hit F11 with TI.

In case there are those not familiar:
Puppy Linux is a Live CD version of Linux. It loads directly into ram via your CD/DVD drive. Since it only exists in temporary memory, nothing can be written to your hard drive unless you choose to mount the hard drive and write to it. It is the ultimate protection from infection--and offers the possibility of retrieving information from a broken installation or manually cleaning all of the temp files, cookies, caches, browser helper objects and such when attempting to recover from an infection.

TI is True Image a back up and recovery program with a lot of options and power. Inexpensive for what it does for private users. There are more alternatives than there used to be.

Great precaution, really helpful.

I tell people to use puppy Linux when surfing indiscriminately on the web. The newest puppy just works, and that is with router and firewall FIOS. And, it is a nice clean interface. To be honest, there are times when a virus/trojan is a puzzle to solve, and other times when it is time to hit F11 with TI.

In case there are those not familiar:
Puppy Linux is a Live CD version of Linux. It loads directly into ram via your CD/DVD drive. Since it only exists in temporary memory, nothing can be written to your hard drive unless you choose to mount the hard drive and write to it. It is the ultimate protection from infection--and offers the possibility of retrieving information from a broken installation or manually cleaning all of the temp files, cookies, caches, browser helper objects and such when attempting to recover from an infection.

TI is True Image a back up and recovery program with a lot of options and power. Inexpensive for what it does for private users. There are more alternatives than there used to be.

I am using ubuntu in live version, and I believe the latest releases is probably the most stable of Linux distrubs. For those who are new to Linux, its a great (and easy) first-step.

there are really good advices here actually..however here you are one from me .. i found out that the combination antivirus software and browser adblock program does a great work...because sometimes when I am in a hurry click on banners without actually wanted to do it..as we all know banner and ads are really like a door in the virtual hell... 

Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.

The old stalwart SpywareBlaster is helpful and free, unless you want automatic updates instead of manual. Auto is ten dollars a year.

The old stalwart SpywareBlaster is helpful and free, unless you want automatic updates instead of manual. Auto is ten dollars a year.

SpywareBlaster has been mentioned several times already in this topic. In fact. In fact, you essentially made the same comment in Post #48.

....the old stalwart, SpywareBlaster...the paid version of SpywareBlaster adds autoupdate for ten dollars a year.

Forgive me. I saw a note to myself, mention SpywareBlaster, Bit forgetful sometimes. Before I post I'll search my posts and others.

Ok...I just wanted you to be aware so you don't post duplicate replies.

Hello, I also think p2p programs effect a lot. I dont get such infections as I have Krojam Cleaner in my system which protects me. Great to know more infecting reasons.

Using any torrent, peer-to-peer (P2P) file sharing program (i.e. Limewire, eMule, Kontiki, BitTorrent, BitComet, uTorrent, BitLord, BearShare, Azureus/Vuze, Skype, etc) or visiting such sites is a security risk which can make your system susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. In some cases the computer could be turned into a virus honeypot or zombie. File sharing networks are thoroughly infected and infested with malware according to Senior Virus Analyst, Norman ASA. As such, it is not uncommon for some anti-virus/anti-malware disinfection tools to detect torrent related files and programs as a threat and attempt to remove them.

The reason for this is that file sharing relies on its members giving and gaining unfettered access to computers across the P2P network. This practice can make you vulnerable to data and identity theft, system infection and remote access exploit by attackers who can take control of your computer without your knowledge. Even if you change the risky default settings to a safer configuration, downloading files from an anonymous source increases your exposure to infection because the files you are downloading may actually contain a disguised threat. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install malware. Many malicious worms and Trojans, such as the Storm Worm, target and spread across P2P files sharing networks because of their known vulnerabilities.

Further some file sharing programs are bundled with other free software you may download (sometimes without the knowledge or consent of the user) and can be the source of various issues and problems to include Adware, and browser hijackers as well as malware.

Even the safest P2P file sharing programs that do not contain bundled spyware, still expose you to risks because of the very nature of the P2P file sharing process. By default, most P2P file sharing programs are configured to automatically launch at startup. They are also configured to allow other P2P users on the same network open access to a shared directory on your computer. The best way to eliminate these risks is to avoid using P2P applications and torrent web sites.

• Risks of File-Sharing Technology
• P2P file sharing: Know the risks
• Peer-to-Peer: A Growing Tactic Used for Threat Command-and-Control
• More malware is traveling on P2P networks these days
• Evaluating the Resilence of Peer-to-Peer Botnets

Using such programs or browsing torrent sites is almost a guaranteed way to get yourself infected!!