Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

email hacked and spamming


  • Please log in to reply
2 replies to this topic

#1 Cuzenu

Cuzenu

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 08 November 2011 - 11:09 PM

Hello, I believe my dad's email has been hacked, because upon getting a spam mail from him, I checked his "sent" folder and it had sent about 35 spam messages within 10 min, though the messages vary slightly or provide separate links. These emails were sent out Nov 8th 7:55pm-8:05pm, However, these messages do not include anything helpful in relations to who originally sent it or how, the only emails listed are the "sender"'s aka my dad's yahoo email and receiving emails, which come from his contacts list.

I poked around the inbox to try and find a list of 8 "Failure to Deliver" emails stacked in his inbox from Nov. 7th. These emails contain a bunch of code and specific heading which may provide insight as to how they came about or the best way to prevent any further from occurring. Please note, I added asterisks within the contact emails to protect their privacy.

Also note, I killed the spam link so nobody accidentally clicks it. Also, I will highlight the links/addresses that loaded as hyperlinks of some sort in word documents, in red font.

From: "MAILER-DAEMON@yahoo.com" <MAILER-DAEMON@yahoo.com>
Sorry, we were unable to deliver your message to the following address.

<s****c@******inc.com>:
Remote host said: 550 5.7.1 Unable to deliver to <s****@******inc.com> [RCPT_TO]

--- Below this line is a copy of the message.

Received: from [66.94.237.199] by nm7.access.bullet.mail.mud.yahoo.com with NNFMP; 07 Nov 2011 07:58:15 -0000
Received: from [66.94.237.104] by tm10.access.bullet.mail.mud.yahoo.com with NNFMP; 07 Nov 2011 07:58:15 -0000
Received: from [127.0.0.1] by omp1009.access.mail.mud.yahoo.com with NNFMP; 07 Nov 2011 07:58:15 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 958154.50004.bm@omp1009.access.mail.mud.yahoo.com
Received: (qmail 15222 invoked by uid 60001); 7 Nov 2011 07:58:15 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=prodigy.net; s=s1024; t=1320652695; bh=d1xkhjtnZTKATNfOiCeg7Fd6w0M0Ziv0XVr757+mSaY=; h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Subject:To:MIME-Version:Content-Type; b=cvFMWwN93ZkrklYV0YI3UpPgJhTs3Bw3h47LjGLl5TbSTiGzu7707+QBNAwp6hKjBPrauL1WagO461rXWNDWA4ySE89qys6FKMgyLpcrjSG5bgZEp0aXgLXuTltus+ukOIeAz5qANRF0EjF8qyfFs+ar9fOLUrnyeII/oaDp+Ls=
DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=prodigy.net;
h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Subject:To:MIME-Version:Content-Type;
b=0bVz0B5vebcY/h6OEba8ao9qlw503hU8Qok7NXpGp385H1CyyElVwO8cx5j6+Fv5xgxktBsQyupJNmg6iLUOnxkvsN8g7UIHOMnFmBD8/AN29DCqzh0a7EMFzNzkboA5x/tkUTQIZ8Urg9jSEtnlALS/3hq7AyYK9wyu1E+/T58=;
X-YMail-OSG: fFtQfwIVM1mm.yk8dxSBk_UyRcoQ6XY28s5AuALDld4fHgF
93JbvHP04IW3o6TfdPMmWubpIrjr3TnrgdzKakW_cKFb_R.TYy5x0p0TrbmO
PXqR_Sk1zDyW5HPSNq_sTOUiMhK.qRuTwi1pj248bmmK3zE5PAKTZSz6C9TE
FfolKaetBdO5nQEu_jg2oOozoMpaOIFQrMAtKXMDZ_rQUonYCUEVLapkpgVu
DD8hlN4us2j0NoakP_WWXhglPlK0XhOVZMal_E0SJMleQlk9QCjyh.PcRCAk
an80bjduAZ2Woov4Ic9FYPD5viexf_RmsuxcgPfyCAKlQFJZtkPuFaV1kAKp
yE9m286T9HEHKZXg5Q.gWl8nWIBMt7VJlb.QzR0qqonOuk2vPBEVHUFCM2g_
iJDUTpgJYV76LGSNuBQ2RwHC4JWgHi2TIXtdL6WfN7eobVaBiDV0J6dDtRvO
P0N5rmXCw475pBgcfXw9ETAYDMbeXFZhivp5i3cACr8M.E2BRNBI67i_6VbW
vjhDL22jmyAIDgOo1fmgGZXr3bYlwAS5MKwPomxqRn_Gw12w7FbVVW11hLds
xoQzGU294hCgWmVr1PDkHdhKwtjvUVC2SQZ1oZNCDjBNWB6JuCY6magttDUl
jDYKo1yKcgwNcYNczLtmnRDjVWFfJWxqdnV.E8.3EZFeogFwHCr156.MLoSE
jEpi_RUoo
Received: from [189.146.57.119] by web80202.mail.mud.yahoo.com via HTTP; Sun, 06 Nov 2011 23:58:15 PST
X-Mailer: YahooMailWebService/0.8.114.317681
Message-ID: <1320652695.9048.yint-ygo-j2me@web80202.mail.mud.yahoo.com>
Date: Sun, 6 Nov 2011 23:58:15 -0800 (PST)
From: C**** G****** <g*******@prodigy.net>
Subject: Re:1
To: s*****@***inc.com, c*******@swbell.net, r*********@aol.com,
r******.******@sbcglobal.net, e******@aol.com, e*****66@aol.com,
g******@aol.com, g*****81@hotmail.com
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii

...I hope will like my new site! Your opinion is very important for me! http (colon) //cochesclasicosparabodas (dot) com/m.friends.page.php?tyahoo=


Edited by Cuzenu, 08 November 2011 - 11:12 PM.


BC AdBot (Login to Remove)

 


#2 frankp316

frankp316

  • Members
  • 2,677 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 09 November 2011 - 06:28 AM

Have him change his password. That should take care of it.

#3 nesrinamb

nesrinamb

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thousand Oaks
  • Local time:07:30 AM

Posted 10 November 2011 - 12:03 AM

actually first do a virus scan on the computer which he uses to check his email and then have him change it. That scan should take care of any key loggers




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users