A computer virus is sending out emails from me – don’t open if you get one.
I am puzzled how this happened, as I have not received or opened any suspicious emails today or visited any dubious websites. I have Norton on fully and it automatically both updated and scanned last night. As soon as I started getting back a rash of auto-replies, I started scan again and it has immediately detecting and started eliminating threats.
I am not the most technology savvy of people – does anyone know how this can happen without an apparent triggering event such as opening an infected email?
Allowed HTML - you can use:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>
Most certainly not an expert, but it could be a ‘drive by’ infection from visiting a compromised website.
Hi Craig,
This is quite common and happened to me recently.
Do you have the sent emails in your sent box?
I had nothing in my sent mail but hundreds of emails saying the address I was emailing was incorrect. I dread to think how many I sent successfully.
I changed my password and the problem stopped. A full virus scan and a scan for Malware (Malware Bytes) came up with no problem on my computer.
When Windows XP first shipping it had a security hole that allowed anyone to gain remote root access, and therefore do anything they liked on the machine. Lots of software has so-called “zero day” flaws like that.
For crying out loud. Just buy a Mac. Not trying to start a fight, but that’s the simple way to protect yourself online. Do it.
Typically you can get infected by a malicious advert served up on a legitimate site. It would be a good idea to check that Flash, Java etc are all up to date (if installed); http://secunia.com/vulnerability_scanning/personal/ is a free tool to do this for you. Likewise running a “second opinion” virus scanner such as PrevX (http://info.prevx.com/downloadcsi.asp?prevx=Y, click the “Download a randomised filename” link to be on the safe side) or Sophos (http://www.sophos.com/en-us/products/free-tools/virus-removal-tool.aspx) is worth a try.
Changing your email password is also a good idea, ideally from a separate machine (you can usually do this via the vendors’ email web site).
Hope this helps, if you get stuck drop me an email.
It is ridiculously easy to send email with a fake senders address – these emails need not have come from your PC (Wikipedia: Joe Job).
A clue to whether or not they are originating from your PC is if the recipients match entries in your contact list.
No AV package can guarantee 100% protection from malware and they are always planning catchup.
One area where AV packages are weak is in targeted malware (Wikipedia: spearphishing). Have you seen a copy of the outbound messages? Is there anything in there that might discredit you personally?
What operating system are you on, Craig? If it’s still Windows XP, then maybe Windows 7 or Windows 8 would be an improvement – they are still getting security updates, whereas XP is dead now. Macs certainly are good, but bloomin’ expensive.
I’ve often wondered how email gets hacked – maybe they have gotten your password somehow. Try changing the password on your email account, if your ISP permits that – make it long and complicated so it cannot easily be guessed. You’ll need to then update it in your email program (e.g Outlook).
It may not be your computer that is infected.
A closer look at the headers of the email will usually show that the email originated from a completely different computer. It is trivially easy to send out emails impersonating any email address. They do not have to break into your computer to do it.
The spammers obtain your email address either by crawling over the internet looking for valid addresses, or when a virus infects someone elses computer it will harvest all the addresses it finds in the address book.
If this is the case there is nothing you can do to stop it. They will stop eventually when the spammers move on to impersonating someone else.
In addition to an antivirus one must use an ‘antimalware’ as well.
Antivirus does not effectively prevent malware or spyware.
I suggest you download something like Spybot Search and Destroy and run it. Or Malwarebytes.
You might be surprised at what they find in terms of Trojan horses and the like.
Hi Craig,
Windows is a security disaster.
A mac is a step in the right direction, but the most secure option is Linux – in practice it is virus-free (although it is still possible to pass on virus sent to you by a windows user).
You can download and install *for free* to your existing PC – this would eliminate any existing security breech on your PC (but not on your email server) and significantly improve your defenses in the future.
No need for expensive and slow anti-virus software.
There are different versions – the most popular and my personal choice is Ubuntu;
http://www.ubuntu.com/
It does everything and more that windows can do.
Includes many free programmes installed with tens of thousands more just a free click or two away.
Open Source software rules – Get away from the corporate offering.
(Mac OSX runs Linux underneath the bonnet, which is why it’s more secure than windows, but its an expensive choice.)
I hope this helps.
Best,
Rich.
Agree with Ron on Mac. Also i’ve seen fewer gmail a/c’s being hacked as compared with say, hotmail and yahoo.
Good to see you around Jon.
Btw, my last laptop was a state-of-the art expensive Vaio. Recall it being a lemon in every aspect, as compared with an Apple. And i’m not one of those who must have an iphone or every latest thing that Apple has to offer. Just a good solid Macbook and relatively easy and worry-free use.
As others have said, there are drive-by attacks which exploit issues with your browser and/or plugins. These are often unwittingly served up by legitimate websites who use third party ad providers (who may not know they are serving up malware either).
Another possibility is that you’re running an OS with vulnerabilities.
Best thing to do is to make sure you’re running AV software (AVG is pretty good and free), make sure everything is up to date, disable Java unless you really need it and use an ad blocker (AdBlock+ is my choice – it will also show non-irritating ads if you want, so you can support websites which are not irritating) and/or use your browser’s ‘click to play’ feature to prevent auto-playing of flash.
An Apple computer is not inherently more secure (there have been several severe security flaws and Apple havn’t always been very good at providing fixes). They may seem more secure due to lower usage so less malware is targetted at them, but there is an increasing amount targetting Macs (including cross-platform malware).
Linux is in the same position, but with even less malware (although security holes still occur – distributions tend to fix them ASAP though).
If you’re doing anything sensitive then you want to take more precautions. NoScript to manage the use of javascript, possibly encrypt sensitive files, use private browsing mode, use Tor, disable add-ons… there’s lots of things you can do, but usually they come with a downside of making the computer harder to use…
Unfortunately there’s no such thing as a secure computer, there will always be issues, either with hardware, software or users.
The most “secure” computer right now is the Google Chromebook… so far it has survived several of the hack-for-cash competitions.
It is based on Linux but bolts down the filesystem so tight that the user cannot change anything. Only Google can push out updates.
It does assume that you’re going do do everything through Google… documents, spreadsheets, email etc.
I bought one for my daughter after her laptop died. She’d got fed up with the general hassle of keeping a Windows PC up & running. Took a bit of getting used but now she takes it everywhere with her (she 20 and at university).
@Rich – OSX is based on BSD not Linux – although they share a common heritage the BSD license means Apple are not obliged to hand back their enhancements to the BSD community).
@Villager – I hate Sony laptops with a passion, so much so that I’ve told my clients that if they ever buy one I’ll not touch it. I’ve encountered many Vaios over the years and they have some of the quirkiest hardware going, and the worst customer support I’ve encountered from a big business.
The chances are that it’s not your machine that has been compromised, but rather the machine belonging to one of your contacts (to whom you sent out email once upon a time). The virus then read that person’s address book, and used various addresses (including yours) as the sender.
Email works entirely on trust… there is NO authentication of the sender. It’s really easy to spoof the sender of messages. (There are also some legitimate uses of this, eg greeting card websites, or “tell a friend” systems).
There is a technical fix, known as SPF (Sender Policy Framework), but it’s complex.
Flint, i can tell you know your onions, whereas i’m just a lay-person. You’re right to forewarn everyone about those darned Sony machines — and yes, its to do with weird sub-standard hardware.
Thanks for the tip on the google chrome book — didn’t even know it existed!
Good luck!
For anyone on Yahoo.
http://www.channel4.com/news/yahoos-email-system-hacked-by-criminal-spammers
http://thenextweb.com/insider/2013/03/06/despite-its-efforts-to-fix-vulnerabilities-yahoos-mail-users-continue-reporting-hacking-incidents/
“A computer virus is sending out emails from me – don’t open if you get one.”
That is always frustrating and distressing. Some general thoughts that i don’t think have been tuched upon yet,
a.) There exist (to my mind) no way/method/system that eliminates the risk of being infected, either by chance or by intention.
b.) It is an (ever) ongoing arms race between malware writers/hackers and software/hardware security development. You can reduce the risks, but never eliminate it, by following “good” practices.
c.) To first learn and then follow “good” practices requires both time and dedicated effort, and it is always worth remembering that security is very much a tradeoff, between the time and resources you are ready to invest and what restrictions you are prepared to set for yourself.
But at a bare minimum, make sure to always have regularly made physical backups of your data, both at home, and, preferably in a second external secure place, for example in a bank vault.
Some insights into the darker side of information technology, and why you should not ever steal a hacker’s computer,
http://www.tomshardware.com/news/def-con-hacker-mac-stolen,11849.html
From a presentation held at DEF CON a couple of years back now, (for those who have not seen it). The presentation starts around 3:20 into the film…
I work in the industry (Oracle DBA and Developer), and I do a lot of security work these days. When I started I used to do network admin and desktop support.
I’m curious to know what virus, if any, you scan turned up (name)? If there was nothing named, did it give you any indication as to what it found in what area after a full scan (like say suspicious cookies from the web)? Also did you try scanning with say another online security scan (like House Calls by Trend Micro: http://housecall.trendmicro.com/)? I used to have machines with viruses that Trend Micro would detect and McAfee or Symantec would not detect. Much of it depended upon who updated their virus definitions first. I would use all three to detect, and to manually remove, I would usually have to use Symantec’s instructions….
I’d say Norton is your problem. McAfee much better IMHO.
Have never ran a scan on my macbook since i’ve had it for the last year and a half…wonder if it even exists? Why can’t other makers get to that standard, or are there too many vested interests?
I dunno about MACs. My spouse and I both have Macbook Air and smartphones and we both have had hacked email.
I suspect using data feature on phone creates the window of opportunity.
Craig,
Very old hand here, decades, but I work with today’s start-ups, so bleeding edge enabled. I run multiple servers, blah, etc.
Very surprised, considering what you do, that you are still on Windows. No axe to grind with Microsoft — I even have an eary day Bill Gates story — but get off of it. It’s a large and unnnecssary risk for you.
I’m a Linux guy, but Apple is fine by me too. Apple did recently have a virus scare, though, but it’s in no way as insecure as Windows.
I’m clearly not a personal friend — a personal friend would never let you run Windows — but I do care for your safety and want for you to continue doing what you do, so please, bite the bullet and make the change. I’m sure you have better contacts, but drop me a line if you want assistance.
Cheers,
Marc
Probably not an ‘infection’ on your machine but the result of a problem with Yahoo’s mail service.
The headers in the spam message I received suggest that.
Check the links from “April Showers” above.
After your computer geek friends have purged your machine of anything malicious, you may find it worthwhile to install AVG (free version).
PS. If there appears to be any ‘damage’ that won’t go away (I don’t mean activity from a virus like sending spam), you might also try using System Restore (under System Tools). That should restore your system back to where it was before the problem happened. But by all means consult your geek friends about when to use this particular utility.
Craig before you do something drastic like wiping your machine or installing unwanted software, please speak to someone who you know is expert.
In my opinion, (and I received one of the offending emails), it is the result of a problem with Yahoo’s WebMail service.
But don’t trust me… I am, after all, just some bloke on the the Internet.
I have been using Ubuntu for over 6 years now, never had a single security issue, with the machine.
I have however had my Gmail account password hacked somehow and send out spam, Gmail picked it up, locked my account and forced a password reset before I knew anything about it. Which was pretty good going.
One of the ways your passwords can get hacked is that a website you use gets hacked (often via sql injection) and that website has stored your password insecurely, either in plain text or has been crytographicly hashed securely enough.
The less entropy in your password the easier it is to crack the hashed version, and if your password is the same to another password that has already been cracked, whether it is because it is a dictionary word, or something stupid like qwerty or 1234657, then your password is as good as being stored in plain text.
Once these password are cracked they are shared and sold to other hackers online.
The way to combat this is to use a unique complex password on every site you visit. The easiest way to do this is to use LastPass or similar that will remember your password for you and log you in automatically.
There are also techniques of carrying around a unique cipher on a bit of paper in your wallet that you apply to the domain name of the website in question to generate a unique password from the domain name. So each website has a different password, and you can use your cipher to work out what the password was when you come to log back in.
https://www.grc.com/otg/operation.htm
In many ways although LastPass is very convenient, it does require some technical knowledge to use it correctly occasionally when things don’t just automatically work, and you need to manually edit things to go to the correct login url etc.
So I think I would actually recommend “Off the Grid” the paper cipher option based on the websites domain name for you Craig, it’s a very secure and low tech, old world kind of cold-war-esque secret squirrel way to do it, and I think it suits your style very well.
You really should give the technique a read https://www.grc.com/otg/operation.htm
Craig,
Don’t worry about the fact that You Banned Me. You were Probably Doing Us Both a Favour.
I recall writing That My Uncle Was a Diplomat – Very Posh….
And I Kind of Fell In Love With What You Wrote in Your Book Murder in Samarkand..which I Shamelessly Read when it was Pissing Down In The Indian Ocean…
A Real Page Turner in Between The Showers…
I Just Didn’t Realise That My Son Read Your Book Too… or maybe he just inherited it…
Have a Nice Day,
Tony