Viewing 27 posts - 1 through 27 (of 27 total)
  • Help, I've got a bug, IT bods needed!
  • PeterPoddy
    Free Member

    It appears that my email has some sort of virus in it that's sending out emails to my contacts. I have no idea how to stop it.

    90% of the time I reply to emails from my iPhone and most of the last 10% from my work PC wich is firewalled to the max on our central servers. I can't remember the last time I accessed it from my PC or laptop at home, it must be a month or two at least.

    It's a Google Mail address (As in my profile) and my main one, so I don't want to stop using it.

    Any ideas will be gratefully appreciated. 🙂

    retro83
    Free Member

    email can be spoofed to appear from and to anybody. It's not necessarily you who has the virus. It could also be that you've put it on the web somewhere and a scraper has found it.

    Have a look in the headers. In the GMAIL web UI, open one of the message, click the arrow next to reply, go to show original.

    Paste headers here

    PeterPoddy
    Free Member

    UI? What's that? Sorry, you'll have to use words a numpty can understand! 🙂

    I've just cleared out all my sent, deleted, spam and trash folders

    Fresh Goods Friday 696: The Middling Edition

    Fresh Goods Friday 696: The Middlin...
    Latest Singletrack Videos
    allthepies
    Free Member

    As above it's not necessarily you, it could be someone else who has you in their Email address book – the virus picks two random names from the address book, one to send to the other used to spoof the "from" address.

    Run a full virus scan.

    PeterPoddy
    Free Member

    Run a full virus scan.

    Work PC – Not possible
    iPhone – Not possible

    Not keen on opening my email from the PC right now, either! 😕

    FuzzyWuzzy
    Full Member

    You don't run an AV scanner on your work PC?? As for firewalling, if you do have a virus using it's own SMTP engine then depends how your sys admins have configured those firewalls. If they've not done a good job they'll probably just allow anything outbound and only filter inbound. Assuming they have firewall logging on they should at least be able to tell if your PC is sending stuff over port 25. Also running netstat -a -b at a command prompt (with admin rights) will give you some basic info about what your PC is connecting to, interpreting it is a different issue though 😉

    retro83
    Free Member

    UI? What's that? Sorry, you'll have to use words a numpty can understand!

    I've just cleared out all my sent, deleted, spam and trash folders

    sorry still in work mode 🙁

    I just meant the normal Gmail webpage, ie gmail.com 8)

    open one of your messages, then click the arrow and go to "show original" then paste it here. Might give some clues as to the originator

    samuri
    Free Member

    What form do the emails take? Are they adverts, spam, do they contain attachments? Do you have one of the emails you're supposed to have sent?

    You know, to me it sounds more like someone has just hacked into your googlemail account. Did you have a good password on it?

    You might want to change the password for something nice and strong.

    PeterPoddy
    Free Member

    You don't run an AV scanner on your work PC??

    Nope. All done centrally. You'd be amazed how locked down this PC is. I'm amazed they still allow facebook and Ebay. Youtube is bloked, most of the control panel is blocked, I can't even change the time or run a disc cleanup!

    open one of your messages, then click the arrow and go to "show original" then paste it here. Might give some clues as to the originator

    Hmm. I've deleted EVERYTHING apart from about 6 recent emails. A couple of people have told me they're getting spam of me – WorldClassAccident is for example!

    I take it you want to see one of the spam emails?

    PeterPoddy
    Free Member

    What form do the emails take? Are they adverts, spam, do they contain attachments? Do you have one of the emails you're supposed to have sent?

    You know, to me it sounds more like someone has just hacked into your googlemail account. Did you have a good password on it?

    You might want to change the password for something nice and strong.

    I'll see if WCA can foreward one back to me.

    They are adverts for clothes and stuff I think

    Danny79
    Free Member

    Peter have you tried changing your gmail account's password?
    Spam like this is mainly from compromised accounts.

    DezB
    Free Member

    Here's an example of PP's work


    from Peter Atkin <peterpoddy@aol.com>
    to cyberstation.emailnotif@neopost.com,
    [email addresses of contacts]
    date 27 May 2010 18:11
    subject That's the latest fashion? a-
    mailed-by aol.com
    hide details 18:11 (15 hours ago)
    Allow me to introduce a website,wto-sell.com,which offers many kinds of handbags (LV,Hermes,D&G,Chanel,Prada and so on)
    and shoes including christian louboutin &UGG boots and Rolex,Omega,IWC,ect watches.They are all world brands and brand new,
    you can retail or wholesale on our website,competive price and good quanlity what we can assure,and we accept papal and credit
    card payment which are safe and fast,
    Don

    r


    t miss .
    ( wto-sell.com)
    y-

    My last job was antispam and virus control, but I've no idea how an aol address can be used if its not a virus on one of the computers. There's no obvious spoofing info in the header.

    PeterPoddy
    Free Member

    Here it is –

    ———- Forwarded message ———-
    From: Peter Atkin <peterpoddy@aol.com>
    Date: 27 May 2010 19:12
    Subject: That's the latest fashion? s-
    To: member@ebay.co.uk, michael@chainreactioncycles.com, michael@innovation-productions.com, michelle@ras-publishing.com, mickledore@waitrose.com, mikedav4@hotmail.com, milesgoff@tiscali.co.uk, mjt105@soton.ac.uk, mollieoke@yahoo.com, monkeytennis42@yahoo.com, mrcarlpeachey@hotmail.com, mtloved@yahoo.co.uk, mtnbiker4life@hotmail.com, mukluk@ntlworld.com, nclarksouthampton@googlemail.com, neil.wilkinson@hotmail.co.uk, neil@dezign.me.uk, news@wiggleeurope.com, newsletter@ampworld.de, newsletter@planet-x-bikes.com

    Allow me to introduce a website,wto-sell.com,which offers many kinds of handbags (LV,Hermes,D&G,Chanel,Prada and so on)
    and shoes including christian louboutin &UGG boots and Rolex,Omega,IWC,ect watches.They are all world brands and brand new,
    you can retail or wholesale on our website,competive price and good quanlity what we can assure,and we accept papal and credit
    card payment which are safe and fast,
    Don

    w

    t miss .
    ( wto-sell.com)
    b-

    Just noticed it seems to be coming from my AOL account which I only keep open for Ebay purposes….

    I'll change the password

    project
    Free Member

    Had the same thing with aol, my email addresses sending each other different spam adverts usually drugs and viagra.

    DezB
    Free Member

    Found how to show full headers in Gmail:

    Received: from imr-da01.mx.aol.com (imr-da01.mx.aol.com [205.188.105.143])
    by mx.google.com with ESMTP id 7si92682qwb.24.2010.05.27.10.12.13;
    Thu, 27 May 2010 10:12:16 -0700 (PDT)
    Received-SPF: pass (google.com: domain of PeterPoddy@aol.com designates 205.188.105.143 as permitted sender) client-ip=205.188.105.143;
    Authentication-Results: mx.google.com; spf=pass (google.com: domain of PeterPoddy@aol.com designates 205.188.105.143 as permitted sender) smtp.mail=PeterPoddy@aol.com
    Received: from imo-da01.mx.aol.com (imo-da01.mx.aol.com [205.188.169.199])
    by imr-da01.mx.aol.com (8.14.1/8.14.1) with ESMTP id o4RHBj9U015301;
    Thu, 27 May 2010 13:11:45 -0400
    Received: from PeterPoddy@aol.com
    by imo-da01.mx.aol.com (mail_out_v42.9.) id 7.bb9.6b6e514c (34959);
    Thu, 27 May 2010 13:11:43 -0400 (EDT)
    Received: from smtprly-mc01.mx.aol.com (smtprly-mc01.mx.aol.com [64.12.95.97]) by cia-da06.mx.aol.com (v129.4) with ESMTP id MAILCIADA068-d3ce4bfea7c8dc; Thu, 27 May 2010 13:11:42 -0400

    Danny79
    Free Member

    AOL does have a web portal so it's possible the spammer is using compromised details to login and send the emails.

    http://info.aol.co.uk/email/

    PeterPoddy
    Free Member

    The AOL account I NEVER open anymore. It's set up to foreward everything onto my Googlemail account. I can't use the Googlemail account on Ebay because you're not allowed to have the same email name as your ebay user name anymore: Despite the fact I already have! I can't change from Peterpoddy@aol.com to Peterpoddy@googlemail.com…!

    Must have been hacked. I'll change it.

    Drac
    Full Member

    Your going to get plenty is spam no thanks to the number if times your email addy is on this thread.

    DezB
    Free Member

    Yeah, like it will make a difference!

    PeterPoddy
    Free Member

    Drac, Googlemail spam filters mean I never see any of it! 🙂

    soma_rich
    Free Member

    Told you about this ages ago…. I dont think theres much you can do. Az had the same thing happen to his Hotmail account I think he shut it down in the end.

    You can remove all the contact details for your AOL account.

    See if you can delete your AOL account?

    verses
    Full Member

    Googling for a bit of the text in the email returns this link;
    http://windowslivehelp.com/thread.aspx?threadid=44ed4929-4bc9-45f5-b5b0-48a2698a671b
    Which in turn links to these possible solutions;
    http://windowslivehelp.com/searchresults.aspx?query=recent%20reports%20of%20account%20hijacks

    Although they're Hotmail-centric the principals should be the same for Gmail.

    PeterPoddy
    Free Member

    Sorry Rich.

    I'm not shutting it down yet. I'll see if I can delete all the contacts first

    Drac
    Full Member

    Drac, Googlemail spam filters mean I never see any of it

    Maybe you won't but all others emails you've posted will. 😆

    Netdonkey
    Full Member

    Peter,

    On websites you are better using peterpoddyATaolDOTcom instead of the full address. Google trawls so many websites and these results are available to anyone who knows the correct search queries to find them.

    example below

    People spend ages crafting these to search the internet for gmail, aol etc accounts you get added to spam lists and they can spoof your email address to send spam that looks like it can come from you or guess your password reminder etc.

    Definitely change your passwords and also change any that are the same as your email passwords. Paypal would be a real bummer if they got that 🙁

    Good Luck

    PeterPoddy
    Free Member

    On websites you are better using peterpoddyATaolDOTcom instead of the full address.

    Good point. Will do.

    Address book on the AOL account is now empty, all the sent and trash emails deleted and password changed. If that doesn't work I'll shut it down.

    The spam emails were all there in my 'sent items box' so I guess it's been hacked somehow.

    Thanks for the help everyone, sorry to those who've had spam off "me" 🙂

Viewing 27 posts - 1 through 27 (of 27 total)

The topic ‘Help, I've got a bug, IT bods needed!’ is closed to new replies.