Is this a virus or???

[MZB]

I have a charter account (main one) and use a Yahoo email account.

Apparently, everyone from my Yahoo address book got an email (from me) with
some link (I think to a drug site).

Does this mean I have a virus? If so, what kind/type?

I'm going to run my Avira and Malwarebytes.

Mel

 

[Beauregard T. Shagnasty]

I have a charter account (main one) and use a Yahoo email account.
Apparently, everyone from my Yahoo address book got an email (from
me) with some link (I think to a drug site). Does this mean I have a
virus? If so, what kind/type?

Did you change your Yahoo password yet? A spammer hacked into your
Yahoo account. First thing I would do would be to change your Yahoo
password.

Or: the spammer simply forged your email address in his own botnet as
the FROM: address. It was your turn in the barrel. (This probably would
not generate mail to *your* friends, though.)

Ask a few of your friends to look in the headers and see what IP address
was used to send the spam. Do a whois on it/them and see where they came
from.

I'm going to run my Avira and Malwarebytes.

Always a good plan, regardless of the problem.

 

[MZB]

Can you help me with this?
I have OE.
I right click and go to properties and then details, but I cannot tell which
is the IP Address I want to look up. There is nso much information there.

Mel

 

[Beauregard T. Shagnasty]

Can you help me with this?
I have OE.
I right click and go to properties and then details, but I cannot tell
which is the IP Address I want to look up. There is nso much
information there.

Look through the: Received from: ...
lines, probably the first one you encounter. Without seeing the headers,
I can't say much more.

Wait. Is this header forwarded to you by one of the people who got the
spam from you? You need to see theirs, not one of your received mails.

Please don't top-post.

 

[David H. Lipman]

From: "MZB" <[email protected]>

| I have a charter account (main one) and use a Yahoo email account.

| Apparently, everyone from my Yahoo address book got an email (from me) with
| some link (I think to a drug site).

| Does this mean I have a virus? If so, what kind/type?

| I'm going to run my Avira and Malwarebytes.

| Mel


It could mean your Yahoo account was compramised.

 

[MZB]

Beaure:

Oh. I got the email at my personal account from my Yahoo account. (My
personal account is listed in my Yahoo address book). So, can't I use that?
I am just another recipient, right?

I ran Avira and nothing showed up. I'll run Malwarebytes next. I did change
my Yahoo password.

Mel

 

[MZB]

David:

I wonder how that happens. They somehow got my Yahoo email address (easy)
and my Yahoo password. Hmmmm

Mel

 

[MZB]

It says 10.10.200.6
Whois mentions it is IANA(Internet Assigned Numbers Authority) out of Marina
Del Rey (Calif).
Not sure what this means.

Mel

 

[David H. Lipman]

From: "MZB" <[email protected]>

| David:

| I wonder how that happens. They somehow got my Yahoo email address (easy)
| and my Yahoo password. Hmmmm

| Mel

Multiple ways now...

Scenario 1:
Your PC is infected with Malware. It scans your IE and FireFox password stores and steals
credentials, including your "Yahoo! Account". The credentials are then sent to a third
party web site to be parked and waiting for pickup. The Malicious actor gathers
credentials and uses them against you and for his gain.

Scenario 2:
You are infected with a keylogging trojan. It catures and your keystokes and and then the
credentials are sent to a third party web site to be parked and waiting for pickup. The
Malicious actor gathers those credentials and...

Scenario 3:
You advertanly realeased the account information.

To name a few...

 

[David H. Lipman]

From: "MZB" <[email protected]>

| It says 10.10.200.6
| Whois mentions it is IANA(Internet Assigned Numbers Authority) out of Marina
| Del Rey (Calif).
| Not sure what this means.

| Mel


That's a private address on the LAN side of a NAT Router.

 

[MZB]

I ran Avira and Malwarebytes. No infections according to those programs.

Mel

 

[FromTheRafters]

[...]

I wonder how that happens. They somehow got my Yahoo email address
(easy) and my Yahoo password. Hmmmm

Sometimes they just guess, sometimes they use datamining, and there have
been software based exploits in the past with similar e-mail services.

http://www.emeagwali.com/bbs/messages/3193.html

 

[David H. Lipman]

From: "MZB" <[email protected]>

| I ran Avira and Malwarebytes. No infections according to those programs.

| Mel


Good !

 

[MZB]

David:

Does this mean I can be somewhat assured that there is no keylogger or
malware on my system?

The article posted "From the Rafters" was interesting. Is it likely someone
got that information that way?

Mel

 

[David H. Lipman]

From: "MZB" <[email protected]>

| David:

| Does this mean I can be somewhat assured that there is no keylogger or
| malware on my system?

| The article posted "From the Rafters" was interesting. Is it likely someone
| got that information that way?

| Mel

What way ?

 

[Mel]

As per the article (Rafter's post_

Mel

 

[FromTheRafters]

From: "MZB" <[email protected]>

| David:

| Does this mean I can be somewhat assured that there is no keylogger
or
| malware on my system?

| The article posted "From the Rafters" was interesting. Is it likely
someone
| got that information that way?

No, that is phishing. It is a way to trick people into giving up their
password. I was looking for CSRF information and posted that link by
mistake. Was your old password easily guessable? Did you mistakenly give
up your password to a prompt that looked like a legitimate prompt (but
wasn't)?

....and would you know?

 

[The Central Scrutinizer]

No it does not mean that at all. It just means that Avira and Malwarebytes
did not find anything.