I need some advise, I run Avast on my PC as I think its the best but this morning my email sent an email to everyone in my contacts list.
I have done a quick & full scan with nothing found
Without adding all the email address this was the body of the message sent & not by me
Sent: 16 January 2012 05:05
Subject: Re: Fwd: Im free now.
hi there…
I was starting to crack under pressure this helped me back to my feet everyone was worried about me!
-http://talitacumi.org/lastnews/64NeilWood/ im in this for the long run you would excell at this.
talk to you soon.
Does anyone know whats going on or how it might have got in?
Thanks again, I changed my password for the minute to see if it helps. I also checked my outlook sent folder, nothing in there or on my providers site (outlook uses pop3 to access)
Its only happened the once to my knowledge so I will just keep an eye out
@ Neil
How do you know it sent an email to everyone in your addressbook ?
Is this MS Outlook or Outlook Express ?
Are you getting bounced emails, etc. - Whilst this may not be exactly be the same as your experience:
It is a common spammer tactic and it could have worked in your case if you have opened it (even just to retrieve the information you posted) and that could have resulted in more serious issues.
One likely scenario is that your email address is already on a spam list and those email addresses aren’t just used to send spam too, but they are used in the from email address (easily faked). Another scenario is that someone that you have communicated with, friend, colleague, etc. has an infected system and their email address book is harvested for email addresses to send spam to and to use as the from address.
The problem is that dumb email servers and spam filters bounce the email back to the from/reply to email address without thought that this might not be who sent it.
I get these on occasion and I know I haven’t sent them (so I know they weren’t likely to be undelivered), my anti-spam invariably picks them up or one of my filters will flag it otherwise the mark one eyeball picks them up and they are flagged for deletion. Then my email program is called to download the remainder of legit emails.
What to do, set the avast Mail Shield to High heuristics as that will detect if you are actually sending out multiple emails in a short time frame (generally spam). This could also be an early indication that you may have a hidden/undetected spambot no your system. In most cases you aren’t sending out spam, but it is the scenarios outlined above and their bounced email being send back to the from address.
Note, if there is a spambot on your system, generally they don’t use your email program to send the spam, but come with their own very small SMTP program. This is where bumping up the heuristic level in the Mail Shield helps as it doesn’t matter how they try to send the spam your email client or their own little one avast should intercept it for scanning as outlined above.
That still falls in line with the scenarios that I gave as it is being reported back to you rather than knowing it came from you as the from address is so easy to fake as you can put absolutely any email address in there and spammers do that.
You would need to have the actual email headers analysed to confirm where it actually came from (e.g. the IP address of your email server (ISP, etc.). So it is still probable that this didn’t originate from your system as I rather doubt a spambot would be selective in not emailing everyone in your email address-book or everyone in the last months sent folder.
It is this kind of inconsistency that makes me think it is someone in your contact circle who may well have many of the email addresses that you have is infected. Many email servers or users with anti-spam software would just bounce the email back.
I trust that you have now bumped up the heuristics level to high in the mail shield ?
You can/should run other precautionary scans, as in the link given by Pondus in Reply #4. But I would suggest using MBAM as that has been generally good at detecting spambots, if that doesn’t turn up anything (as avast didn’t) then you could go to the other tools suggested in the link.
MalwareBytes Anti-Malware (MBAM), On-Demand only in free version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe, right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later. Download, Install, Update, Run and post the contents of the log.
Another friend has just emailed me about the spam too, she said she has got it before from me.
Well I just installed Malware Bytes and it blue screened my PC
When I rebooted the program wont run so it has now been uninstalled and I got it from the website directly.
Well that domain is hosted by Hetzner Online AG in Germany and coincidently it hosts this forum. So I don’t know if this might have been related to your forum registration, but I rather doubt that. But you don’t mention if this was for pop3 or smtp (which is crucial) ?
It doesn’t matter if another friend is reporting this, that doesn’t change anything if your email address has been harvested then its use as a from address is almost a given.
The most crucial point is to confirm that nothing is getting out and why I suggested increasing the mail shield sensitivity and asked if you had done that (but no answer). I really can’t over stress how useful a feature this is.
Sorry I didn’t check your edited post, just those after my asking the question.
This should at least be able to confirm that they aren’t being sent now, as I guess a spambot wouldn’t just be doing it the once.
If you want to (to confirm nothing hidden on your system) I guess the next step is following the instructions on the link Pondus gave in Reply #4 as you have already done one step of that running the MBAM scan, do step two in downloading, running OTL and attaching the logs here.