Many of my friends have been getting mail, supposedly from me, telling them about a terrific website that a friend told me about, yadda yadda, with a link to the site.
I did not send these, so someone has hijacked my address book for nefarious purposes.
I have Avast Antivirus and Ad Aware running continuously and I routinely do complete scans with these which always come up clean.
How can I fix/stop this? I’d rather not change my email account, as Busman Whistles is linked to this address. Thanks.
I know little about this specific problem, other than it’s caused by a rogue worm type thing, but I have liked Kaspersky on the PC (used by the resident anime fan.) It has done yeoman duty in keeping the creepazoids at bay.
What are you using for email?
If you’re using some web-based
AOL system, then it’s probably on
their end and would have nothing
to do with your PC’s security. You’d
have to talk to AOL if that’s the case.
I’m using Firefox to access AOL online. Guess it might be time to get a new email address with someone else. Any suggestions? Hotmail?Gmail?
What about using an email program to download and provide it’s own filter and protections? Such as Thunderbird (a Mozilla/Firefox thing.)
FWIW, I use Gmail and have had no problems.
It may not be YOU that was hacked, but someone else’s address book that contained YOUR e-mail address.
I would certainly talk to AOL about it
even if you do decide to change. They
may want to know if something’s going
down with their mail servers.
Could be nice.
http://email.about.com/od/aoltips/qt/Access_an_AOL_Email_Account_with_any_POP_IMAP_Email_Program.htm
Though, it doesn’t help if the perp
got the address book via AOL’s servers.
If you’re planning on changing, might
I suggest an email forwarding service.
My friend’s been using pobox.com for
years. He has changed email providers
several times, but his email address
remains pobox.com, and the service
forwards all mail going to that address
to whatever his new email is.
Same thing happened to my Hotmail address book a couple of months ago.
Something was actually using my Hotmail account to send Spam e-mails to everyone in my address book, and not just doing the common trick of spoofing my address to send e-mails to random recipients.
I never did find any type of infection on my PC, but I restored my clean backup image and changed my e-mail password just to play it safe.
So far that has done the trick, and there has been no more suspicious activity on my Hotmail account.
you can’t have an email like poobox, every one would send you s*** 
And people say you folks have no sense of humor! 
I don’t have poobox, but I get all kinds of sh*t anyway…
Ran an in depth scan of my computer yesterday in safe mode and came up clean. I took the simple precaution of changing my AOL password, so maybe that will help.
Other email clients like Thunderbird would just access my AOL email, so I don’t think that would be much use.
I think there’s a new surge of these things. I got the emails from Paul’s address and a similar message from three or four other email addresses of friends of mine. All the last 2 or 3 weeks.
At this stage of the our culture’s adaptation to the net, this kinda thing is worth not much more than a shrug and ‘these things happen’. If your friends don’t know how to tell the real you from a man-size simulacrum sculpted out of canned spiced ham, they’ve got bigger and more urgent problems than seeing your name on an email header.
Now I can concur. I’ve gotten 2 from a friend’s yahoo account in the past week. Both links to ostensible clothing retail sites which, if clicked, bring up a Firefox warning that this is a known “attack site.”
Sounds like this (from April):
http://voices.washingtonpost.com/securityfix/2009/04/spam_sent_through_hijacked_web.html
You may want to run a spyware
finder to get a second opinion on
your security… I suggest Spybot
http://www.safer-networking.org/
or (believe it or not) Microsoft’s new
Anti-virus/Anti-malware system:
http://www.microsoft.com/Security_Essentials/
I traced the email that I got from you (not you).
All of the messages appear to be coming from Asia - apnic territory
I can’t get into apnic today, something must be down.
You may try to track the IP numbers: 115.49.98.159
123.4.49.110 and
115.49.95.231
The nice thing about Eudora, is you can click on the “blah blah” key and it gives you the header information on emails.
This appears that a spammer is using your name.
You didn’t by chance join a service that organizes your yahooogroups messages - there are several and they are known spammers.
This really stinks because anti-spam systems will put Paul’s Email on a spam list - he should have a right to take legal action against the spammer because he is operating a business email. Also, it is form of identity theft.
If you find their ISP, you can write to the ISP and inform them of the action and they may discontinue the users (spammers) service.
Further research shows that the perpetrator sent the messages from China:
person: ChinaUnicom Hostmaster
nic-hdl: CH1302-AP
e-mail: abuse@chinaunicom.cn
address: No.21,Jin-Rong Street
address: Beijing,100140
address: P.R.China
phone: +86-10-66259940
fax-no: +86-10-66259764
country: CN
changed: abuse@chinaunicom.cn 20090408
mnt-by: MAINT-CNCGROUP
source: APNIC
person: Wei Wang
nic-hdl: WW444-AP
e-mail: abuse@public.zz.ha.cn
address: #37 Wei Wu Road, Zhengzhou, Henan Provice
phone: +86-371-65952358
fax-no: +86-371-65968952
country: CN
changed: wangw@data.zz.ha.cn 20060205
mnt-by: MAINT-CNCGROUP-HA
source: APNIC
I would suggest that you sent a message to abuse@chinaunicom.cn explaining what happened and tell them that you are reporting this also to the US authorities. (fbi.gov)
Supply the IP addresses that I put in the previous message to the chinaunicom.cn email address.
Interesting enough, this character wangw@data.zz.ha.cn has been doing other address books as well:
http://www.google.com/search?q=wangw%40data.zz.ha.cn+address+book&btnG=Search&hl=en&sa=2
There is an example where someone else had the problem with Gmail as well and that it can be read via HTTPS instead of HTTP to make the email transfer private.
This is how I found it:
From a portion of the email header:
Content-Type: multipart/alternative;
boundary=“--------MB_8CC3F99696E6BD2_33F8_6E0ED_webmail-m039.sysops.aol.com”
X-Mailer: AOL Webmail 29202-STANDARD
Received: from > 115.49.95.231 > by webmail-m039.sysops.aol.com (64.12.101.222) with HTTP (WebMailUI); Mon, 30 Nov 2009 00:59:28 -0500
Message-Id: <> 8CC3F996969A910-33F8-36F38@webmail-m039.sysops.aol.com> >
The fact is that many email systems, although they had passwords, do not need a password to send a message. I once had to prove someone at work about this (they didn’t believe me), so they got a message from President Bush <president@whitehous.gov> (Bush was in office when I did the example).