Is this a virus or???

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View


I have a charter account (main one) and use a Yahoo email account.

Apparently, everyone from my Yahoo address book got an email (from me) with
some link (I think to a drug site).

Does this mean I have a virus? If so, what kind/type?

I'm going to run my Avira and Malwarebytes.

Mel



Re: Is this a virus or???



MZB wrote:

Quoted text here. Click to load it

Did you change your Yahoo password yet?  A spammer hacked into your
Yahoo account. First thing I would do would be to change your Yahoo
password.

Or:  the spammer simply forged your email address in his own botnet as
the FROM: address. It was your turn in the barrel. (This probably would
not generate mail to *your* friends, though.)

Ask a few of your friends to look in the headers and see what IP address
was used to send the spam. Do a whois on it/them and see where they came
from.

Quoted text here. Click to load it

Always a good plan, regardless of the problem.

--
   -bts
   -Four wheels carry the body; two wheels move the soul

Re: Is this a virus or???



Can you help me with this?
I have OE.
I right click and go to properties and then details, but I cannot tell which
is the IP Address I want to look up. There is nso much information there.

Mel
Quoted text here. Click to load it



Re: Is this a virus or???



MZB wrote:

Quoted text here. Click to load it

Look through the:  Received from: ...
lines, probably the first one you encounter. Without seeing the headers,
I can't say much more.

Wait.  Is this header forwarded to you by one of the people who got the
spam from you?  You need to see theirs, not one of your received mails.

Please don't top-post.

--
   -bts
   -Four wheels carry the body; two wheels move the soul

Re: Is this a virus or???



Beaure:

Oh. I got the email at my personal account from my Yahoo account. (My
personal account is listed in my Yahoo address book). So, can't I use that?
I am just another recipient, right?

I ran Avira and nothing showed up. I'll run Malwarebytes next. I did change
my Yahoo password.

Mel


Quoted text here. Click to load it



Re: Is this a virus or???



It says 10.10.200.6
Whois mentions it is IANA(Internet Assigned Numbers Authority) out of Marina
Del Rey (Calif).
Not sure what this means.

Mel


Quoted text here. Click to load it



Re: Is this a virus or???




| It says 10.10.200.6
| Whois mentions it is IANA(Internet Assigned Numbers Authority) out of Marina
| Del Rey (Calif).
| Not sure what this means.

| Mel


That's a private address on the LAN side of a NAT Router.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Is this a virus or???




| I have a charter account (main one) and use a Yahoo email account.

| Apparently, everyone from my Yahoo address book got an email (from me) with
| some link (I think to a drug site).

| Does this mean I have a virus? If so, what kind/type?

| I'm going to run my Avira and Malwarebytes.

| Mel


It could mean your Yahoo account was compramised.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Is this a virus or???



David:

I wonder how that happens. They somehow got my Yahoo email address (easy)
and my Yahoo password. Hmmmm

Mel
Quoted text here. Click to load it



Re: Is this a virus or???




| David:

| I wonder how that happens. They somehow got my Yahoo email address (easy)
| and my Yahoo password. Hmmmm

| Mel

Multiple ways now...

Scenario 1:
Your PC is infected with Malware.  It scans your IE and FireFox password stores
and steals
credentials, including your "Yahoo! Account".  The credentials are then sent to
a third
party web site to be parked and waiting for pickup.  The Malicious actor gathers
credentials and uses them against you and for his gain.

Scenario 2:
You are infected with a keylogging trojan.  It catures and your keystokes and
and then the
credentials are sent to a third party web site to be parked and waiting for
pickup.  The
Malicious actor gathers those credentials and...

Scenario 3:
You advertanly realeased the account information.

To name a few...


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Is this a virus or???



I ran Avira and Malwarebytes. No infections according to those programs.

Mel
Quoted text here. Click to load it



Re: Is this a virus or???




| I ran Avira and Malwarebytes. No infections according to those programs.

| Mel


Good !

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Is this a virus or???



David:

Does this mean I can be somewhat assured that there is no keylogger or
malware on my system?

The article posted "From the Rafters" was interesting. Is it likely someone
got that information that way?

Mel

Quoted text here. Click to load it



Re: Is this a virus or???




| David:

| Does this mean I can be somewhat assured that there is no keylogger or
| malware on my system?

| The article posted "From the Rafters" was interesting. Is it likely someone
| got that information that way?

| Mel

What way ?




--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Is this a virus or???



As per the article (Rafter's post_

Mel
Quoted text here. Click to load it



Re: Is this a virus or???




Quoted text here. Click to load it

No, that is phishing. It is a way to trick people into giving up their
password. I was looking for CSRF information and posted that link by
mistake. Was your old password easily guessable? Did you mistakenly give
up your password to a prompt that looked like a legitimate prompt (but
wasn't)?

...and would you know?



Re: Is this a virus or???



No it does not mean that at all. It just means that Avira and Malwarebytes
did not find anything.

Quoted text here. Click to load it

Re: Is this a virus or???





Quoted text here. Click to load it

Yahoo gives you the option to leave your mailbox open for two weeks without
closing it each time you access it. To me that is a very poor option because
a hacker can easily enter your mailbox. Don't use that option.
ALWAYS CLOSE YOUR MAILBOX AFTER EACH USE.

Poster 60



Re: Is this a virus or???





[...]

Quoted text here. Click to load it

Sometimes they just guess, sometimes they use datamining, and there have
been software based exploits in the past with similar e-mail services.

http://www.emeagwali.com/bbs/messages/3193.html



Site Timeline