Help me get rid of this worm.
April 7, 2010 12:46 PM Subscribe
Apparently there's a worm in my email. SBC says it will eventually work itself out. Are they lying to me? Can I do something to speed this along?
I use yahoo mail through SBC. I access it via the web at home on my Mac and at work on my PC. According to the canned email I got back from SBC (when I finally found someplace to ask), the worm will eventually work itself out and if I and the email recipients are protected by a current antivirus program (which I do have - Symantec), no one should be harmed by this. However, it is still sending out email to everyone in my address book, multiple times a day, to everyone's annoyance. Will this eventually stop and/or is there anything else I can do to stop this?
I use yahoo mail through SBC. I access it via the web at home on my Mac and at work on my PC. According to the canned email I got back from SBC (when I finally found someplace to ask), the worm will eventually work itself out and if I and the email recipients are protected by a current antivirus program (which I do have - Symantec), no one should be harmed by this. However, it is still sending out email to everyone in my address book, multiple times a day, to everyone's annoyance. Will this eventually stop and/or is there anything else I can do to stop this?
Yeah, I have no idea what they are getting at, but wait it out seems to be nonsense. Change your passwords, scan any PCs you use regularly, and think about getting an email provider with a clue.
posted by advicepig at 1:26 PM on April 7, 2010
posted by advicepig at 1:26 PM on April 7, 2010
Someone's sending from my email address! How do I stop them?!
posted by Lanark at 2:17 PM on April 7, 2010
posted by Lanark at 2:17 PM on April 7, 2010
Anybody can send email that looks like it came from you, and many worms use this fact to propagate themselves (they'll go through the address book of the computer they've infected and send email to everyone in it, from everyone in it.) So, unless you've got a reason to suspect a problem with your computer specifically (other than people telling you they're receiving spammy/wormy email from you,) the problem is much more likely to be an infection in the computer of somebody else, somebody you have emailed or who has sent you email at least once.
posted by contraption at 4:29 PM on April 7, 2010
posted by contraption at 4:29 PM on April 7, 2010
Best answer: Most Yahoo accounts are not hooked up to a PC via anything other than the Web. If that's true for you, then it's pretty unlikely that either of your PCs is involved. Far more likely is that your Yahoo account password has been guessed by an automated cracker, and that some PC completely unknown to you is using it to do the dirty.
So the first thing you need to do is change your Yahoo password to something more robust. That should immediately stop the black hat being able to access your account.
Next thing is to assume that every piece of mail in your Yahoo account has been scanned and scraped for passwords, VISA card numbers and so on for the purposes of further identity theft. So you need to do that as well, and change any identifying details that show up in emails to or from you.
I'd also recommend switching from Yahoo to Gmail. One of the nice things about Gmail is that it shows you, right there on your inbox page, the time of last access to your account, the IP address that the access came from, and the method (POP3, IMAP or web). So if you learn your own IP addresses, it's actually possible to see whether something nefarious has been done since last time you used your account. Gmail will also automatically put an account into temporary lockdown if it appears to be generating spam.
posted by flabdablet at 4:39 PM on April 7, 2010 [2 favorites]
So the first thing you need to do is change your Yahoo password to something more robust. That should immediately stop the black hat being able to access your account.
Next thing is to assume that every piece of mail in your Yahoo account has been scanned and scraped for passwords, VISA card numbers and so on for the purposes of further identity theft. So you need to do that as well, and change any identifying details that show up in emails to or from you.
I'd also recommend switching from Yahoo to Gmail. One of the nice things about Gmail is that it shows you, right there on your inbox page, the time of last access to your account, the IP address that the access came from, and the method (POP3, IMAP or web). So if you learn your own IP addresses, it's actually possible to see whether something nefarious has been done since last time you used your account. Gmail will also automatically put an account into temporary lockdown if it appears to be generating spam.
posted by flabdablet at 4:39 PM on April 7, 2010 [2 favorites]
By the way: it's the fact that your address book appears to have been compromised that tells me this is actually an account security breach rather than a simple Joe job.
posted by flabdablet at 4:41 PM on April 7, 2010
posted by flabdablet at 4:41 PM on April 7, 2010
Just because they broke into your account once does not mean it cannot be a joe job too.
posted by idiopath at 7:54 AM on April 9, 2010
posted by idiopath at 7:54 AM on April 9, 2010
Response by poster: Followup:
Changed passwords (d'oh) as flabdablet suggested and haven't had any more spam being sent, at least for the last few days. Fortunately, my email does not contain anything worthy of taking for the purposes of stealing my identity. I am keeping a close eye on things, nonetheless.
posted by sarajane at 1:48 PM on April 9, 2010
Changed passwords (d'oh) as flabdablet suggested and haven't had any more spam being sent, at least for the last few days. Fortunately, my email does not contain anything worthy of taking for the purposes of stealing my identity. I am keeping a close eye on things, nonetheless.
posted by sarajane at 1:48 PM on April 9, 2010
If your password was already robust (i.e. at least 8 characters long and not an obvious transformation of a dictionary word or two) before you made this change, then it may well have been collected by a keylogger rather than simply brute-force guessed. If you haven't accessed your Yahoo account from anywhere other than home or work in the last few months, you should probably give your work's IT people a heads-up (I've not heard reports of any Mac-compatible keylogging malware in circulation at present).
posted by flabdablet at 4:08 PM on April 9, 2010
posted by flabdablet at 4:08 PM on April 9, 2010
This thread is closed to new comments.
Dollars to doughnuts, the virus is on your work PC, as the incidence of Mac virus infections is minuscule in comparison. If your PC is maintained by an IT department, they should be made aware of this. If not, the run down on de-crapifying a PC in deezil's profile is pretty comprehensive.
posted by romakimmy at 1:15 PM on April 7, 2010 [2 favorites]