My hotmail account is spamming people....

[welshdragon]

Right, on two seperate occasions emails selling Viagra etc ahve been sent fomr my email account. On both occasions my pc was off at the wall.

Firstly, apologies to anyone here who has received one.

Secondly, I have done the following. Can anyone else think of anything I can do to increase security/stop this happening?

I have run in safe mode:
MSE
MBAM
KASPERSKY
Windows Malware Removal Tool

I have changed my account password to make it longer and a mix of characters/numbers
I have changed my security question
I have removed all 'trusted' computers fomrt he account panel
I have opened a Gmail account with a view to transferring if this doesn't stop.

Only time will tell if this fixes it but can anyone else think of stuff I can/should do? Also using windows live mail to manage accounts. Is this ok or should I be using something else?

Thank you in advance for helping me with this. I knwo the question has been asked before but much appreciated.

 

[PhillyDee]

Change your password. Thats all you need to do. They have your password, by whatever means I do not know. They use it to send emails. I doubt that your PC has been hijacked in any way.

If at any point you change it back (I did this after 6 months) it will start sending spam again. Its like a stuck autodialler.

 

[siclilmonkey]

thats about all you can do.

Check your other Computers for key loggers maybe?

 

[welshdragon]

Cheers mate. Did this 2 weeks ago but its spamming people again which has caused me to worry about keyloggers etc. Though both passwords were pretty weak thinking about it. Hope the measures above have sorted it.

I've also wiped my contacts list just so if they spam me again it won't be quite as embarassing!

Anything else I should run other than MSE/MBAM/MSRT/KASPERSKY?

 

[BigBoy]

16 digit alphanumeric passwords containing upper and lower case letters is the way forward!

 

[Rroff]

Do you see these outbound emails in your outbox/sent items?

If people are saying to you - "I'm getting spam from your email address" its likely they are spoofing your email address in the header (which is perfectly possible) but sending from their own mail server (checking the advanced header will show the originating IP addy and forwarding chain which probably won't match your email provider).

If its not your account thats been compromised basically _someone_ in your contacts list has signed upto something dodgy with their email account and let it have access to their contacts or they themselves have been compromised and the spammer's software has picked a random contact to spoof as if the email is coming from and sent to everyone else on the list.

 

[iviv]

16 digit alphanumeric passwords containing upper and lower case letters is the way forward!

No it isn't.

 

[Deception]

No it isn't.

Saw that a few months a go at work

Oh and once you change password, change your secret question and answer incase they left a backdoor. Also check reset email address etc.

 

[BigBoy]

No it isn't.

agreed 24digit alphanumeric is better

 

[welshdragon]

Do you see these outbound emails in your outbox/sent items?

Yes the emails sent are all in my 'sent items' folder.

Cheers for the advice guys. Have reset password, secret answer and specified my gmail account as a backup. Also ticked the rest every 72 days box.

All my virus/malware scans have come back clean. Inclined to think someone was using my hotmail as opposed to pc being infected....

What do you guys think?

 

[Rroff]

As I mentioned in another thread this was posted in - a LOT of systems (other than those that still store the password in full plaintext) still use fairly limited length hashes so it doesn't matter that much what the password is - aslong as its not a single dictionary word.

 

[Rroff]

Yes the emails sent are all in my 'sent items' folder.

Ooof something has been compromised then :| does anyone else use the email ddy other than yourself?

 

[lurkio]

By any chance are you using Internet Explorer ?

 

[welshdragon]

Ooof something has been compromised then :| does anyone else use the email ddy other than yourself?

No one. I manage it using windows live mail on the desktop and the native mail client on my iphone/ipad.

By any chance are you using Internet Explorer ?

Yes IE9

Windows update is done religously including nearly all my other programmes

 

[lurkio]

Yep as I thought

Use a different web browser not IE

 

[welshdragon]

Yep as I thought

Use a different web browser not IE

Well I have been toying with the idea of Firefox. Any particular reason though? Thought IE9 was meant to be ok?

 

[Skillmister]

No it isn't.

you learn something new every day

 

[tntcoder]

As I mentioned in another thread this was posted in - a LOT of systems (other than those that still store the password in full plaintext) still use fairly limited length hashes so it doesn't matter that much what the password is - aslong as its not a single dictionary word.

What? Of course it matters. The greater the entropy of your password (usually linked closely to the length) the stronger those hashes will be. Assuming by 'limited length' you mean >= 128bit.

 

[welshdragon]

So would people recommend ditching IE9 then? Firefox looks good, some nice tools for helping me with building sites too ie firebug

 

[lurkio]

Well I have been toying with the idea of Firefox. Any particular reason though? Thought IE9 was meant to be ok?

Just the fact that 99.9% of machines I have to remove virus , malware etc
the people who own them use IE and no other browser

Firefox is great once you get some good addons in it , opera is not bad (dont like new UI tho)