Unauthorised emails from msn account.

Alkers

When I checked my inbox this morning I had a heap of emails from postmaster saying "Delivery Status Notification (Failure)" and also an email from myself with a link to an online drug store. Obviously a load of spam has just been sent from my address.
I have often received these emails in the past but as far as I know this is the first time they've been sent from my account. I only access my email through outlook on my own computer but in the last week or two have accessed it via hotmail on my parents computer. Neither of my parents have had spam sent from your address. Does this spam have my username/password somehow or how are these emails sent? This is my main email address so want to make sure it doesn't happen again. Thanks

h57xiucj2z946q

-Download malware bytes, update run a full scan. (scan in safe mode if possible)

Then:

-Change password
-Change security question/reminder
-Change "other" email, the email you would use if you click the "Forgotten password?"


You may have spyware/keylogger, or its possible a website you use was compromised and you used same passwords for your email account.

Shane O' Malley

Simona1986 wrote: »

When I checked my inbox this morning I had a heap of emails from postmaster saying "Delivery Status Notification (Failure)" and also an email from myself with a link to an online drug store. Obviously a load of spam has just been sent from my address.
I have often received these emails in the past but as far as I know this is the first time they've been sent from my account. I only access my email through outlook on my own computer but in the last week or two have accessed it via hotmail on my parents computer. Neither of my parents have had spam sent from your address. Does this spam have my username/password somehow or how are these emails sent? This is my main email address so want to make sure it doesn't happen again. Thanks

May not have actually been sent from your email address. Usually the sent from address is spoofed (Faked)

When the mail is sent to an address that does not exist it gets returned to your email account.

Always a good idea to check for malware but it is probable that this is not in fact the problem.

Alkers

Shane O' Malley wrote: »

May not have actually been sent from your email address. Usually the sent from address is spoofed (Faked)

When the mail is sent to an address that does not exist it gets returned to your email account.

Always a good idea to check for malware but it is probable that this is not in fact the problem.

Scanned both the computers today with the Malware bytes software and they were both clean. I had a second batch of sent emails today. They are definitely sent from my account as most of the messages I got were from hotmail saying that the message could not be sent. Also the message from me that I got was also sent to some people in my contacts.

Shane O' Malley

Check the headers on the mails. It should show the route the mail took to get to hotmail including the ip address of the sending computer.

Post them up here if you want us to interpret them for you.

Alkers

Shane O' Malley wrote: »

Check the headers on the mails. It should show the route the mail took to get to hotmail including the ip address of the sending computer.

Post them up here if you want us to interpret them for you.

Sorry, how do I do that - using hotmail?

Shane O' Malley

To see the full email including all header lines in Windows Live Hotmail:

Open the desired email in Windows Live Hotmail.
Click the down arrow next to Reply in the message's header area near the sender and subject.
Pick View message source from the menu.

In the message source you will see the headers.


An example of headers is below

Received: from EXIC1.lse.ac.uk ([158.143.216.121]) by ExF2.lse.ac.uk with Microsoft SMTPSVC(5.0.2195.5329);
Tue, 15 Jul 2003 12:16:56 +0100
Email passed from Exchange gateway servers to staff mailbox server
Received: from EXAV2.pc.lse.ac.uk ([158.143.216.132]) by EXIC1.lse.ac.uk with Microsoft SMTPSVC(5.0.2195.5329);
Tue, 15 Jul 2003 12:16:55 +0100 Email passed from anti-virus servers to Exchange gateway server
Received: From exas1.lse.ac.uk ([158.143.216.135]) by EXAV2.pc.lse.ac.uk (WebShield SMTP v4.5 MR1a);
id 1058267813844; Tue, 15 Jul 2003 12:16:53 +0100 Email passed from anti-spam servers to anti-virus servers
Content-Class: urn:content-classes:message
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Received: from web60003.mail.yahoo.com ([216.109.116.226]) by exas1.lse.ac.uk with Microsoft SMTPSVC(5.0.2195.5329); Tue, 15 Jul 2003 12:14:24

Alkers

Here's the source - looks like it was from my address - clue is in the username!

X-Message-Delivery: Vj0xLjE7dXM9MDtsPTE7YT0wO0Q9MDtTQ0w9NA==

X-Message-Status: n

X-SID-PRA: Simon Alvey <simona1986@msn.com>

X-SID-Result: Pass

X-AUTH-Result: PASS

X-Message-Info: 6sSXyD95QpUiH+B6vtPztPTaN3IT7JLXJAhus/u2xekvMl74E1h3ERtlYKbViwoZkQGr0uOarP1F6ksWJFuQXjCKba4XNhdaUlnvPxs5x3utqUbyCZobBA==

Received: from dub0-omc1-s24.dub0.hotmail.com ([157.55.0.223]) by bay0-hmmc2-f5.Bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675);

Fri, 29 Apr 2011 08:50:58 -0700

Received: from DUB103-W25 ([157.55.0.237]) by dub0-omc1-s24.dub0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675);

Fri, 29 Apr 2011 08:50:03 -0700

Message-ID: <DUB103-w25EDF0C97A10134829DD60D49A0@phx.gbl>

Return-Path: simona1986@msn.com

Content-Type: multipart/alternative;

boundary="_1c2d2067-184f-49d6-a226-f734f555f43e_"

X-Originating-IP: [186.206.121.195]

From: Simon Alvey <simona1986@msn.com>

To: <simona1986@msn.com>, <nelsonpolinsky29@hotmail.com>,

<lorylardone6993@hotmail.com>, <ronken58@hotmail.com>,

<babby_manna@hotmail.com>, <sino_hogan@hotmail.com>,

<floragatzow52@hotmail.com>, <leighmartindale@hotmail.com>,

<ciaranolan06@hotmail.com>

Subject: simona1986

Date: Fri, 29 Apr 2011 16:50:04 +0100

Importance: Normal

MIME-Version: 1.0

X-OriginalArrivalTime: 29 Apr 2011 15:50:03.0885 (UTC) FILETIME=[1AE9D1D0:01CC0685]



--_1c2d2067-184f-49d6-a226-f734f555f43e_

Content-Type: text/plain; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable



http://creditroyaldefrance.com/ash2.html

=



--_1c2d2067-184f-49d6-a226-f734f555f43e_

Content-Type: text/html; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable



<html>

<head>

<style><!--

.hmmessage P

{

margin:0px=3B

padding:0px

}

body.hmmessage

{

font-size: 10pt=3B

font-family:Tahoma

}

--></style>

</head>

<body class=3D'hmmessage'>http://creditroyaldefrance.com/ash2.html<br&gt; =

</body>

</html>=



--_1c2d2067-184f-49d6-a226-f734f555f43e_--

Shane O' Malley

Do you see the section X-Originating-IP: [186.206.121.195]

Well that traces back to Brazil http://www.dnsstuff.com/tools/ipall/?tool_id=67&token=&toolhandler_redirect=0&ip=186.206.121.195

IE Mail was sent from a computer in Brazil.

The spammers are just sending out mails to loads of hotmail addresses and pretending to be you. However i suggest you change your email address password just in case.

Would not worry about it too much. They will move on to someone else's account soon.

Cheers

Shane

Alkers

Shane O' Malley wrote: »

Do you see the section X-Originating-IP: [186.206.121.195]

Well that traces back to Brazil http://www.dnsstuff.com/tools/ipall/?tool_id=67&token=&toolhandler_redirect=0&ip=186.206.121.195

IE Mail was sent from a computer in Brazil.

The spammers are just sending out mails to loads of hotmail addresses and pretending to be you. However i suggest you change your email address password just in case.

Would not worry about it too much. They will move on to someone else's account soon.

Cheers

Shane

That's strange, how did they get it to send to my contacts so? All of the addresses listed in the sources file (that the email was sent to) are on my contacts but it's not my whole contact list either. How can they send an email from Brazil that looks like it's from me?
Thanks for your help
Changed password today anyway, hopefully nothing gets sent tomorrow.

h57xiucj2z946q

Because they compromised your account and nabbed your contacts.

newbie2

This happened to me a couple of months back. Pain in the ring. While the account is not hacked the spammers have just used your email address to fill in the 'sent from' line. They send the mail out to everyone they can such as pete@hotmail.com, then pete1@hotmail.com then pete2@hotmail.com anss so on.... The majority get sent back as undileverable because of spam filters or the email address doesnt exist.
They move on after about a week.

Shane O' Malley

Everyone on the "To" list are in your contacts?

If that is so, then it looks like they got access to your contacts in some way. They may have just restricted it to hotmail contacts with that batch.

In order to get access to your contacts they need to either access your hotmail contacts on your computer (If you use outlook or windows live mail etc) or accessed your contacts online by knowing your password, or by accessing your contacts through a malicious application you granted permission to.

I dont use hotmail but you should check your security settings for applications allowed access your contacts.

Also change the password recovery method just to be safe.

Shane

h57xiucj2z946q

Looks like that mail was sent through a hotmail server anyway.

Shane O' Malley

newbie2 wrote: »

This happened to me a couple of months back. Pain in the ring. While the account is not hacked the spammers have just used your email address to fill in the 'sent from' line. They send the mail out to everyone they can such as pete@hotmail.com, then pete1@hotmail.com then pete2@hotmail.com anss so on.... The majority get sent back as undileverable because of spam filters or the email address doesnt exist.
They move on after about a week.

They dont need to hack your account to fill in the sent from line. That is easily faked.

CrackisWhack

Happened to me about a year ago, and i had recruitment agencies and everything on my contact list. they sent it to all of them, i changed password and it kept happening, i googled it and its happened to lots of other hotmail accounts.

tbh i think its a problem with there server, had to close the account in the end.

newbie2

newbie2 wrote: »

While the account is not hacked the spammers have just used your email address to fill in the 'sent from' line.

Shane O' Malley wrote: »

They dont need to hack your account to fill in the sent from line. That is easily faked.

Erm?

Shane O' Malley

Heading to Specsavers 1st thing in the morning