Unusual Yahoo SPAM issue and sent folder

BDPCR

BDPCR

New Member
Reaction score
1
Location
South Florida
I have a client whos yahoo account keeps sending spam emails with an associated link. This machine was checked and cleaned of all known malware using manual removal with the usual tools like process explorer, autoruns and so forth. I followed with automated tools such as Kaspersky offline scans, avira rescue disk, malwarebytes, hitman pro, SAS, Sophos antiroot kit, GMER, combofix, and finally a complete install of Norton NIS 2012 and a thorough scan. All scans and manual searches show nothing this included an MBR re-write for just in case. Furthermore no admin accounts are used by the user, only limited accounts with proper strong passwords employed for the admin accounts.The strange thing is that the spam continues with all passwords reset in yahoo as well as secondary emails and the security challenge questions. The yahoo passwords are strong including characters number and letter combinations.The sent folder shows that emails were sent to most contacts. Checking the log-in logs for yahoo only the user's IP is seen.Now if this isn't a keylogger or rootkit what is going on , in all my years i have not seen this. If it is a cookie Iframe issue on tainted site how can it steal user data on a machine with such restrictions? I posted this thread because my case might be more rare in its intricacies.
 
Go in to yahoo and change his password. Then also take a look at his other settings and make sure a copy of his email is not being sent somewhere else. Yahoo has an option to cc another email address when you change a password I do believe. You will have to crawl thru the site to find it though.

Best Regards,

coffee
 
I see these issues with Yahoo mail from time to time. Agreed it is no fault of the computer itself, it's all on Yahoo's end. This is just what to expect from an inferior free mail service ;)
 
Thanks for your responses everyone, I've read about the possibility of yahoo servers being compromised and yahoo not admitting it. But its a bit difficult to convince a client on this. Any experiences with this please share.
 
BDPCR said:
Thanks for your responses everyone, I've read about the possibility of yahoo servers being compromised and yahoo not admitting it. But its a bit difficult to convince a client on this. Any experiences with this please share.
Click to expand...

Every month businesses get broken into on their computers. They dont want to admit it because they feel its bad business. It will make them look bad and hurt business. They have even paid ransom alot of times to try and keep it quiet. I dont think there is a MAJOR business that hasnt been broken into. You just dont hear about it.

Ive had quite a few customers emails broken into. Gmail, Yahoo email, comcast, AT&T it doesnt matter who really.

If your customer doesnt believe that email accounts cannot be broken into then he is living in "Lah Lah land". I would think that then you will have a hard time proving it unless you want to qoute articles on the internet.

Best Regards,

coffee
 
BDPCR said:
Thanks for your responses everyone, I've read about the possibility of yahoo servers being compromised and yahoo not admitting it. But its a bit difficult to convince a client on this. Any experiences with this please share.
Click to expand...

Take a look at a post I made in this forum on May 30th.
I've had a ton of clients with yapoo/snet/sbc and even a few AOL users now (LOL at them...AOHell..LOL)...with the same symptoms.
http://www.technibble.com/forums/showthread.php?t=38017

One of my friends that does network troubleshooting for the Navy...all his laptops are *nix....not Windows. He happens to maintain a yapoo account (for some reason)...and a few weeks ago I got some spam mails from him.
My brother in law. Now I'm doubting some virus his one of his non-Windows running laptops.

Many clients. Longtime friends. Tons of spam came into my inbox over the past month from yapoo users all in the past month. Same with the other 3 people I work with here in our office...their friends/family that are yapoo users....over the past month they gotten crap from them.
 
You must log in or register to reply here.

Similar threads

HCHTech
IMAP folder syncing
Replies
9
Views
346
callthatgirl
callthatgirl
britechguy
End User Focused Description of Modern Spam Detection and Filtering. Does anyone have a favorite one?
Replies
0
Views
114
britechguy
britechguy
thecomputerguy
Clients emails either not being delivered or going to spam.
Replies
6
Views
287
callthatgirl
callthatgirl
thecomputerguy
Wide-Spread Yahoo/AOL/SBCGlobal issue? (O365)
Replies
10
Views
945
YeOldeStonecat
YeOldeStonecat
lan101
Clarification for frontier email accounts and outlook after Sep 16th
Replies
8
Views
1K
callthatgirl
callthatgirl
Back
Top