• Quick note - the problem with Youtube videos not embedding on the forum appears to have been fixed, thanks to ZiprHead. If you do still see problems let me know.

Help! Email hacked

rwguinn

Penultimate Amazing
rwguinn
Joined
Apr 24, 2003
Messages
11,098
Location
16 miles from 7 lakes
My ISP has chosen to use "Gmail" as its email server.
On Thursday, I started getting a large number of "Delivery Status notifications" of both the refused and delayed type.
I immediately checked my "sent" status (I use THunderbird" as a reader, and had no "sent" messages at all.
I logged on to "gmail", and the sent box had a slew of these garbage messages. Obviously, the server and not my machine, has been hacked
I immediately notified gmail support and my ISp, both by phone and email. By 9:00 PM, my account had been shut down.
I got a password change, and it started working again. We cleared out all files and folders from Gmail.
yesterday, I was still getting the notifications, and was shut down again. Went through the whole procedure again.
Today I am getting delivery notifications, again.
Any suggestions? I've had the PW changed 4 times now, and they have all been strong, 12 digit multi-symbol/letter/number passwords.
 
It's entirely possible your machine is infected with a spam sending trojan. The two major ones out in the wild are Rustock and Storm. I'd recommend getting an anti-malware scanner. MalwareBytes has always worked for me. Google that, download, install, update. There's a free version. Should do the trick.

Spammers nowadays don't pay the money to have the server farms to send that stuff out. Instead they pay some kid to write a virus to do the work for them. Cheaper that way. It basically opens up port 25 on your machine, and then starts broadcasting like nuts.
 
Mister Earl said:
It's entirely possible your machine is infected with a spam sending trojan. The two major ones out in the wild are Rustock and Storm. I'd recommend getting an anti-malware scanner. MalwareBytes has always worked for me. Google that, download, install, update. There's a free version. Should do the trick.

Spammers nowadays don't pay the money to have the server farms to send that stuff out. Instead they pay some kid to write a virus to do the work for them. Cheaper that way. It basically opens up port 25 on your machine, and then starts broadcasting like nuts.
Click to expand...
Gmail shows them as being sent--my machine does not. That's why I suspect the server being hacked.

MalwareBytes found nothing on my machine, and Neither Norton or any of the other non-automatic nasty hunters founds anything
 
Mister Earl said:
It's entirely possible your machine is infected with a spam sending trojan. The two major ones out in the wild are Rustock and Storm. I'd recommend getting an anti-malware scanner. MalwareBytes has always worked for me. Google that, download, install, update. There's a free version. Should do the trick.

Spammers nowadays don't pay the money to have the server farms to send that stuff out. Instead they pay some kid to write a virus to do the work for them. Cheaper that way. It basically opens up port 25 on your machine, and then starts broadcasting like nuts.
Click to expand...

A big agreement on Malwarebytes!!! My wife is experimenting with another one that I will note once she has verified it's usefulness - she is our computer expert.
 
rwguinn said:
Gmail shows them as being sent--my machine does not. That's why I suspect the server being hacked.
Click to expand...

Spambots aren't curteous enough to use a pop client and leave copies in the outbound folder. They're their own SMTP clients. If you're savvy enough to monitor your own network traffic, check for a torrent of unexplained port 25 connections.
 
I have an idea. You changed the password so they cannot log in. However if they are already logged in they do not need to know it. They can still send out their spam on their computer.
Here is a question. You have two computers logged into Gmail. How do you force the second computer to log out of Gmail without access to it? Because that is the question that needs to be answered.
 
RecoveringYuppy said:
http://gmailblog.blogspot.com/2008/07/remote-sign-out-and-info-to-help-you.html ETA: oops, might be out of date.
Click to expand...

Just a bit, but it does tell me how to log out of the other computer.
1. Bottom right corner of your inbox is this line
Last account activity: ## minutes ago.
Underneath it is the word Details.
2. Click on the word Details.A new window opens. It gives the details of all recent IP addresses and dates. It will also give you the option to log out of the other computers.
3. Click on this button.
4. Problem solved.
 
I'm surprised no one has suggested it could be forged From headers (basically, you aren't sending the e-mail; it's being sent from some random source - possibly bots - and the spammer(s) picked your e-mail address to use for the From: header). I have had this happen, although not in large volume.
 
grmcdorman said:
I'm surprised no one has suggested it could be forged From headers (basically, you aren't sending the e-mail; it's being sent from some random source - possibly bots - and the spammer(s) picked your e-mail address to use for the From: header). I have had this happen, although not in large volume.
Click to expand...
That would explain the slew of returned/rejected mail notifications, but isn't that contradicted by the outgoing gmail e-mails?
 
Mister Earl said:
Spambots aren't curteous enough to use a pop client and leave copies in the outbound folder. They're their own SMTP clients. If you're savvy enough to monitor your own network traffic, check for a torrent of unexplained port 25 connections.
Click to expand...
Nothing showing from my machine...
grmcdorman said:
I'm surprised no one has suggested it could be forged From headers (basically, you aren't sending the e-mail; it's being sent from some random source - possibly bots - and the spammer(s) picked your e-mail address to use for the From: header). I have had this happen, although not in large volume.
Click to expand...
The emails show up in the gmail box "Sent" folder, but not locally

RecoveringYuppy said:
That would explain the slew of returned/rejected mail notifications, but isn't that contradicted by the outgoing gmail e-mails?
Click to expand...
I would think so, but being an ME, not an IT type, i tend to think logically:D
Interestingly enough, the "reject" slips are showing up now at a considerably slower pace--and they say "Failure" now, as opposed to them saying "Delay" before.
 
Ah. Overlooked that your gmail sent folder had them. That indicates that someone has access to your Gmail account, yes.

Try turning on two-factor authentication; when you sign on to GMail, click on your e-mail address on the top right and select Account. In there, you can select Security, then two-factor authentication. This should at least slow down if not stop hacks.

You can also enable Account Activity reports from the same place; that will, once enabled and data is collected, show you where you (or the hacker) is logging in from.
 
grmcdorman said:
Ah. Overlooked that your gmail sent folder had them. That indicates that someone has access to your Gmail account, yes.

Try turning on two-factor authentication; when you sign on to GMail, click on your e-mail address on the top right and select Account. In there, you can select Security, then two-factor authentication. This should at least slow down if not stop hacks.

You can also enable Account Activity reports from the same place; that will, once enabled and data is collected, show you where you (or the hacker) is logging in from.
Click to expand...

Two-factor authentication will not stop a person if they already logged on. We know that because the password has been changed several times. I have already said above how to find the IP address of the other party and how to log them out.
 
In Gmail, I believe two-factor authentication requires you to reauthenticate even if you're already logged in.

However, as you said the account activity at the bottom of the GMail page also works.
 
grmcdorman said:
I'm surprised no one has suggested it could be forged From headers (basically, you aren't sending the e-mail; it's being sent from some random source - possibly bots - and the spammer(s) picked your e-mail address to use for the From: header). I have had this happen, although not in large volume.
Click to expand...
I can attest to this, I receive ~20-30 spams a day with a header that says it's from my account. Yahoo refuses to block them and apparently they come from shifting IP addresses.
 
You must log in or register to reply here.

Back
Top Bottom