Spam e-Mails sent out from my e-Mail.

So seconds ago I Get 5 delivery failures to my hotmail. I don't e-Mail AT ALL and my friend print screned it. It's the generic spam email that literally has one link and I aren't going to bother clicking it to find out what it leads to. Should I reformat? Running MSE and Malware Bytes right now to check for any malware or is this just a case of my password was brute forced or s/t?

I also run Comodo so I honestly doubt theres a virus on my system but we'll see.

 

Since it's from your hotmail, you should at least change your password. Scanning your drive with a good anti-virus is not a bad idea. Unless you want to, it's not necessary to reformat to get rid of that kind of stuff most of the time. But formatting from time to time ain't a bad idea to keep win*cough*dows*cough* your system responsive.

 

It's a relatively fresh install. I have Comodo running in Paranoid Mode atm, (shoulda have had it from the start?) I'm scanning at the moment and I didn't see anything suspicious in Task MGR or msconfig

 

some ones just using your email as the reply-to address. I get them sometimes too

 

Spoofing?

 

Yes, spammers have to populate that field as part of sending an email - so they just throw in random email addresses from their spam list.

Its not really spoofing, You can just open thunderbird and change your "email address" field to what ever the hell you like. But thats the address the replies will goto.

 

How would it explain people in my contact list (and the only people who received it were in my contact list) being the only ones to receive it, can it be publicly accessed?

 

If I were you, I'd change my email password first via web (either using your cellphone, another computer, or booting a GNU/Linux Live distro so you're sure it won't get caught).
I would then proceed to check task manager (preferrably using a tool like Process Explorer or similar) and look for suspicious processes.
You could also start the computer in safe mode and run several malware and antivirus... especially the ones that do the scan via web.

Finally, if formatting the hard drive is no big deal, then do it... it'll help make sure you don't keep any virus/malware. Of course you should backup first any important data... and scan it for malware/virus before restoring said backup to the fresh install.

 

This is suspicious, unless they took a list of "friends" mails from facebook then sent spam to everyone on the behalf of one of them... Since it seems you got a good antivirus (idk comodo), I'd just change my password if I was you. Also even if comodo is running, run a scan on all your drives! It could also have been a malware on a usb stick so scan them, but those are rare nowadays. If this fixes it, no need to format.

But yeah, it's pretty easy to spoof sending a mail from anyone. Just telnet on port 25 of a smtp server (aka sending an email manually) then you can specify the outgoing address. Do use that to do anything illegual thoug, as you're still traceable via ip.

 

MSN just booted me out because of the spam. Gotta recover my account now.

 

Get one of the recipients to forward you the header of the email they received. This will show the IP address of the sending server and the full path it took.
-If it came from Hotmail then someone knows your password..
-If it came from some other random IP from another country then it's just spoofing.
-If it came from your IP then you have a virus.

 

I missed that part. That is more suspicious =/

 

How do we check this?
got somebody onto doing it right now.

 

He found this:

X-Originating-IP: [123.1.87.3]

which isnt my IP

oh and heres the header in general

 

ignore that "X-Originating-IP: [123.1.87.3]"

It starts at a computer with hostname SNT109-W5 at the IP 65.55.90.7 and gets sent to Hotmail for delivery (snt0-omc1-s21.snt0.hotmail.com).
If you check ot the whois info for the IP 65.55.90.7 you can see this is a Microsoft owned IP.

I'm afraid this came from hotmail itself so someone knows your password.

 

The X-Originating-IP seems to be a custom parameter added by the hotmail system - this is the IP address of the computer that logged in the www.hotmail.com to send the email on your behalf. It's someone in Japan.

 

This only happens when your password has been found out. Just change it. Hotmail is shit anyway. Having your own SMTP server is awesome because you can actually ban by IP.

 

Actually all free email accounts are, hotmail gets SO MUCH spam it's starting to bug me.

Since you're being booted from MSN, it's someone using your password to boot you... This is very common and I'd really change your password from another PC, phone or even a console.
I doubt it's actually a virus, but still scan your PC I recommend you do it in safe mode too.

 

do you use MSN Messenger by any chance?

^^ beaten too it

 

Good. The first thing you should have done was change your password. From a computer (or phone) you know isn't infected.

Your account is either compromised or spoofed, but it sounds like it was compromised (and is more common).

How do only people you know get the e-mails? Simple. They're using your account and sending to your contacts. By that, I mean most likely a bot. Or, it's possibly that your e-mail is being spoofed, perhaps from a compromised account of a friend who has the same friends... hence they're all on the list.

Compromised e-mail is always the most likely, but you can run AV and spyware scans if you want.

How did they get your password? Most likely by you being a tard and clicking on something you shouldn't have. Like one of those phishing e-mails from your friends.

Seriously, people - check the damn hyperlink before you click anything! And don't be gullible! OMG, that's NOT a photo of you on this website - don't click it! No, Jennifer Aniston isn't going to appear naked before your eyes if you click it! etc.