I’ve been getting a rash of calls this week from people saying their email has been hacked and now their contacts are receiving spam from them. There are 2 possible reasons for this.
- Someone or some program actually guessed your email password, copied your contacts and then is spamming your contacts (via spoofing your email from address).
- Your PC is infected with a combination of a keylogger and mass mailer. The malware accesses your email account from your PC and then spams your contacts over and over.
I *think* I may have found traces of a mass mailer last night. Combofix deleted a folder in c:\Windows\System32\download and a file inside called ispinfo.csv. Check out the screen shot below:
If you’re email has been hacked then you should do the following things in this order.
1. Do a full virus scan of all the PC’s you use. Here are the anti-malware programs that I recommend for this:
- Malwarebytes (update it first, then scan the C:\ drive)
- Kaspersky Antivirus or Norton Antivirus (trial or full version – make sure your PC is only running 1 antivirus at a time!)
- Hitman Pro 3.6 (activate the free 30 day license to remove anything it finds)
- Combofix (last resort) – this can be tricky. Make sure your antivirus is turned off before you scan. Re-enable your antivirus after the scan.
2. Change your email password. Make it strong.
3. Consider changing your ISP password if your DSL router requires a username and password to connect to the internet (pppoe).
4. Keep a close watch on other accounts that you have for any suspicious activity.