Spam Sent from my Email (Not by me obv)

[DaveShoelace]

Morning All,

Got a brand new PC on Wednesday night with a new version of Norton 360.

This morning I logged into Gmail and a few minutes into it, I got a load of undeliverable messages, which appeared to have been attempts by myself to email a dodgy looking health website from my email address. I checked my sent mail to see several others that appeared to get there.

Just a few cookies found when I do a virus/security scan. Most of the emails that were sent to were email addresses I dont usually send things to.

Would someone have hacked into my account to send these emails? Or have they essentially made it look like they have sent from my account and I am somehow getting it logged in my sent items?

I changed my password obviously. It seems very odd that something like this can happen pretty much a day into a new computer with full security clobber.

[rex008]

Normally with these they've just spoofed your mail, adding your return address to ones they spam out from elsewhere. However, if you've actually got them in your sent mail, then they must actually have come from your account. Which means somebody has logged into your gmail account, I suspect. Change the password straight away, I suggest, and if you use the same password anywhere else, change that too.

Either there is a keylogger on your new machine, or you've been phished for your password. Norton is not necessarily infallible. I'd be tempted to download a couple of other free virus checkers and do a scan, just in case. I'd also suggest you don't do any online banking from your new machine until you're absolutely sure it's clean.

[DaveShoelace]

Normally with these they've just spoofed your mail, adding your return address to ones they spam out from elsewhere. However, if you've actually got them in your sent mail, then they must actually have come from your account. Which means somebody has logged into your gmail account, I suspect. Change the password straight away, I suggest, and if you use the same password anywhere else, change that too.

Either there is a keylogger on your new machine, or you've been phished for your password. Norton is not necessarily infallible. I'd be tempted to download a couple of other free virus checkers and do a scan, just in case. I'd also suggest you don't do any online banking from your new machine until you're absolutely sure it's clean.

ooh bugger.

I actually did do online banking this morning, but thankfully the first thing I did after was to ring the fraud departments of the bank to make them aware of this.

Any recommendations for free virus checkers?

[kinboshi]

Free - I'd advise avast.

Also, in gmail you can ask it to alert you when someone logs into your account, and you can confirm if it's you using it (on your phone, or another PC, etc.) or if it's not.

[kinboshi]

http://gmailblog.blogspot.com/2010/03/detecting-suspicious-account-activity.html

[DaveShoelace]

Thanks guys

Cheers for the link Kin, turns out some wanker from Turkey logged on via a mobile an hour ago, which I presume means it wasnt my pc hacked and a key logger, which is a relief I spose.

Dont suppose there is a way to exclude his IP in future? Obv my password change is the main priority.

[kinboshi]

Change your password to one that's nothing like any of the others you use. 

If you're using Firefox as your browser, it's important to remember that if you ask it to remember passwords for sites for you, these are stored in a plain text file - so anyone with access to your computer (either physically or by hacing into it) can see these.  To make this secure, you simply use a master password for Firefox - and then this plain text file is encrypted and only you'll be able to access it.

http://support.mozilla.com/en-US/kb/Protecting+stored+passwords+using+a+master+password

[Bongo]

Cheers for the link Kin, turns out some wanker from Turkey logged on via a mobile an hour ago, which I presume means it wasnt my pc hacked and a key logger, which is a relief I spose.

Seems an odd assumption... how did he get your password?

[lazaroonie]

Free - I'd advise avast.

Also, in gmail you can ask it to alert you when someone logs into your account, and you can confirm if it's you using it (on your phone, or another PC, etc.) or if it's not.

i am fast going off avast after last night - I was browsing on twitter and clicked a link for a twitpic, in getting to the page i got the sirens and 'caution, a virus has been detected...' worryingly it didnt give me the option to delete, quarentine etc...i went away from my computer for 2 minutes and come back to find it running 'av security center 2010'. bollocks...gg rest of the night...

[Bongo]

You get what you pay for

[lazaroonie]

and to add...it is not unknown for 'brand new' machines to have nasty viruses on them - i know for a fact, cos i've seen it, that on the sweat shop floor , bored mexicans/hungarians etc installing all sorts of porn and hacked games onto the machine the loads the opsys image onto the hard drives for the newly built machines.

this actually happened to me with an HP laptop built in our facility in france a few years back...happily i was able to use our wonderful systems to trace the serial number back to who was working at that station at the time....i gave him a little tip - when building staff machines, you may want to take a bit more care..plonker.

[lazaroonie]

You get what you pay for

oi! believe it or not this is actually the professional version which was paid for...i