Weird spam on behalf of me problem

thelawnet

I got an email earlier today from an old contact, sent to my @yahoo.com email address, asking me if I had sent this:

Hi what up this is great http://www2.worldnews13idaily.com/?date=NOV2011&article=7459 good luck
Received at 2:28pm, from his machine

Thought it maybe malware on his machine, but I just got a bounced email from another old contact of similar style:

im about to go stand in line at the mall but look into this http://worldnews13itoday.com/?date=NOV2411&token=2iw930


Shows from:

hotmail_9a767afb8ca91097@live.com; on behalf of; [my email]

Reporting-MTA: dns;blu0-omc1-s10.blu0.hotmail.com
Received-From-MTA: dns;BLU0-SMTP181
Arrival-Date: Fri, 25 Nov 2011 10:24:47 -0800

(Which is 6:24pm GMT)

I ran a malware scan, but nothing found.


Any thoughts?

scotty_591

Could be someone has hijacked your account and is sending spam out to your contacts from your account.

Run a malware/virus scan on your computer just incase you have a trojan virus or a keylogger. Once your system is confirmed to be clear of threats, log into your account (make sure you log in at the correct place and check the URL carefully and make sure it has a valid SSL certificate (should appear at the left hand side of the URL bar) and to make sure that someone isn't re-directing you to a fake site.

Once you know you are virus free and on the correct site, change your password and see if you get any more like this.

thelawnet

The thing that is odd is that they are sending via hotmail, but they seem to have access to some of my Yahoo contacts.

thelawnet

Ok I found full headers:

X-Apparently-To: [EMAIL="myMsnContact@yahoo.com"]myMsnContact@yahoo.com[/EMAIL] via 106.10.144.231; Tue, 29 Nov 2011 05:09:35 -0800
Return-Path: <me@yahoo.com>
X-YahooFilteredBulk: 65.55.116.29
Received-SPF: none (domain of yahoo.com does not designate permitted sender hosts)
X-YMailISG: KroXh18WLDt2hX7u9.ZF1rBOxq3qKsfUpBUNLhcEp5Lyk7pV McH4tE3i4RJ0M16lLRF45N7GrRnzKBEp1AZnLaurb3afQJnr56y9J0nn3TLY gu4pKB2ZrFsfntVMY9OvqUnV2tcnQnfJfjSVu8gZUr5f1RzeOJl63uH6sXgA QMNfML7UKGvvy6rJwmBQt5svbvM3LKOUJZ30BCgymT73DhP72uyXLgdWbMv0 4AK0exnylatAkRUGMW3_PZ54uT3n8nXbaNCEw8hlwlmpS97bcL_3vOJOBHuJ aMkaDWTdJw1iW_6FOA0LrHZ6Qep8L_Ia.b0iXKzg5o6XLGsDMCDZkqy3TREV r4jsMVrvNDnZCqi9wfy5YcH5tdP_MO3C.5iEAW_DIV9wfKVAiDf7sfcJwnhE LoOI_Ir_qmoPRI.B9.aUCGKAWqbYOzAOPMK9mQsvJdc7UDT.XWQ46IhZM6dr WZU1ShZDYnqr_OGuQy7La4sUADYEioY08eJzKLmVCCqtWzge389ylpVI8gPN VY6Bn3z5vtZSn4Zv2xSjeSGyDWVN_jdilPOuzQ6XaA38WgIuUOsOuQgUa92T urcZKsTHE56thvQ9s4MFFbcrpNHS4fI8V926n2AerdBAGnFWyVHQFM8uBYD. j7cn798UFnhTvV2STAwcPS5EL7Hkwb65XBNd_zqUrfMTTOWxUL7x5UIoq1f8 ARfYnJeXchBfMVC9o83JgMeT0TAWieMX549TaBROZ5emSUKlU2.CazdcJ9hj SiPjEXtVnQ_.WeFkW5j8cHelZTjjkmYYuA57NZn_dkxFildWGcV1905IxBK3 FuQ.cBzuDCn59BMMIgq1WPzZZGSlLlKU6spvOSVifnmZF33DxOWXqifUeBlE 4Mb73s5SYUOzmnken8Sk.7ibH4U1Pr6fRXKdYgfipfmCt.wqWgFhEJWwiVpN 3guT04LplJRfWf1RE107DHNBrENPf3dhtZ91nzuzEfphUccMy94_fE3fqXqZ cAVzalmBU_CP6OLF4Rme2tjfpN7ckJ52M26dhvyXgaiFEq9eg5WPts.Rm0_5 frJV6PcH2fmiVtD6mHiy1adOBsXWq0J_R59xRabBj1jyGaIFNQ--
X-Originating-IP: [65.55.116.29]
Authentication-Results: mta1080.mail.mud.yahoo.com from=live.com; domainkeys=neutral (no sig); from=yahoo.com; dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO blu0-omc1-s18.blu0.hotmail.com) (65.55.116.29) by mta1080.mail.mud.yahoo.com with SMTP; Tue, 29 Nov 2011 05:09:35 -0800
Received: from BLU0-SMTP202 ([65.55.116.8]) by blu0-omc1-s18.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675); Tue, 29 Nov 2011 05:09:13 -0800
X-Originating-IP: [122.163.25.26]
X-Originating-Email: [me@yahoo.com]
Message-ID: <BLU0-SMTP202F4B059E0ED966E37CE65B9B30@phx.gbl>
Return-Path: [EMAIL="me&#64;yahoo.com"]me@yahoo.com[/EMAIL]
Received: from [192.168.1.1] ([122.163.25.26]) by BLU0-SMTP202.phx.gbl over TLS secured channel with Microsoft SMTPSVC(6.0.3790.4675); Tue, 29 Nov 2011 05:09:12 -0800
From:
<me@yahoo.com>
Add sender to Contacts
Subject: Hi
Date: Tue, 29 Nov 2011 08:09:07 +0000
To: mycontact@yahoo.com
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 29 Nov 2011 13:09:13.0749 (UTC) FILETIME=[17626C50:01CCAE98]
Sender: <hotmail_9a767afb8ca91097@live.com>

As you can see they are using hotmail to send the message, and it seems to originate from India - 122.163.25.26

It looks like they hacked my MSN messenger, which I set up years ago using my Yahoo.com address. I used an old password and that might be the problem.