[url]www.e-****.com[/url] :: my e-mail hacked.

wd40

Hi All,

The following msg was sent from my email @ yahoo .. to all my contacts .. any ideas ?
a search in yahoo and Google turned up almost nothing usefull.

---

A Christmas greeting to cheer you, my dear friend !
As you know, we are reliable wholesaler , and we can offer you the top quality item , they are very usefull , such as laptops, phones , TVs , and you can send them as gift for your family or friends , it's so perfect ,right ? welcome to visit our website : www.e-********.com
MSN:**********@hotmail.com
Mail:***********@hotmail.com
well, if you are interested in our products , please feel free to contact us for more !
Best whishes !
sincerely yours

---

tiersten

Its just random scam spam. You should remove or obfuscate the URLs and email addresses in your post however.

dynamik

Was it literally sent from your account (i.e. it appears in your sent items folder)? If so, you might want to change your password

Like Tiersten said, it's trivial to change the sender's name and email address. I actually get spam from people with my name and email address all the time.

However, I would be suspicious of malicious activity if they managed to directly hit all your contacts.

JDMurray

Something got a hold of your Yahoo! address book and used it for spamming. Change the password on all your Web-based email accounts, and NEVER give anyone or anything your Web mail password, even if it appeared to be a helpful application.

wd40

Thanks all,

Yes it was sent from my e-mail, it is in the sent folder!

I will never give my password to anybody, and I only register to "Yahoo" partners, I never access my e-mail on public PC`s.

Password is long and complex so I do not think it was cracked, I changed it immediately, however I think if someone hacked into my account they would have changed my password..

JDMurray

One possibility comes from that some Web sites offer a helpful feature to communicate with your friends that require you to give your email address and password to the site. The site then stores your info and sells it to spammers. Because it's a feature you want to use (like inviting everyone in your address book to GMail, LinkedIn, or FaceBook), you don't even think of it as a possible hack. A really good marketing device it is.

Ahriakin

Its also possible you were the victim of a CSS attack from another site you had open, or a script/applet that scanned your cookies for anything that looked interesting. Regardless treat your password as harvested, change it temporarily. Do an intensive malware scan of your system (Include online scanners like Trendmicro Housecall from Safe mode with Networking, installed scanners like Malwarebytes/Superantispyware etc., do not rely on whatever you already have installed). Clean out all temporary internet files manually, and all normal temp folders - I say to do this after your scans because the scanners might give you a clue to how this was done based on what they find before you delete possible sources.
If there is no malware installed change your password to a new permanent one (the earlier temp was a patch to deny immediate access while you did the scans, but if you were locally infected and it wasn't just a drive by grab you will want to change it again when you are sure the machine is clean).

Oh, and if you had any emails in that account with financial info. or credentials to other services/sites (like password reminders etc.) change the accounts.
Fun fun fun.....

wd40

JDMurray:
I`m not an msn - facebook - messenger guy, I do not use these things, Thanks any way.

Ahriakin:
I forgot about this css attacks things and cookie harvesting flash files.

I use FireFox with No script I will delete my white list and start all over again, I will also reset my firewall list.

Fortunately I have no financial data on that mail account.

Thanks again