Contacts/Address Books Stolen

[yurka]

It happened again!
I have been using Yahoo! email account for about 13 years now. In June all my addressees, i.e. friends, acquaintances, business contacts, doctors, tech-support sites, etc., received some advertising emails (I do not remember now for what product. A couple of close friends notified me about "strange" mail, as they knew that I was not in sales business. No harm done, just a nuisance.
A couple of days ago a similar thing happened, this time the attached link was to something like "Cheap Canadian Prescription Drugs" website; I did not open the page as it was darkened and WOT warning appeared.
I suspect that the "Contacts" were stolen from the Yahoo! site. The most interesting thing is this (nobody of my friends knows how to do it): how a Reply gets to me if the original email was sent from a different email account?
I received a couple of "What should I do with it?" replies from my friends and a few automated responses from Comodo, Canon, etc. tech-support sites. There was even a Mailer-Demon response, as one of the addresses was not in use anymore and the mail was "undeliverable".
I am just curious about the technology behind this fraud. What I am serious about is this: could (and should?) the fact be reported to Web "Police", if there is such?

[Train]

They hacked your password and got into your account.
Very common for that to happen in Yahoo.
Change your password and I suggest making it a strong one at that.

Of coarse once they got in, they did you a number as you found out.
Again, Change your password and I suggest making it a strong one at that.

[Welshjim]

I may not have understood the situation correctly, but here are some ideas.
In the first instance, I understand that the people in your Yahoo inbox all received one or more advertising emails. But you did not get these ad emails. That sounds malware extracted your Yahoo contacts list and then used the list to send out the emails from the malware owner's PC.
The second instance sounds like your PC was used by malware as a robot email-sending machine. That would explain why the emails were seen to be coming from your PC.
In both cases it seems you have (had) malware on your PC. Have you scanned for malware with your antivirus and programs such as MalwareBytes?
Yes, there are places to report spam and malware. I always thought it was a waste of time. Among other things the source of these is outside the US and therefore local authorities have no power to do anything. And spam generators seldom use the same email or site address twice, so blocks are not very effective.
However,
http://help.yahoo.com/l/us/yahoo/search/abuse.html
http://answers.yahoo.com/question/in...4082727AAZYBD4
Those first two references may help you avoid the problem in the future.
Other ideas:
http://www.spamcop.net/
http://www.justice.gov/spam.htm
http://www.spamlaws.com/reporting-spam.html

[jdc2000]

A Yahoo password should be at least 12-14 characters, and not something common like one or two words.

[yurka]

In the first instance, I understand that the people in your Yahoo inbox all received one or more advertising emails. But you did not get these ad emails. That sounds malware extracted your Yahoo contacts list and then used the list to send out the emails from the malware owner's PC.
The second instance sounds like your PC was used by malware as a robot email-sending machine

.
Frankly, Welshjim, I see no difference: in both instances the entire Contacts list received the malicious emails containing links to something.
Whatever the actual scenario, somehow Replies came to my Yahoo! Account. Stolen password (and login name) will perfectly explain everything. As an indirect confirmation, MalwareBytes hasn't found anything:

Scan type: Quick scan
Objects scanned: 143372
Time elapsed: 2 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

I'll perform deep scan later and will let you know the results, if positive. I have to invent a new and more secure password. The password I have used since 1998 was a simple four character one, it has served me perfectly well all those years. As I remember,the Web was much more secure in the last century...
Thank you all.

[yurka]

I did some research. The plot thickens:
1. The stolen password hypothesis is false: if it were the case, the fraudulent emails would have been in my Sent folder. None of them is there. Apparently, they were sent from another email account, yet the replies (both from real people and automated ones) came to me.
2. My Yahoo Sent folder normally keeps sent emails for about a month. Now it has 10 most recent ones, others (about 300 of them) are very old and there is a mixture of them, i. e. some are mine, some are not, from unfamiliar addresses. Some are dated 2/1999, some are 2000!
Somebody is playing with my account. The old , e. g. dated 2000, are, probably, fabricated: I am sure that Yahoo! does not keep emails that long, even in its deepest superarchives. But who on earth has time or desire to do that? For what purpose?

[yurka]

I agree. Two more mysteries.
1.How 1999 emails got into Yahoo [B]Sent/B] folder? Can a time-stamp be fabricated? By a virus?
2. I just received an automatic notification:

Hello yurka,

fink has just replied to a thread you have subscribed to entitled - Contacts/Address Books Stolen - in the Preventative Medicine forum of Virtual Dr Forums-Computer Tech Support.

This thread is located at:
http://discussions.virtualdr.com/sho...9&goto=newpost

Here is the message that has just been posted:
***************
Another common scenario is that someone who has your email address in their computer was infected by a worm that sent out the emails.

What happens is that the worm infects the PC, seeks the users address book, randomly picks one address and sends out the emails using that as the ret'n address... and you're getting the results of that.

Unfortunately under those circumstances there's really nothing one can do except wait until that computers owner realizes he/she's infected and does something about it.

This happens more often than you'd think.
***************

Yet, when I clicked on the link, it brought me to the forum but the last post there was mine, the one I posted this morning, about an hour ago!!!!!!!!!!!!!!!!!!!!!!
This puzzle is for moderators. I just wonder: is there a way to notify Yahoo! of what's going on?

[fink]

I temporarily deleted the message wanting to add more details but it's now in your post so I'll just leave it as is.

[jdc2000]

yurka -

Almost all of the header information in an e-mail message can be set to whatever the spammer wants. Spammers can send out e-mails with a date of 1999 or any date they want any time they want. It is possible that they sent the spam e-mails using a different method than sending them from your Yahoo account. However, it is still very likely that they hacked your Yahoo account to obtain your address book data. If you have not already done so, change your password now to a secure one of at least 12-14 characters as previously mentioned. A 4 character password can easily be discovered by automated software. A password that short could have been hacked as long ago as when you originally set up your account, had someone wanted to do so.

[yurka]

Thank you, guys. At least one mystery was solved - temporarily deleted post.
Apparently, nobody knows why XYZ would put time and effort into falsifying my emails, etc. What's the purpose? Just to make me curious?
I sent an email to Yahoo! back in June, but there was no response. My Yahoo! account is free now, perhaps that's the reason.
And I will change my password later, from my home PC. I am at work now and their IE6.0 is incredibly slow and hard to handle otherwise.

[Dude111]

How are they able to do this so easily?? (Seems to happen alot w/yahoo)

[yurka]

That's what I'd like to know too. I tried to fax Yahoo!, but the fax didn't go. I'll try to call Yahoo anyway, as its instructions to change password do not work.
If I get through, I'll tell them about Sent folder puzzle: today there are 10 emails, all dated 11/12/10, the rest are dated 1999 and 2000.

[yurka]

Update:
1. Yesterday I told a friend of mine Yahoo email troubles. He was surprised: ''It happened only twice?" He told me that for him and many of his friends it's a regular experience.
2. Today I have called Yahoo. The welcoming message includes something like "Our engineers are working on malfunctioning email problem".