E mail problem

Join in these discussions today! Log in or register.
Pages:  1 2 Next
Current: 1 of 2
Tuesday 10 August 2004 11.49am
Maybe one of the forum's cyber kings could shed some light on this. For the third time in as many months I have been unable to log on to the internet through AOL as they have suspended my account. I then spend upto half an hour on the phone waiting to be connected to AOL's customer services only to be told that my account has been suspended as a result of spam e mails being sent from my account. The strange thing is is that my computor was off at the time the messages were sent (AOL told me the time and date), no one else has access to my mail box or password and there is nothing in my 'sent' mail to confirm anything untoward has happened. To get back on line again AOL simply give me a new password and offer no further explanation.
Any thoughts?
Tuesday 10 August 2004 12.20pm
Two immediate possibilities spring to mind:

1. You have a trojan on your PC which is making it a "zombie" - and it is connecting to the internet without your knowledge and sending spam emails via your account. Changing your password does nothing to stop it as the more sophisticated trojans get the details of your mailbox from keystrokes you put into your PC and records them for future use.

I would say this is the most likely explanation - save that you say that your computer was off at the time the mails were sent. Do you mean that you were actually at your computer at the time and know that it was off, or merely that you left it off the day before and it was off when you got back. There are some trojans that can switch the PC on at a prearranged time and you wouldn't see any evidence of sent mails.

Do you have a decent virus checker and firewall on your PC (and if not, get one ASAP)?

Norton Internet Security is good, as is ZoneAlarm and BlackIce. Many security websites have checkers which will scan your PC for you and inform you of any rogue programs - Symantec has a Security Checker for example which will tell you if you have a virus installed or if you are at threat from security incursions when you are connected to the internet.

See also http://www.theregister.co.uk/2004/06/04/trojan_spam_study/

2. Someone is spoofing your email address - making it look as if emails come from your address when in fact they are sent by another mass mailer.

If someone is doing this, it is unlikely that AOL would block your account - they usually only do that when a large volume of mail has been sent out from that actual account.

If this is the third or fourth time this has happened, I'm very surprised AOL haven't given you some advice how to stop this happening or at least asked you if you have a firewall or virus checker installed. A lot of ISPs are operating informal "three strikes and you're out" policies - i.e. if you don't protect your pc to a sufficent level to stop most basic trojans, they won't provide you with a connection to the internet any more.

Not an IT pro by any means but happy to help further if I can.



Edited 1 times. Last edit at 10 August 2004 12.21pm by Siduhe.
Tuesday 10 August 2004 1.09pm
Thanks siduhe - very informative. I am currently running AVG7 from Symantec as antivirus sortware and Mcafee firewall at normal sensitivity. The computor was unplugged both from the mains and from the phone line when the alleged spams were sent out so it sounds like your second possibility ie my mail box has been hacked into. Do you think its possible that someone could have access to my passwords? Apart from me only AOL know it..........
Tuesday 10 August 2004 1.18pm
bmovie - no-one needs to 'hack' anything to send emails that purport to come from your email address. It is the easiest thing in the world. However, if it were a case of spoofing then I doubt AOL would suspend your account.

Editor of the London SE1 website.
Subscribe to our SE1 Direct weekly newsletter.
Tuesday 10 August 2004 1.45pm
Well, it shouldn't be a Trojan if you're running the full version of Grisoft AVG7.0 and your definitions are up to date. I would still run the Symantec Security Checker or McAfee Freescan just to make sure, as the last update to the virus checking engine (as opposed to the definitions) on AVG was a while ago.

"Spoofing" isn't about hacking into someone's mailbox - it's about making emails look like they've come from a particular address when they haven't - so it wouldn't necessarily need your passwords.

Two other things:

1. Check that your antivirus software specifically covers the Klez worm and all its variants (look in the AVG encyclopedia) - if not there's a free cleaner here:

http://www.kaspersky.co.uk/removaltools

2. Run a spyware program - Spybot is very good and free, just to check you haven't got a key logger (which records all your keystrokes like passwords and then mails them to someone else) installed.

If all of that comes back clean, then either someone has just got hold of your email address and is faking spam emails to look as if they come from you or someone's got your account and password details.

There is very little you can do about the spoofing - however I am still surprised that AOL would suspend your account on the strength of an email looking as if it comes from you - they usually only do that where they have evidence of actual emails being sent out.

I would send an email to technical support (rather than speaking to some customer service person), explaining the problem you are having, and all the anti-virus and spyware checks you have done, and asking them to explain in detail why they are suspending your account, what triggers it, and ask them to cut and paste a copy of the allegedly spam emails for you. Ask them also to mail you a complete list of times and dates when these emails have been sent and also provide the telephone number which was used to log onto the system.

As for hacking into your mail account - I think you mean that someone is dialling up your internet account seperately pretending to be you. There have been some press reports recently about people from various ISPs, including AOL, selling details to spammers - it could have happened here but it's pretty rare, and if you've changed your password three times, I seriously doubt that it would have happened to you three times over.

Sorry not to be more help.
Tuesday 10 August 2004 1.55pm
Again, sidhue, many thanks. I also run Spykiller and Window Washer to keep my system as clear as possible, but i'll run the freescans to see if they come up with anything.
Cheers
Tuesday 10 August 2004 6.08pm
I've been thinking some more about the idea of someone hacking into your account - do you have a broadband connection or dial-up ?

If you have broadband, it seems even more unlikely to me that someone is accessing your internet account from a different location - because the way that your broadband account is configured by BT and your ISP is that it can only work if the ADSL connection is made from your specific telephone number which has been converted at the local BT exchange.

If you have dial up, that could in theory, be accessed from another location by someone who had your relevant passwords, although I think that is still unlikely for the reasons I've mentioned.
Tuesday 10 August 2004 6.12pm
Have you checked -- Internet Options > Connections > Dial-up Settings -- for
anything added without your knowledge?

Or -- Start > Find > Files and Folders -- and enter *.exe and wade through
the results for anything suss.
Tuesday 10 August 2004 6.22pm
Oh and finally, you don't use your email account to send out newsletters or bulk mailings to a largeish group of people do you ?

Just been told that AOL have recently re-set their bulk mail filters very tight indeed, so that people who regularly send out newsletters to their small business clients (so maybe a couple of hundred people) via an AOL account or to multiple AOL customers are being blocked - just as you are.

Problem 5 - Mailing Lists: Because Internet mailing lists involve sending a single message to a lot of email addresses, they come dangerously close to unsolicited bulk email, a scourge of the Internet. It can be very difficult for a computer to tell what is a valid mailing list, which the recipient might be interested in, and what is unwanted commercial email. If a mailing list server sends too much mail in too short a time to or from a number of AOL members, AOL will consider it questionable and delete it.

Solution: The mailing list owner should ensure that their subscriber list is current and properly maintained. If this doesn't work, the mailing list server administrator should reconfigure their server to deliver messages to AOL more slowly. If this doesn't work, the administrator (preferably not the list owner, however) can try contacting AOL at <postmaster@aol.com>, and asking that their mailing list server be exempted from AOL's limitations. However, this recourse should only be used if the first two solutions, which are both signs of responsible administration, don't work.



Tuesday 10 August 2004 7.57pm
Very interesting, phoney. I checked my connection settings as you suggested - I should only have 1 which is broadband - and low and behold 'internet 2' has been added (not by me) so I have deleted it to see if the problem is resolved - many thanks.

siduhe, I'm on broadband, the only bulk mail sent from my account is nothing to do with me. When it happens AOL suspends the account. Thanks for your continued interest

Pages:  1 2 Next
Current: 1 of 2

To post a message, please log in or register..

Keep up with SE1 news

We have three email newsletters for you to choose from: