Have I been hax0red somehow?

[Rave]

I very rarely have cause to look in the sent items folder of my email account in Thunderbird, but today I did. I was rather disheartened to find that over the course of about 10 minutes this morning I have apparently sent about 50 spam emails containing nonsense subject lines (or possibly foreign language ones), and a subject containing a single typical looking spam link, to a bunch of legitimate looking email addys that I've never previously corresponded with.

Interestingly, there is one from about 12 hours previous which contains the subject:

"a
a a a a"

Which I am thinking might be some sort of a test email?

A couple of weeks ago, I got a rejection notice from a mail server which appeared to suggest that I'd also spammed a bunch of my actual contacts with another typical spam link. I was concerned at the time but I'm a busy man and TBH I forgot about it before I got round to investigating.

Where do I go from here? The password to my (Virgin Media) email account is, TBH, one that I share with many other accounts with various compainies, because I'm not clever enough to set and remember seperate passwords for all the (probably several dozen) websites I deal with on a more or less regular basis. However it's a word I've only heard in one movie from over 10 years ago, with one of the letters replaced by a number, so it shouldn't be vulnerable to a brute force attack unless it was incredibly brutish!

This laptop has a fully up to date version of Avast! on it, although I share it with my wife who TBH may well be a menace at clicking dodgy pop-ups etc. But I'm thinking that a more likely explanation is that a website I've registered with has been compromised somehow and then the hackers have tried the password on my email account and got lucky. I'm off to try and change the email account password now. But if anyone has any advice on things to check I'd be grateful!

Edit: although the emails in the sent folder claim to have been sent at ~0839, I've just checked K9 on my phone and the deluge of rejection notices I've just received suggests they were sent less than 4 hours ago at ~0039. Virgin password now changed. I would still be grateful for further advice .

[peterb]

With regard to the apparent 4 hour time difference, you may find that it is just that, a time zone difference.

As to the spam, it could have been your hacked e mail account, or a compromised address book from a virus, the fact that the emails are in your sent folder does suggest that they originated from the Thunderbird client, which does suggests a virus.

As you have changed the password, there is little else you can do but wait and see if that has stopped the spam, apart from carry out a comprehensive virus check on the client machine.

[TheAnimus]

Have you been using the email account over public wifi? (See Defcom's wall of shame).

Are you in North London on the eve of the 27th, I could have a more forensic peak if you want.

With regards to passwords for services. I've stopped using anything that doesn't allow a long password. I then take a phrase like "Elephants Dance the Fandango" chuck in some digits from a phone number, THEN salt it with a name related to the site that makes sense to me. For example for one email account its 'loverly', why? Because I get so much Spam, spam spam spam spam spam spam spam wounderful spam, loverly spam. Makes it really easy to remember.

[Rave]

As to the spam, it could have been your hacked e mail account, or a compromised address book from a virus, the fact that the emails are in your sent folder does suggest that they originated from the Thunderbird client, which does suggests a virus.

I can see mails that I have not sent from my phone on my Android K9, so I'm not sure. I think they sync themselves up somehow.

As you have changed the password, there is little else you can do but wait and see if that has stopped the spam, apart from carry out a comprehensive virus check on the client machine.

Like I say I have fully up to date Avast! so not sure how I'd go about doing more than that? I think I did a full scan after the initial scare with nothing coming up.

Have you been using the email account over public wifi? (See Defcom's wall of shame).

Hmm, good point. I haven't personally, but my wife took the lappy on holiday recently and used the hotel's wi-fi. Looking at the ticket she gave me it looks as if the username and password were to be entered into the sign-in screen which greets you when you connect, and that the network itself was unsecured. Still, it was a sleepy little town in southern Spain, so it's a bit worryng if spammers are sitting around there on the off chance of sucking up a few email passwords! Still, I suppose unemployment in Spain is a major problem! :0

I changed the password by logging in to my Virgin Webmail (and also noticed that I can get upgraded to 60MB broadband too, which was a touch). Changed the settings in K9 and it worked. I forgot to do anything with the lappy. Today the Mrs moaned that email wasn't working so I've just been in to change the settings and found that the connection was set on both receive and transmit as "no security"! Which could well be my problem. I've just set it to SSL. Tried to set it to encrypted passwords, but apparently Virgin don't support that. I wish I knew what all of that meant.

Are you in North London on the eve of the 27th, I could have a more forensic peak if you want.

Sadly I'll be in South London working a dead late shift on the 27th- Christmas Day and Boxing Day turned out to be my rota-ed days off anyway, so that's all I'm getting off over Christmas! (Though obviously I get the bank holidays in lieu). Shame, as a couple of beers with you and a forensic probe would be nice .