I have discovered that people are receiving junk email from at least two of
my business email addresses. I had it suggested that my system is being
hijacked and turn into a bot. Might this be the case and how can I find out and
Let me be clear up front: the two are not related.
You may or may not be infected by a ‘bot, and that has nothing to do with
whether or not people are getting spam that appears to come from you.
As usual, the “what to do” is fairly simple.
Become a Patron of Ask Leo! and go ad-free!
I’ve discussed all of these topics here before, but now’s the time to tie
them all together, since many people are under the mistaken impression that a
‘bot will send email that looks like it came from you. That’s simply not the
sending from my email address! How do I stop them?! discusses the concept
we now call “From spoofing”. The bottom line is that it’s actually trivial to
set the “From:” line on an email to be anything. So, what spammers do is to use
real email addresses like yours and place them in the “From:” field of the spam
that they send.
And it has absolutely nothing to do with you.
Or your machine.
The only thing it takes for this to happen is for your email address to be
on a spammer’s list somewhere. And if you’ve gotten any spam (and who hasn’t?),
you know you’re on the list.
What’s worse is that since it has nothing to do with you, there’s nothing
you can do to stop it. Period.
As to whether your machine has become a participant in a botnet, the only
real symptom that you’ll typically see is unexpected slowdowns on your machine,
particularly in internet connectivity as the bot sends its load of spam.
Bots are the ones typically spoofing From: addresses as we’ve discussed
above. But for one thing they’d be stupid to use your account, since that would
just make them that much easier to track back to your machine. For another,
they probably don’t even know your account, or anything else about you.
All bots really care about is that they’ve been able to infect you, and that
they can access the internet. With that connection they can then receive their
instructions (including the email addresses to use) from a remote “bot herder”
who controls their operation.
It’s very likely that a bot infecting your machine is completely ignoring
any and all of your data, including email addresses. It’s getting everything it
The first line of defense is, of course, not to get infected in the first
place. That means following the advice I’m sure we’re all tired of hearing:
don’t open attachments unless you’re positive that they’re safe; don’t
visit questionable web sites; make absolutely certain you are behind a
firewall; keep Windows and your anti-malware software up to date.
You know the drill.
Safety: How do I keep my computer safe on the internet? has the details if
you need a reminder.
Once you have been infected (which good anti-malware software will tell you)
there are two schools of thought:
Once infected you can never trust your machine again. You have no way of
knowing what the infection might have done, and no amount of cleaning will
guarantee that there isn’t something that wasn’t caught. Reformat your machine
and start over.
That’s too extreme for most cases. Use good and up-to-date anti-virus and
anti-spyware programs, more than one if you have to, to clean the infection off
of your machine. Once they say you’re clean, then chances are you are.
So don’t get infected in the first place, and be prepared for a little
cleanup work if you do.
And don’t take the “From:” line on spam as really meaning anything at