Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

If people are getting spam from me, does that mean I have a bot infection?

Question:

I have discovered that people are receiving junk email from at least two of
my business email addresses. I had it suggested that my system is being
hijacked and turn into a bot. Might this be the case and how can I find out and
stop it?

Let me be clear up front: the two are not related.

You may or may not be infected by a ‘bot, and that has nothing to do with
whether or not people are getting spam that appears to come from you.

As usual, the “what to do” is fairly simple.

Become a Patron of Ask Leo! and go ad-free!

I’ve discussed all of these topics here before, but now’s the time to tie
them all together, since many people are under the mistaken impression that a
‘bot will send email that looks like it came from you. That’s simply not the
case.

From: You?

Someone’s
sending from my email address! How do I stop them?!
discusses the concept
we now call “From spoofing”. The bottom line is that it’s actually trivial to
set the “From:” line on an email to be anything. So, what spammers do is to use
real email addresses like yours and place them in the “From:” field of the spam
that they send.

And it has absolutely nothing to do with you.

Or your machine.

The only thing it takes for this to happen is for your email address to be
on a spammer’s list somewhere. And if you’ve gotten any spam (and who hasn’t?),
you know you’re on the list.

What’s worse is that since it has nothing to do with you, there’s nothing
you can do to stop it. Period.

By You?


What’s a botnet? Or zombie? And how do I protect myself from whatever it
is?
discusses the concept of a bot and a network of bots called, not
surprisingly, a botnet.

As to whether your machine has become a participant in a botnet, the only
real symptom that you’ll typically see is unexpected slowdowns on your machine,
particularly in internet connectivity as the bot sends its load of spam.

Bots are the ones typically spoofing From: addresses as we’ve discussed
above. But for one thing they’d be stupid to use your account, since that would
just make them that much easier to track back to your machine. For another,
they probably don’t even know your account, or anything else about you.

All bots really care about is that they’ve been able to infect you, and that
they can access the internet. With that connection they can then receive their
instructions (including the email addresses to use) from a remote “bot herder”
who controls their operation.

It’s very likely that a bot infecting your machine is completely ignoring
any and all of your data, including email addresses. It’s getting everything it
needs remotely.

Now What?

The first line of defense is, of course, not to get infected in the first
place. That means following the advice I’m sure we’re all tired of hearing:
don’t open attachments unless you’re positive that they’re safe; don’t
visit questionable web sites; make absolutely certain you are behind a
firewall; keep Windows and your anti-malware software up to date.

You know the drill.

Internet
Safety: How do I keep my computer safe on the internet?
has the details if
you need a reminder.

Once you have been infected (which good anti-malware software will tell you)
there are two schools of thought:

  • Once infected you can never trust your machine again. You have no way of
    knowing what the infection might have done, and no amount of cleaning will
    guarantee that there isn’t something that wasn’t caught. Reformat your machine
    and start over.

  • That’s too extreme for most cases. Use good and up-to-date anti-virus and
    anti-spyware programs, more than one if you have to, to clean the infection off
    of your machine. Once they say you’re clean, then chances are you are.

So don’t get infected in the first place, and be prepared for a little
cleanup work if you do.

And don’t take the “From:” line on spam as really meaning anything at
all.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

2 comments on “If people are getting spam from me, does that mean I have a bot infection?”

  1. I’ve been telling friends/clients the same thing about “From spoofing” for years, namely that your name is on a list, it’s coming from a completely different computer and you can’t do anything about it. They never like that answer.

    But, it happened again this week and as I *hate* my current answer, I wanted to see if there was anything new.

    So, I looked at the spam that I had received “from” my friend. Then I looked at an email I received that she really *had* sent to me. I looked at the mail headers and lo and behold, they all look very legit and similar from both messages.

    I’m now beginning to wonder if maybe there is something more to the issue.

    Any thoughts?

    Email accounts are also getting compromised/hacked at an increasing rate, it seems.

    Leo
    05-Apr-2012
    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.