If people are getting spam from me, does that mean I have a bot infection?

by

There's a lot of spam flying around, and much of it might claim to be from you. It's not. Whether you have a bot infection is a different questions.
Question:

I have discovered that people are receiving junk email from at least two of my business email addresses. I had it suggested that my system is being hijacked and turn into a bot. Might this be the case and how can I find out and stop it?

Let me be clear up front: the two are not related.

You may or may not be infected by a ‘bot, and that has nothing to do with whether or not people are getting spam that appears to come from you.

As usual, the “what to do” is fairly simple.

I’ve discussed all of these topics here before, but now’s the time to tie them all together, since many people are under the mistaken impression that a bot will send email that looks like it came from you. That’s simply not the case.

From: You?

Internet Safety: 7 Steps to Staying Safe Online discusses the concept we now call “From spoofing”. The bottom line is that it’s actually trivial to set the “From:” line on an email to be anything. So, what spammers do is to use real email addresses like yours and place them in the “From:” field of the spam that they send.

And it has absolutely nothing to do with you.

Or your machine.

The only thing it takes for this to happen is for your email address to be on a spammer’s list somewhere. And if you’ve gotten any spam (and who hasn’t?),
you know you’re on the list.

What’s worse is that since it has nothing to do with you, there’s nothing you can do to stop it. Period.

By You?


What’s a botnet? Or zombie? And how do I protect myself from whatever it is? discusses the concept of a bot and a network of bots called, not surprisingly, a botnet.

As to whether your machine has become a participant in a botnet, the only real symptom that you’ll typically see is unexpected slowdowns on your machine, particularly in internet connectivity as the bot sends its load of spam.

Bots are the ones typically spoofing From: addresses as we’ve discussed above. But for one thing they’d be stupid to use your account, since that would just make them that much easier to track back to your machine. For another, they probably don’t even know your account, or anything else about you.

All bots really care about is that they’ve been able to infect you, and that they can access the internet. With that connection they can then receive their instructions (including the email addresses to use) from a remote “bot herder” who controls their operation.

It’s very likely that a bot infecting your machine is completely ignoring any and all of your data, including email addresses. It’s getting everything it needs remotely.

Now What?

The first line of defense is, of course, not to get infected in the first place. That means following the advice I’m sure we’re all tired of hearing: don’t open attachments unless you’re positive that they’re safe; don’t visit questionable web sites; make absolutely certain you are behind a firewall; keep Windows and your anti-malware software up to date.

You know the drill. Internet Safety: 7 Steps to Staying Safe Online

Once you have been infected (which good anti-malware software will tell you) there are two schools of thought:

  • Once infected you can never trust your machine again. You have no way of knowing what the infection might have done, and no amount of cleaning will guarantee that there isn’t something that wasn’t caught. Reformat your machine and start over.

  • That’s too extreme for most cases. Use good and up-to-date anti-virus and anti-spyware programs, more than one if you have to, to clean the infection off of your machine. Once they say you’re clean, then chances are you are.

So don’t get infected in the first place and be prepared for a little cleanup work if you do.

And don’t take the “From:” line as spam as really meaning anything at all.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

2 comments on “If people are getting spam from me, does that mean I have a bot infection?”

  2. I’ve been telling friends/clients the same thing about “From spoofing” for years, namely that your name is on a list, it’s coming from a completely different computer and you can’t do anything about it. They never like that answer.

    But, it happened again this week and as I *hate* my current answer, I wanted to see if there was anything new.

    So, I looked at the spam that I had received “from” my friend. Then I looked at an email I received that she really *had* sent to me. I looked at the mail headers and lo and behold, they all look very legit and similar from both messages.

    I’m now beginning to wonder if maybe there is something more to the issue.

    Any thoughts?

    Email accounts are also getting compromised/hacked at an increasing rate, it seems.

    Leo
    05-Apr-2012
    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Additional information is available at https://askleo.com/creative-commons-license/.