I have discovered that people are receiving junk email from at least two of
my business email addresses. I had it suggested that my system is being
hijacked and turn into a bot. Might this be the case and how can I find out and
stop it?
Let me be clear up front: the two are not related.
You may or may not be infected by a âbot, and that has nothing to do with
whether or not people are getting spam that appears to come from you.
As usual, the âwhat to doâ is fairly simple.
Become a Patron of Ask Leo! and go ad-free!
Iâve discussed all of these topics here before, but nowâs the time to tie
them all together, since many people are under the mistaken impression that a
âbot will send email that looks like it came from you. Thatâs simply not the
case.
From: You?
Someoneâs
sending from my email address! How do I stop them?! discusses the concept
we now call âFrom spoofingâ. The bottom line is that itâs actually trivial to
set the âFrom:â line on an email to be anything. So, what spammers do is to use
real email addresses like yours and place them in the âFrom:â field of the spam
that they send.
And it has absolutely nothing to do with you.
Or your machine.
The only thing it takes for this to happen is for your email address to be
on a spammerâs list somewhere. And if youâve gotten any spam (and who hasnât?),
you know youâre on the list.
Whatâs worse is that since it has nothing to do with you, thereâs nothing
you can do to stop it. Period.
By You?
Whatâs a botnet? Or zombie? And how do I protect myself from whatever it
is? discusses the concept of a bot and a network of bots called, not
surprisingly, a botnet.
As to whether your machine has become a participant in a botnet, the only
real symptom that youâll typically see is unexpected slowdowns on your machine,
particularly in internet connectivity as the bot sends its load of spam.
Bots are the ones typically spoofing From: addresses as weâve discussed
above. But for one thing theyâd be stupid to use your account, since that would
just make them that much easier to track back to your machine. For another,
they probably donât even know your account, or anything else about you.
All bots really care about is that theyâve been able to infect you, and that
they can access the internet. With that connection they can then receive their
instructions (including the email addresses to use) from a remote âbot herderâ
who controls their operation.
Itâs very likely that a bot infecting your machine is completely ignoring
any and all of your data, including email addresses. Itâs getting everything it
needs remotely.
Now What?
The first line of defense is, of course, not to get infected in the first
place. That means following the advice Iâm sure weâre all tired of hearing:
donât open attachments unless youâre positive that theyâre safe; donât
visit questionable web sites; make absolutely certain you are behind a
firewall; keep Windows and your anti-malware software up to date.
You know the drill.
Internet
Safety: How do I keep my computer safe on the internet? has the details if
you need a reminder.
Once you have been infected (which good anti-malware software will tell you)
there are two schools of thought:
-
Once infected you can never trust your machine again. You have no way of
knowing what the infection might have done, and no amount of cleaning will
guarantee that there isnât something that wasnât caught. Reformat your machine
and start over. -
Thatâs too extreme for most cases. Use good and up-to-date anti-virus and
anti-spyware programs, more than one if you have to, to clean the infection off
of your machine. Once they say youâre clean, then chances are you are.
So donât get infected in the first place, and be prepared for a little
cleanup work if you do.
And donât take the âFrom:â line on spam as really meaning anything at
all.
I routinely get spam sent by my own E-mail address.
Iâve been telling friends/clients the same thing about âFrom spoofingâ for years, namely that your name is on a list, itâs coming from a completely different computer and you canât do anything about it. They never like that answer.
But, it happened again this week and as I *hate* my current answer, I wanted to see if there was anything new.
So, I looked at the spam that I had received âfromâ my friend. Then I looked at an email I received that she really *had* sent to me. I looked at the mail headers and lo and behold, they all look very legit and similar from both messages.
Iâm now beginning to wonder if maybe there is something more to the issue.
Any thoughts?
05-Apr-2012