hacked?

got an phone call from someone asking about an email I sent them.

Only I didn't send them anything. Not on purpose anyway.

Apparently, my yahoo email has been hacked with a virus or something and send a virus email message to everybody in my contact list.

Here's what might have happened.

Although there is a possibility you were 'hacked', it is far more likely that your address was compromised by one of the powerful spam bot networks. They can also 'spoof' the addresses in the From: area to make it more likely that they will be opened. Remember all those who use the To: or CC: heading rather than BCC: for addresses? Remember all those who forward e-mails with countless addresses still in them? They open all those addresses to spammers - all it takes is one infected computer down the line somewhere! Merely changing your password will not be enough - your account has been seriously compromised, and more of this type of letter will keep happening. Deleting your Contacts list won't help - the addresses have already been harvested. You will not spread any virus unless naive people click a link or even open the mail.

And more..

Hi,somebody is sending emails to my contacts using my email address to which I haven't sent. How can this be? Have I been hacked into? I do have full internet security avg 9,could you please let me know what action to take if any as I find this quite worrying! I have changed my password so far, but that is all.

You should be worried.

I'm not sure that I'd say you've been "hacked into", but my guess is that your email account has indeed been compromised.

The big clue here is that email is being sent from you to contacts in your address book.

What more likely occurred is that your email account has been compromised - meaning that you probably have an on-line email account, free or otherwise, that someone has gained access too. By virtue of doing so they now have access not only to your email, but to your address book as well. It's all too common these days to hear of folks whose accounts have been compromised only to have all their friends get inundated with spam, threats, malicious emails or messages that try to impersonate you and scam your contacts out of money.

How this happened is difficult to say. It could be anything from a weak password that's easy to guess, to your account credentials being sniffed in an open WiFi hotspot, to your simply having shared the account information with someone you should not have.

As I've discussed before, changing your password is important, but it's not nearly enough. You also need to change any and all security related information associated with the stolen account. Why? Because the thief has access to all that too, and he can use that information to steal your account again. And again. And again.

[curse word]