Hi, <br><br>All of sudden one of my friend, an elder lady, started to send spams to everybody. When I talked about it with her, she thought it all began with her opening up a suspicious attachment from within her cell phone, and has nothing to do with her PC. <br>
<br>Since she is not tech savvy at all, I am kind of not fully buying into it. Has anyone heard of any malware that successfully infects cell phones? So I did some research, and found another victim very similar to her. <br>
<br><strong>Am I sending out spam?
</strong><br><a href="http://boards.straightdope.com/sdmb/showthread.php?t=633043">http://boards.straightdope.com/sdmb/showthread.php?t=633043</a><br><br>in which the OP says, <br><br><blockquote style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex" class="gmail_quote">
"1)I'm ridiculously careful about that kind of stuff and I'm not sure I could be tricked into it. <br>
2)This is a seldom used account. It's not used for any social
networking sites, I never would have typed in the username/password
anywhere other then on the webmail page and my phone (it's a POP3
account).. . ."<br></blockquote><br><br>Yet he's been hacked. --<br><br><blockquote style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex" class="gmail_quote">The fact that it sent the email to people in your contacts list is a sure sign that the account has been compromised.<br>
</blockquote><br>I don't have a cell phone that can send/receive email, so can anyone help me analysis the following email header, and see what kind of conclusion can be drawn from it? <br><br>- Looks to me that the spammer did send out the spams from within YahooMail Web Service, or it is forged as well? <br>
- Can we conclude from the fact that the string "androidMobile" in the Message-ID that the spammer is sending out the spams using an Android cell phone using the YahooMail Mobile phone Web Service? <br><br>Any guesses what actually had happened to her? <br>
<br>Thanks<br><br> Received: (qmail 62123 invoked by uid 60001); 20 Dec 2011 20:24:45 -0000<br> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=<a href="http://rogers.com">rogers.com</a>; s=s1024; t=1324412685; bh=Uerd3bJ2IEQlAxxINeFmfZ/RbZ1Dqn4BLyX/qf4QVRE=; h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Subject:To:MIME-Version:Content-Type; b=mCaYOO18t1+C9xm1u0Fisd1s9fO5+MR6Mykku0cZMf9smq+yg2Qx70hK8mdurk97PTUDW/OsJSnLugzArQQWiApnLVG/t+CIZr+IAYdBNwFQXZ1lotAOpW1tGMtcMI6QjtFXZt9gYWOAHVamCYAKq0Vf4meMnfNGk88NisYQgE4=<br>
DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws;<br> s=s1024; d=<a href="http://rogers.com">rogers.com</a>;<br> h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Subject:To:MIME-Version:Content-Type;<br> b=pT7VarhBYaYQUGmhmthvyP7UjypmjidcaFIJO8yLX4FGZsqHbsy+iazsEfC1bWdo1rC/djsMlFv6tuhEoKrzjLJ45sMmDDBuQWIXZpzZjMGw5ILVRsGPrp2OeS/WDTc9pvGS6dTFiU+DjbFcWPCIncoOobSNVCSQVFdPmtQ7eKI=;<br>
X-YMail-OSG: JcRxq6EVM1nm3zKFcoOnAtEo23MwEaGh9nAQXyvg7XOo1J.<br> tnKPDlwG_SvTEDpG8ylRTyTahWKUtOAxa4.bE_WiHzbvHbRxirSg5d3h.rjL<br> LT84eL012aK0Fp835Z_7H0ahfrV6JIOlOJW_9PvPjOKllgMvEOwWbjuoOf8H<br> <a href="http://SEUEfWQwcFbK7Oxn39c.APJmVwM5gk5ry77kt1f_pExbC9CS1TzUk_Wrw.su">SEUEfWQwcFbK7Oxn39c.APJmVwM5gk5ry77kt1f_pExbC9CS1TzUk_Wrw.su</a><br>
R9zfMRzAIcKKW0obEWK7d6BoeKiIhl2o5ndOOePZz7_NEoAvZKmqg5lIPSI9<br> gM9jDmHVH8gS1rESp4qTSMukULc6u9d1b02PHCOum0i4g_zG4lUX7yWOIYJ3<br> 71qJl6YkJKjebVUt5.Ilemt2DxIy9DZ4CYTCB0eY.6itVYj7JeuS2fzvhse1<br> s_wuKst.ftWlM7g34z..crd9VRL5vKoZw6SPwWII17p_XKk9mfo.a.FuZ1kW<br>
n0ovtEqD4ZyFbqCcRMcJjS0wx2CDmDzWx7ftt.KtZSOvl_NIvuGW9JeVK_w.<br> WR4Ulzk.XiFfm3UOnBTilXKxSC_bBNubfwpzLKk1foQ--<br> Received: from [117.195.97.137] by <a href="http://web88605.mail.bf1.yahoo.com">web88605.mail.bf1.yahoo.com</a> via HTTP; Tue, 20 Dec 2011 12:24:44 PST<br>
X-Mailer: YahooMailWebService/0.8.115.331698<br> Message-ID: <<a href="mailto:1324412684.53494.androidMobile-cTa2G3qg0ZGvYMxfvLqCKyoyn5ZhHHrn@public.gmane.org.yahoo.com">1324412684.53494.androidMobile-cTa2G3qg0ZGvYMxfvLqCK1Z8N9CAUha/QQ4Iyu8u01E@public.gmane.org</a>><br> Date: Tue, 20 Dec 2011 12:24:44 -0800 (PST)<br>
From: ......<br> Subject: I DID IT!<br><br><br><br>