I complained to yahoo. And they said my computer is infected with a worm. BS. It is NOT my computer, it is MY YAHOO.com mail box account, as I said, they are different contacts. Well, I gave up arguing with yahoo. I moved my email address and absorbed the loss.

The way I see the problem, I could be wrong, there is NO worm, there is No virus. It is very simply someone just somehow crack into my mailbox, and write a massive email on each contact. It is that simple.I have since scan my whole computer. There is no flagging of any worm or virus. Well, this is way beyond my programming ability. I just have to swallow my teeth

bun

Most "cracked" webmail accounts are nothing more than the "cracker" guessing an easy to guess password. Also with Yahoo, you should login using https to prevent people sniffing your password.

That is exactly what I want to know, how do people 'sniffing' a password? Is that something very involved or just run a simple guess program? TIA,

bun

Most common way to 'sniff' passwords is if they are transmitted over an insecure WiFi connection. If you ever log on to any public, unsecured wifi routers (or use one at your home) you are in essence transmitting your data in such a way that it can be intercepted and read.

WEP encryption is also notoriously bad and there has been a number of tests where WEP-enabled routers are cracked within 10 minutes or less.
Here's an example article: http://news.techworld.com/security/8...n-record-time/

No real need for you to abandon your yahoo account or even to delete your contact list. On a clean, secured connection/computer anyone breaking into your email would have to simply break the password the 'old fashioned way'.

My recommendations would be to;
a) Make sure your computer is truly clean.
What virus/anti-malware applications are you using now?

b) Avoid unsecure network connections as per above

c) Avoid 'insecure' sites on the net. WoT (Web Of Trust) might be something to install (I know there's a Chrome extension for instance).

bun, there are actually password-cracking "mills" out there where people are running brute-force attacks against email accounts. They crack one, and then go to work on the contact list. Ad infinitum.

But it *is* possible that your computer did get infected with a sniffer, intercepter, keylogger, what-have-you that followed your keystrokes into your Yahoo account and then took it from there. Not uncommon at all, so Yahoo support may be correct.

One of my nephews got onto my youngest son's PC one day, and later my son claimed it was running way too slow. I found TWO HUNDRED instances of spyware on it. On a PC with strong antivirus and Windows Defender. You'd be amazed what's out there and how easy it can bypass security when someone deliberately or accidentally lets it.

Thanks for all the suggestions. I will study them one by one. I just want to report about the situations, in case someone will benefit from it.

The minute my friends brought to my notice, that they received spams from me, I immediately go into my yahoo.com, exported my contacts to a file, and delete ALL my contacts, now my yahoo.com mail box has no contacts. I plan to manually check on the exported contact file over a weekend and maybe import to another email address I plan to use.

It has been 3 days since the incident, and so far so good, none of my contacts has reported further spams. I hope that is the end of the story.... we will see.

My virus prog is McAfee, not that I like it, just something I am using...

bun

Yes. Those calling title are very restricted, can, only generated from my yahoo.com mailbox contact. They have special signifure that I can trace to my yahoo.com mailbox account. I am very sure about that. It is not someone make out a phony "FROM...", it carries my specially address as well as the special way noted in my contact.

bun

Sorry I didn't see this thread till now. This happened to me with Yahoo Mail. A bunch of people got messages from me that I didn't send, just as you described. The people on the list were unusual enough that there is no possible way they could have gotten the messages without someone having access to my contacts list. I emailed Yahoo about it and didn't get a response.

As a result, I changed my password into one I've been dreaming up for years. It is so cool! The beginning is nonsense that just popped in my brain one day. (just like my opinions!) The end is the first letters of a saying I've always liked. The password uses punctuation marks, symbols, and a mixture of cases.

The incident hasn't recurred, though I have no confidence it never will.

I am totally someone who never opens attachments from strangers. I don't even open attachments from friends unless their message specifically refers to the attachment in a convincing way that sounds like them, and it sounds like an attachment I need for some reason. If in doubt, I email them first for confirmation.

This is the first time this has happened to me. I use antivirus software and all that kind of stuff. When all the terrible viruses were on the loose, I was never affected (or infected).

What's worst is that now that my contacts list has been compromised, this nefarious thing that did this could do it again and I wouldn't know whether it was from a new incident or not. I guess I'll have to put a bogus contact in my contacts list so if it's used, I'll know that something has happened again.

My Yahoo password was a dictionary word but I added a number in the middle of it. Maybe they've advanced to the stage that they break those now. My new password is much harder; it looks like random letters, numbers, and punctuation marks to anyone but me.

But wouldn't Yahoo notice that someone was trying my account that many times to break the password?

Would this be a good time for me to pipe up with my favorite methods for coming up with memeorable strong passworeds? Yes? Alrighty then...

Take a phrase you know well and are unlikely to forget; a quotation or lyric is often good. Let us take something from George Orwell:

Four legs good, two legs bad!

Now all we have to do is take the first letters:

Flgtlb

Flor extra strength, we can keep the punctuation ad us numeral where appropriate:

4lg,2lb!

You can use other rebus type techniques to get an approriately strong yet memorable password. One I used for a while was the opening of The Rime of the Ancient Mariner:

it is an anicient mariner,
And he stoppeth one of three.

which became:

IiaAM,&hs1/3.

Lets see a dictionary attack break that one... not that I can use it any more having shared it, but you see the point.