spam from Y-Mail came from android phone
- Ok there is some app on my Samsung Note 2 that generated spam to my Yahoo contacts, a 1-liner with an infected link. The only place where the account is exposed is in the Samsung @Mail app (white evelope with red @ symbol) the only app to have my SMTP passwords for incoming/outgoing. Also I notice sCloudStarter running with is highly suspect, but honestly could have been any rogue app on the device getting that data. Does anyone have any idea how find/fix the problem? It would be nice to have a mail client app that is not compromised by other apps. I have since, rooted the device and am whacking a bunch of apps, but I am not liking the Samsung bloatware so I am starting there.
Any comments or suggestions appreciated.
> From: <mapsurfer@...>Please post excerpt from full header of that spam via your account.
> X-Yahoo-Post-IP: 18.104.22.168
> Ok there is some app on my Samsung Note 2 that generated spam to my
> Yahoo contacts, a 1-liner with an infected link. The only place
> where the account is exposed is in the Samsung @Mail app (white
> evelope with red @ symbol) the only app to have my SMTP passwords
> for incoming/outgoing.
An example from header of email sent via smtp.mail.yahoo.com:
X-Rocket-Received: from bedside.lena.kiev.ua (lena_kiev @ 22.214.171.124 with )
by smtp116.mail.ir2.yahoo.com with SMTP; 09 Jul 2013 13:18:08 +0000 UTC
Here I inserted blanks around @, please do the same.
An example from header of email sent via the new webmail (fullfeatured):
Received: from [126.96.36.199] by web121703.mail.ne1.yahoo.com via HTTP; Sun, 16 Jun 2013 07:04:28 PDT
Received: from [188.8.131.52] by web121701.mail.ne1.yahoo.com via HTTP; Sun, 16 Jun 2013 07:01:54 PDT
X-Mailer: YahooMailClassic/170 YahooMailWebService/0.8.146.552
Also, please post excerpt from full header of a honest email
sent from that Samsung. I'm interested whether the spam was sent via
SMTP or webmail, and from which IP-address - of the same ISP you use
Also: is that separate mailbox for that Samsung, other than "mapsurfer"?
Did you ever enter that password in Windows or Mac?
- The only time my Y-Mail was hijacked was after using the Y-Mail Android App to access the account. My mail spontaneously sent out a link to my contacts. I changed my password and that solved the problem. I will never access my Y-Mail on a smartphone or tablet again. I had always suspected the app and this discussion supports my suspicion.