Korambayil worm sending pharmacy links to my email contacts

[ckmckee]

I have a worm that goes through my yahoo contacts list and sends emails with a link to KORAMBAYIL .com pharmacy. I also know of other folks with the same worm and they don't use yahoo mail, but msn, hotmail, etc.

I changed my yahoo mail password as suggested, and ran scans on my pc with Malwarebytes, Avast, & Spybot S&D they all came back clean. I contacted Yahoo support and they said it was a worm on their server and recommended I change my email password and eventually the worm would take it's course and be gone. It's been maybe 6 months since I took these precautions and I continue to have the worm sending that stupid email to people in my list and even new contacts.

Does anyone know how this worm (korambayil pharmacy) can be stopped? Help!

 

[WR2]

Hello ckmckee;
If you're you've done a good job removing the infection it's not your system sending out those SPAM emails.

One of the things that worm did was raid your system for email contacts and relationships and then cross-load that data to the spammers database. And those databases get resold and passed around. The spammers use your email identity and match it up with your contacts to allow the spam to bypass a lot of the known commercial and custom email filters since you're contacts are probably 'white listed'.

So now you have a spammer's botnet with your email data and contacts doing the actual spamming. There's probably no practical way to defend against type of activity without you changing your email addresses and having all your contacts 'blacklist' the old email address.

 

[ckmckee]

Thank you WR2 for your response. I'm not sure if I've done a good job of getting rid of the worm on my pc or not. All the scans I did came back clean so it seems I did not get rid of anything. Sometimes when I send email to a new person or business in my contact list I get an email back saying "non-deliverable" with a link to the pharmacy.

It would seem I still have the worm and their security has blocked it. But then I send emails to my spouse all the time yet he has never received an email with a pharmacy link from me. I don't know what to make of this.

I welcome any and all comments on this. Also am wondering if any of the AV companies will be able to do anything about this worm or botnet. Seems to be a hopeless case to me :0(

 

[WR2]

If you haven't already done so you should check your Yahoo Mail options.
Make sure your Signature and Vacation Response sections are setup correctly and that there isn't a korambayil pharmacy inserted there.

 

[ckmckee]

Checked my Yahoo mail options and the Korambayil.com was not in my signature box, however it was in my vacation response section. I removed it and unchecked the "send vacation response while I'm away".

I have no idea what difference this will make, do you? At least it's a start though. Thanks so much for your knowledge and help in this area.

 

[WR2]

That should keep your Yahoo account from sending out email with those spam links.
I can't imagine why Yahoo didn't mention checking those options six months ago.

 

[ckmckee]

Me neither, but your answer seems to have done the trick. Thanks very much for your help!

 

[ckmckee]

Best answer selected by ckmckee.

 

[Mousemonkey]

This topic has been closed by Mousemonkey