3
The real problem is that she can't change her password. She used to have a paid AOL account about ten years ago, and converted it to a free account, but in order to change the password at http://password.aol.com/ you have to have information like the credit card that was used when the account was a paid account, or the SSN of the member (none of which work even when she uses the ones she is sure of).
Support won't talk to her because she's not a paying customer.
She still has the password to the AOL account currently, so we can access the account, but there's no way to change it or cancel it.
Relevant headers from the email:
Content-Transfer-Encoding: quoted-printable
Subject:
Date: Wed, 20 Oct 2010 02:24:17 -0400
X-MB-Message-Source: WebUI
X-AOL-IP: 222.127.223.78
X-MB-Message-Type: User
MIME-Version: 1.0
From: <xxxx@aol.com>
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-Mailer: AOL Webmail 32797-PHONE
Received: from 222.127.223.78 by webmail-d060.sysops.aol.com (205.188.91.209)
with HTTP (WebMailUI); Wed, 20 Oct 2010 02:24:17 -0400
Message-ID: <8CD3E368EAB2DC0-1C9C-711C@webmail-d060.sysops.aol.com>
X-AOL-SENDER: xxxx@aol.com
The headers make it clear that it is coming from the webmail version of AOL, so I assume she has a virus on one of her computers. Her home computer is a mac, so it's unlikely to be there (although possible).
I'm confused about the X-Mailer header though which seems to insinuate that it's the mobile webmail version from someone's phone that is sending out the spam.
I don't think there's an iPhone virus out there yet (and that's her only phone).
Re: spamhaus - from their faq: Is there a way to report spam to Spamhaus? No. Spamhaus DNSBLs are not based on spam reported to us – Michael Pryor – 2010-10-20T21:11:26.347
Good point. I haven't actually been reporting spam much. Thanks for the correction. – CarlF – 2010-10-21T12:19:41.517