I was on a reputable news website last night and received a "blocked attack" warning from Norton 360 that indicated it had blocked a Blackhole toolkit attack. This happened twice in a couple of minutes. The log shows the blocks and a blocked attempt to change my registry. Registry is misspelled in the log. Shortly after the attack attempts my Hotmail or Outlook began sending spam email to all of my contacts in alphabetical order. Then it repeated the process about six hours later. I changed the password right away. I spoke to tech support this morning and they ran all kind of tools on the computer. They said they didn't find anything but declared the computer clean. Thoughts on next steps?
Hi Helpwanted,
It actually sounds like three separate events.
First, the blocked attack was Norton IPS detecting and blocking an attempted driveby download. Second, the "Set regietry security key" entries in your log are due to a revision in the Norton Product Tamper Protection detections, and are not anything to be concerned about (see this thread). Lastly, your email account was evidently compromised but it sounds like changing your password has resolved the issue.
I think these are unrelated because the web attack was blocked, the Tamper Protection entries are known to be due to a Norton program change, and email account hacks are very rarely the result of malware on a user's system - usually they are due to weak passwords or a successful phishing scheme that tricked you into unknowingly entering your credentials at a fake site. Unauthorized access to your email account does not usually involve your computer in any way, so it is not surprising that your PC is coming up clean.
Here is a good article that will give you some things to do to follow through on re-securing your email account. If you don't see any other odd behaviors on your system, you can be fairly confident that all is well.