My AOL email address has been sending out spam email. Many on my contacts list have recently received dietary advice. Not too much of a big deal except - they went to several work contacts also, many of whom could do with taking some of the dietary advice!

I have changed my email password and also security question. Upon checking my phone this morning I appear to have sent myself various links to weightloss websites. I have ran a full AVG virus scan, ran Malwarebytes and also spybot search & destroy. Nothing came up.
Any ideas?

It is technically no problem at all to send out emails in the name (address) of someone else.
(PM me your address and I'll show you...)

Same thing happened to my Yahoo! a/c last year. Change your password and tell your friends what has happened - some of mine (both the very fat and the very thin) upon receiving the weightloss advertising thought I was taking the p*ss.

As safelife said, it's trivial to fake a From: address. They might be using your address but not your account. You need to get the message headers. They're normally hidden but most email programs will let you get to them. Here's a few examples, courtesy of Farcebook:

Received: from facebook.com (hX7fIbia43rVLzfeBy/JRgQSts5Eq+/4D2/ZeRplKmXz3Nf0hTD3jLeB79FQYOQe 10.224.41.53)
by facebook.com with Thrift id 3d1e6630c80f26e398f60012c993eeb0-6b1c94a0; Sat, 19 Apr 2014 15:19:12 -0700
X-Facebook: from 2401:db00:2110:9116:face:0:1:0 ([MTI3LjAuMC4x]) by graph.facebook.com with HTTP (ZuckMail);
Date: Sat, 19 Apr 2014 15:19:12 -0700
From: "Facebook" <[email protected]>
Message-ID: <[email protected]>
X-Priority: 3
X-Mailer: ZuckMail [version 1.00] Errors-To: [email protected] Received: headers are the relevant ones. The top-most is the one you can trust the most, then you have to work your way down to see the chain of machines through which the message passed. At some point you'll find where it was injected, with the lines below it faked. It may take some practice to work out this point though, but you may well find that there's no mention of an AOL machine in the headers (or it's below the fake line), which means it didn't come from your account.

Based on what I've now learned I think my account has been spoofed, not hacked. Bloody irritating though.
This morning "I" received spam from my own account as well as many of my contacts. Nothing is in my sent / outgoing folder.
How did this person / bot obtain my contacts details, and what can I do about it?

Cheers

ex_matelot,

Not sure if this news has appeared on your radar ?

AOL confirms Mail service hacked (http://www.usatoday.com/story/tech/2014/04/22/aol-email-hacked/8003859/)

Three of my friends who have AOhelL emails have been hacked in the last few days. That's 100% of those I know who have emails with aol.com addresses.

We've been getting a few dodgy emails from AOL addresses in the past few days. They all landed in the junk folder and I only really noticed them because the addresses are for people we haven't spoken to for 10-15 years.