Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Support > Someone's computer has a virus that is spoofing my e-mail address

Reply
Thread Tools

Someone's computer has a virus that is spoofing my e-mail address

 
 
A. J. Moss
Guest
Posts: n/a
 
      09-19-2003
In the past day I have received a large number of e-mails to this
address. Some are 143K long and have subjects along the lines of
"Returned mail - user unknown"; others are 157K long and have subjects
like "Microsoft Security Update".

I know this is something to do with a virus that is trying to spread
itself as an e-mail attachment. I have an up to date version of Norton
Antivirus 2003, and I never open attachments from unfamiliar senders,
so I know it's not my computer that has a virus.

The header from one of the 143K e-mails is

[BEGIN QUOTE]

X-Symantec-TimeoutProtection: 0
X-Symantec-TimeoutProtection: 1
Return-Path: <(E-Mail Removed)>
Received: from dswu27.btconnect.com (193.113.154.2 by
mk-cpfrontend.uk.tiscali.com (6.7.01
id 3F69DE0C0021ED12 for http://www.velocityreviews.com/forums/(E-Mail Removed); Fri, 19 Sep
2003 16:54:03 +0100
Date: Fri, 19 Sep 2003 16:54:03 +0100 (added by
(E-Mail Removed))
Message-ID: <(E-Mail Removed)>
(added by (E-Mail Removed))
Received: from wtxtj (actually host
host81-137-212-74.in-addr.btopenworld.com) by dswu27 with SMTP-CUST
(XT-PP); Fri, 19 Sep 2003 16:27:31 +0100
FROM: "inet email delivery service" <(E-Mail Removed)>
TO: "email recipient" <(E-Mail Removed)>
SUBJECT: Failure Notice
Mime-Version: 1.0
Content-Type: multipart/alternative;
boundary="jhhnstsvxikeb"
X-PMFLAGS: 570950016 0 1 PJXUAB2H.CNM

--jhhnstsvxikeb
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable

<HTML>
<HEAD></HEAD>
<BODY>
<iframe src=3D"cidzlnvicocld" height=3D0 width=3D0></iframe>
<BR>This is the qmail program<BR>
<BR><BR><BR>Undelivered mail to <B>(E-Mail Removed)</B>
</BODY></HTML>

--jhhnstsvxikeb
Content-Type: audio/x-wav; name="fiksozbq.exe"
Content-Transfer-Encoding: base64
Content-Id: <pzlnvicocld>

[END QUOTE]

Followed by a big binary.

Whose postmaster do I complain to, to stop these messages?
 
Reply With Quote
 
 
 
 
why?
Guest
Posts: n/a
 
      09-19-2003

On Fri, 19 Sep 2003 17:41:52 +0100, A. J. Moss wrote:

<snip>
>"Returned mail - user unknown"; others are 157K long and have subjects
>like "Microsoft Security Update".
>
>I know this is something to do with a virus that is trying to spread


Hooray!

>itself as an e-mail attachment. I have an up to date version of Norton

<snip>
>[BEGIN QUOTE]
>
>X-Symantec-TimeoutProtection: 0
>X-Symantec-TimeoutProtection: 1
>Return-Path: <rod@g<snip>


Snipped email address above. If you post these spammers can use them.

>Received: from dswu27.btconnect.com (193.113.154.2 by
>mk-cpfrontend.uk.tiscali.com (6.7.01
> id 3F69DE0C0021ED12 for <snip>; Fri, 19 Sep


Also snipped your addy, but it's a bit late now....

>2003 16:54:03 +0100
>Date: Fri, 19 Sep 2003 16:54:03 +0100 (added by
>(E-Mail Removed)<snip>


Oops..... if they didn't get enough.

>Message-ID: <(E-Mail Removed)>
>(added by (E-Mail Removed)<snip>


See above

>Received: from wtxtj (actually host
>host81-137-212-74.in-addr.btopenworld.com) by dswu27 with SMTP-CUST


Try the Received: from line, btopenworld

Look at the info here about tracing and reporting
www.btopenworld.co.uk
Help , bottom of page
Complaint , on the left
1st heading Abuse

Try feeding the message into spamcop, it will sort out the msg headers.

>(XT-PP); Fri, 19 Sep 2003 16:27:31 +0100
>FROM: "inet email delivery service" <smtpservice@<snip>.net>


america.net is a real hostname, but a couple of lines are missing.

>TO: "email recipient" <receiver@<snip>r.com>


same here no trace lines, but as it sends it's own mail it can make up
headers.

>SUBJECT: Failure Notice
>Mime-Version: 1.0
>Content-Type: multipart/alternative;

<snip>

Whose postmaster do I complain to, to stop these messages?
Complain maybe, stop not likely.

Me
 
Reply With Quote
 
 
 
 
Boomer
Guest
Posts: n/a
 
      09-19-2003
A. J. Moss said:

> In the past day I have received a large number of e-mails to
> this address. Some are 143K long and have subjects along the
> lines of "Returned mail - user unknown"; others are 157K long
> and have subjects like "Microsoft Security Update".
>
> I know this is something to do with a virus that is trying to
> spread itself as an e-mail attachment. I have an up to date
> version of Norton Antivirus 2003, and I never open attachments
> from unfamiliar senders, so I know it's not my computer that has
> a virus.
>
> The header from one of the 143K e-mails is

[snip]

>
> Whose postmaster do I complain to, to stop these messages?
>


Bill Gates at Microsoft.com

Use another browser/e-mail client.
 
Reply With Quote
 
Another Airnet User
Guest
Posts: n/a
 
      09-19-2003
In article <(E-Mail Removed)>,
(E-Mail Removed) says...
>
>
>In the past day I have received a large number of e-mails to this
>address. Some are 143K long and have subjects along the lines of
>"Returned mail - user unknown"; others are 157K long and have subjects
>like "Microsoft Security Update".
>
>I know this is something to do with a virus that is trying to spread
>itself as an e-mail attachment. I have an up to date version of Norton
>Antivirus 2003, and I never open attachments from unfamiliar senders,
>so I know it's not my computer that has a virus.
>

<snip>

The virus spoofs the "From" line using addresses from lists on infected
machines. Unless you can determine the IP of the infected machine by
looking at the headers of the original virus email, you can't do
anything but delete the messages. This is the same for most of the
recent email virii. Isn't the internet great?

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Spoofing a TCP/IP address? Stopping SQL Injection..... Mufasa ASP .Net 4 09-19-2008 03:17 PM
"Spoofing" an IP Address thecubemonkey@hotmail.com Wireless Networking 3 09-26-2007 06:54 PM
spoofing the e-mail address Nick Computer Security 8 04-03-2006 11:53 PM
Spoofing "TO" Address in email Phil Nospam Computer Security 10 11-28-2005 05:48 AM
email address spoofing Sharon Computer Support 9 12-23-2003 05:03 PM



Advertisments