Computer Security - An odd case of email identity theft?

08-19-2003, 10:34 PM

I maintain several different email accounts, although all through the same
provider. Earlier today I got a "returned mail" message on one of my
lesser-used accounts. It said that my email to some address I didn't know
had permanent fatal errors blah blah blah... The weird part was that when I
checked out the supposed original message, it was all in RUSSIAN... and in
performing a whois trace, I saw that the domain of the target address was
also RUSSIAN. Can anyone explain how this happens? Do I have to be
concerned that someone has picked off access to one or all of my email
accounts?

Thx.

Wha?

08-19-2003, 11:33 PM

"Wha?" <> wrote:

>I maintain several different email accounts, although all through the same
>provider. Earlier today I got a "returned mail" message on one of my
>lesser-used accounts. It said that my email to some address I didn't know
>had permanent fatal errors blah blah blah... The weird part was that when I
>checked out the supposed original message, it was all in RUSSIAN... and in
>performing a whois trace, I saw that the domain of the target address was
>also RUSSIAN. Can anyone explain how this happens? Do I have to be
>concerned that someone has picked off access to one or all of my email
>accounts?

It could be a fake reurned e-mail.
http://membrane.com/security/compute...arvesting.html
http://www.lancs.ac.uk/iss/a-virus/falsesender.htm

You might want to change the password of the account in case somebody
did get in. And use strong passwords.

Roger

08-20-2003, 12:42 AM

On Tue, 19 Aug 2003 17:34:46 -0400, "Wha?" <>
wrote:

>I maintain several different email accounts, although all through the same
>provider. Earlier today I got a "returned mail" message on one of my
>lesser-used accounts. It said that my email to some address I didn't know
>had permanent fatal errors blah blah blah... The weird part was that when I
>checked out the supposed original message, it was all in RUSSIAN... and in
>performing a whois trace, I saw that the domain of the target address was
>also RUSSIAN. Can anyone explain how this happens? Do I have to be
>concerned that someone has picked off access to one or all of my email
>accounts?
>
>Thx.

The previous crop of email worms mined the host machines email
address boof and used it to forge messages. If someone had your
address and sent out virus copies with it it could easily bounce
around. Also there was an attempt to infect people with forged
bounces.

**** happens, expect the unexpected. Constant change is here
to stay.
--
Jim Watt http://www.gibnet.com

08-20-2003, 02:37 AM

On Tue, 19 Aug 2003 17:34:46 -0400, "Wha?" <>
wrote:

>I maintain several different email accounts, although all through the same
>provider. Earlier today I got a "returned mail" message on one of my
>lesser-used accounts. It said that my email to some address I didn't know
>had permanent fatal errors blah blah blah... The weird part was that when I
>checked out the supposed original message, it was all in RUSSIAN... and in
>performing a whois trace, I saw that the domain of the target address was
>also RUSSIAN. Can anyone explain how this happens? Do I have to be
>concerned that someone has picked off access to one or all of my email
>accounts?
>
>Thx.
>
I had the same problem. After changing passwords and investigation
with my email provider it turned out that my account had NOT been
compromised. Some spammer had used my rather plain email address as a
fake return address when sending out spam emails. The ones that went
to invalid addresses were bounced back to me. It stopped after a
couple of weeks.

08-20-2003, 03:37 AM

On Tue, 19 Aug 2003, Wha? wrote:

> I maintain several different email accounts, although all through the same
> provider. Earlier today I got a "returned mail" message on one of my
> lesser-used accounts. It said that my email to some address I didn't know
> had permanent fatal errors blah blah blah... The weird part was that when I
> checked out the supposed original message, it was all in RUSSIAN... and in
> performing a whois trace, I saw that the domain of the target address was
> also RUSSIAN. Can anyone explain how this happens? Do I have to be
> concerned that someone has picked off access to one or all of my email
> accounts?
>
It's probably the latest version of the Sobig worm -- it forges the
sender email address. I've seen a few such returned mails today.

08-21-2003, 04:42 PM

"Jim Watt" <> wrote in message
news:...
>
> **** happens, expect the unexpected. Constant change is here
> to stay.
> --

Is that constant change going to be constant?

08-19-2003, 11:33 PM	#2
somebody@compusmart.ab.ca Posts: n/a	Re: An odd case of email identity theft? "Wha?" <> wrote: >I maintain several different email accounts, although all through the same >provider. Earlier today I got a "returned mail" message on one of my >lesser-used accounts. It said that my email to some address I didn't know >had permanent fatal errors blah blah blah... The weird part was that when I >checked out the supposed original message, it was all in RUSSIAN... and in >performing a whois trace, I saw that the domain of the target address was >also RUSSIAN. Can anyone explain how this happens? Do I have to be >concerned that someone has picked off access to one or all of my email >accounts? It could be a fake reurned e-mail. http://membrane.com/security/compute...arvesting.html http://www.lancs.ac.uk/iss/a-virus/falsesender.htm You might want to change the password of the account in case somebody did get in. And use strong passwords. Roger

08-20-2003, 12:42 AM	#3
Jim Watt Posts: n/a	Re: An odd case of email identity theft? On Tue, 19 Aug 2003 17:34:46 -0400, "Wha?" <> wrote: >I maintain several different email accounts, although all through the same >provider. Earlier today I got a "returned mail" message on one of my >lesser-used accounts. It said that my email to some address I didn't know >had permanent fatal errors blah blah blah... The weird part was that when I >checked out the supposed original message, it was all in RUSSIAN... and in >performing a whois trace, I saw that the domain of the target address was >also RUSSIAN. Can anyone explain how this happens? Do I have to be >concerned that someone has picked off access to one or all of my email >accounts? > >Thx. The previous crop of email worms mined the host machines email address boof and used it to forge messages. If someone had your address and sent out virus copies with it it could easily bounce around. Also there was an attempt to infect people with forged bounces. **** happens, expect the unexpected. Constant change is here to stay. -- Jim Watt http://www.gibnet.com

08-20-2003, 02:37 AM	#4
Frank5 Posts: n/a	Re: An odd case of email identity theft? On Tue, 19 Aug 2003 17:34:46 -0400, "Wha?" <> wrote: >I maintain several different email accounts, although all through the same >provider. Earlier today I got a "returned mail" message on one of my >lesser-used accounts. It said that my email to some address I didn't know >had permanent fatal errors blah blah blah... The weird part was that when I >checked out the supposed original message, it was all in RUSSIAN... and in >performing a whois trace, I saw that the domain of the target address was >also RUSSIAN. Can anyone explain how this happens? Do I have to be >concerned that someone has picked off access to one or all of my email >accounts? > >Thx. > I had the same problem. After changing passwords and investigation with my email provider it turned out that my account had NOT been compromised. Some spammer had used my rather plain email address as a fake return address when sending out spam emails. The ones that went to invalid addresses were bounced back to me. It stopped after a couple of weeks.

08-20-2003, 03:37 AM	#5
Whoever Posts: n/a	Re: An odd case of email identity theft? On Tue, 19 Aug 2003, Wha? wrote: > I maintain several different email accounts, although all through the same > provider. Earlier today I got a "returned mail" message on one of my > lesser-used accounts. It said that my email to some address I didn't know > had permanent fatal errors blah blah blah... The weird part was that when I > checked out the supposed original message, it was all in RUSSIAN... and in > performing a whois trace, I saw that the domain of the target address was > also RUSSIAN. Can anyone explain how this happens? Do I have to be > concerned that someone has picked off access to one or all of my email > accounts? > It's probably the latest version of the Sobig worm -- it forges the sender email address. I've seen a few such returned mails today.

08-21-2003, 04:42 PM	#6
Mark Posts: n/a	Re: An odd case of email identity theft? "Jim Watt" <> wrote in message news:... > > **** happens, expect the unexpected. Constant change is here > to stay. > -- Is that constant change going to be constant?

08-19-2003, 10:34 PM	#1
	An odd case of email identity theft? I maintain several different email accounts, although all through the same provider. Earlier today I got a "returned mail" message on one of my lesser-used accounts. It said that my email to some address I didn't know had permanent fatal errors blah blah blah... The weird part was that when I checked out the supposed original message, it was all in RUSSIAN... and in performing a whois trace, I saw that the domain of the target address was also RUSSIAN. Can anyone explain how this happens? Do I have to be concerned that someone has picked off access to one or all of my email accounts? Thx. Wha?

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search