Someone's computer has a virus that is spoofing my e-mail address

Discussion in 'Computer Support' started by A. J. Moss, Sep 19, 2003.

  1. A. J. Moss

    A. J. Moss Guest

    In the past day I have received a large number of e-mails to this
    address. Some are 143K long and have subjects along the lines of
    "Returned mail - user unknown"; others are 157K long and have subjects
    like "Microsoft Security Update".

    I know this is something to do with a virus that is trying to spread
    itself as an e-mail attachment. I have an up to date version of Norton
    Antivirus 2003, and I never open attachments from unfamiliar senders,
    so I know it's not my computer that has a virus.

    The header from one of the 143K e-mails is

    [BEGIN QUOTE]

    X-Symantec-TimeoutProtection: 0
    X-Symantec-TimeoutProtection: 1
    Return-Path: <>
    Received: from dswu27.btconnect.com (193.113.154.28) by
    mk-cpfrontend.uk.tiscali.com (6.7.018)
    id 3F69DE0C0021ED12 for ; Fri, 19 Sep
    2003 16:54:03 +0100
    Date: Fri, 19 Sep 2003 16:54:03 +0100 (added by
    )
    Message-ID: <>
    (added by )
    Received: from wtxtj (actually host
    host81-137-212-74.in-addr.btopenworld.com) by dswu27 with SMTP-CUST
    (XT-PP); Fri, 19 Sep 2003 16:27:31 +0100
    FROM: "inet email delivery service" <>
    TO: "email recipient" <>
    SUBJECT: Failure Notice
    Mime-Version: 1.0
    Content-Type: multipart/alternative;
    boundary="jhhnstsvxikeb"
    X-PMFLAGS: 570950016 0 1 PJXUAB2H.CNM

    --jhhnstsvxikeb
    Content-Type: text/html
    Content-Transfer-Encoding: quoted-printable

    <HTML>
    <HEAD></HEAD>
    <BODY>
    <iframe src=3D"cid:pzlnvicocld" height=3D0 width=3D0></iframe>
    <BR>This is the qmail program<BR>
    <BR><BR><BR>Undelivered mail to <B></B>
    </BODY></HTML>

    --jhhnstsvxikeb
    Content-Type: audio/x-wav; name="fiksozbq.exe"
    Content-Transfer-Encoding: base64
    Content-Id: <pzlnvicocld>

    [END QUOTE]

    Followed by a big binary.

    Whose postmaster do I complain to, to stop these messages?
     
    A. J. Moss, Sep 19, 2003
    #1
    1. Advertising

  2. A. J. Moss

    why? Guest

    On Fri, 19 Sep 2003 17:41:52 +0100, A. J. Moss wrote:

    <snip>
    >"Returned mail - user unknown"; others are 157K long and have subjects
    >like "Microsoft Security Update".
    >
    >I know this is something to do with a virus that is trying to spread


    Hooray!

    >itself as an e-mail attachment. I have an up to date version of Norton

    <snip>
    >[BEGIN QUOTE]
    >
    >X-Symantec-TimeoutProtection: 0
    >X-Symantec-TimeoutProtection: 1
    >Return-Path: <rod@g<snip>


    Snipped email address above. If you post these spammers can use them.

    >Received: from dswu27.btconnect.com (193.113.154.28) by
    >mk-cpfrontend.uk.tiscali.com (6.7.018)
    > id 3F69DE0C0021ED12 for <snip>; Fri, 19 Sep


    Also snipped your addy, but it's a bit late now....

    >2003 16:54:03 +0100
    >Date: Fri, 19 Sep 2003 16:54:03 +0100 (added by
    ><snip>


    Oops..... if they didn't get enough.

    >Message-ID: <>
    >(added by <snip>


    See above

    >Received: from wtxtj (actually host
    >host81-137-212-74.in-addr.btopenworld.com) by dswu27 with SMTP-CUST


    Try the Received: from line, btopenworld

    Look at the info here about tracing and reporting
    www.btopenworld.co.uk
    Help , bottom of page
    Complaint , on the left
    1st heading Abuse

    Try feeding the message into spamcop, it will sort out the msg headers.

    >(XT-PP); Fri, 19 Sep 2003 16:27:31 +0100
    >FROM: "inet email delivery service" <smtpservice@<snip>.net>


    america.net is a real hostname, but a couple of lines are missing.

    >TO: "email recipient" <receiver@<snip>r.com>


    same here no trace lines, but as it sends it's own mail it can make up
    headers.

    >SUBJECT: Failure Notice
    >Mime-Version: 1.0
    >Content-Type: multipart/alternative;

    <snip>

    Whose postmaster do I complain to, to stop these messages?
    Complain maybe, stop not likely.

    Me
     
    why?, Sep 19, 2003
    #2
    1. Advertising

  3. A. J. Moss

    Boomer Guest

    A. J. Moss said:

    > In the past day I have received a large number of e-mails to
    > this address. Some are 143K long and have subjects along the
    > lines of "Returned mail - user unknown"; others are 157K long
    > and have subjects like "Microsoft Security Update".
    >
    > I know this is something to do with a virus that is trying to
    > spread itself as an e-mail attachment. I have an up to date
    > version of Norton Antivirus 2003, and I never open attachments
    > from unfamiliar senders, so I know it's not my computer that has
    > a virus.
    >
    > The header from one of the 143K e-mails is

    [snip]

    >
    > Whose postmaster do I complain to, to stop these messages?
    >


    Bill Gates at Microsoft.com :)

    Use another browser/e-mail client.
     
    Boomer, Sep 19, 2003
    #3
  4. In article <>,
    says...
    >
    >
    >In the past day I have received a large number of e-mails to this
    >address. Some are 143K long and have subjects along the lines of
    >"Returned mail - user unknown"; others are 157K long and have subjects
    >like "Microsoft Security Update".
    >
    >I know this is something to do with a virus that is trying to spread
    >itself as an e-mail attachment. I have an up to date version of Norton
    >Antivirus 2003, and I never open attachments from unfamiliar senders,
    >so I know it's not my computer that has a virus.
    >

    <snip>

    The virus spoofs the "From" line using addresses from lists on infected
    machines. Unless you can determine the IP of the infected machine by
    looking at the headers of the original virus email, you can't do
    anything but delete the messages. This is the same for most of the
    recent email virii. Isn't the internet great? ;)
     
    Another Airnet User, Sep 19, 2003
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Sharon

    email address spoofing

    Sharon, Dec 20, 2003, in forum: Computer Support
    Replies:
    9
    Views:
    532
  2. Replies:
    4
    Views:
    4,499
    Paul - xxx
    Apr 7, 2004
  3. Phil Nospam

    Spoofing "TO" Address in email

    Phil Nospam, Nov 18, 2005, in forum: Computer Security
    Replies:
    10
    Views:
    1,528
    Winged
    Nov 28, 2005
  4. Nick

    spoofing the e-mail address

    Nick, Mar 28, 2006, in forum: Computer Security
    Replies:
    8
    Views:
    644
  5. "Spoofing" an IP Address

    , Sep 26, 2007, in forum: Wireless Networking
    Replies:
    3
    Views:
    451
    Phillip Windell
    Sep 26, 2007
Loading...

Share This Page