SmartFeedSmartFeed          

Porsche Hangout


WELCOME - YOU ARE CURRENTLY VIEWING 419EATER AS A GUEST

By joining our community you will have the ability to post topics and access other forums reserved for members. Registration is quick, simple and absolutely free. Join our community today by clicking here.

ScamWarners.com - Internet Anti-Fraud Center - now open!


 Mail Hijack?

View next topic
View previous topic
 
Post new topicReply to topic
Author Message
iMike
Elite Baiter


Joined: 21 Jan 2005
Posts: 1371
Location: Ministry of Serendipity


PostPosted: Thu May 24, 2007 5:14 pm Reply with quoteBack to top

OK, I'm not too tech savvy so I could do with a little help with this.

Yesterday I noticed a bounced email in my mailbox. Didn't recognise the outgoing address so I had a closer look. Turned out to be one of these chain type emails- lots of random words & what appears to be a .gif attachment.

The email address is one provided by my ISP & takes the form [email protected]. POP3 server requires login, but SMTP server doesn't. The 'myname' bit had been replaced by a random name. Header gave these IP addresses:
Quote:
194.217.242.95
213.146.137.36
212.125.75.12
75.139.131.125
75.139.131.125
136.160.89.74
75.139.131.125
7.1.0.9


(I know the last one's spurious). None of these is my actual (static) IP address. Just to be on the safe side, I disabled the smtp server. Today there are another 5 undeliverable emails - presumably getting rid of the smtp server stopped them from being delivered?

What I need to know is:

a) How?
b) What's the best way of stopping it?

Hardware wise, my machine is a G4 iMac, OS 10.4 (with latest updates). I've a wired network consisting of this, a G3 iMac (OS 10.3), a Windows XP PC & finally a Windows XP laptop - this last one is also equipped with a wireless card. The 2 iMac's both have the standard Apple firewall enabled. The laptop (daughter's) didn't have the firewall enabled.

Any suggestions?

_________________
-- Goat Goat Easter Egg

Closed lad accounts x2

"you have luke worm in your brain" - Ekaetta Bello
"invite me to your country and let me clearify your legitimacy asshole" - Mose5 Uzem3
"the transfer was not authorized due to my persistent double mind" - Clement Wank
"this is not the time to play planks" - Mack Anthony

WIFI PDA - post while you dump
SAY 'NO' TO GAS STORAGE!

<a href="/forum/donate.php">[FREE LAPHROAIG]</a>
View user's profileSend private message
Rodus
Baiting Guru


Joined: 13 Dec 2006
Posts: 3685
Location: Back under the cold shower


PostPosted: Thu May 24, 2007 5:23 pm Reply with quoteBack to top

^^^which email client are you using (mail or Thunderbird)?

_________________
I will kiss you romance u,suck and penetrate u - Williams Muyeke
now am as poor as a church rat - Lou1s Mar1on
I AM FINANCIALLY DEAD RIGHT AWAY - Louis in Accra
u can keep sending money to Gomer and leave me alone - Agent Smith cracks up

Pith Helmet Lou1s Mar1on - Lagos to Accra (satellite IP) - "so, what i need to do to get out of these place?"
Sand Timer - 18 mths: Louis

starstar

The*Catb1ngo Hotel*
*My Church*

pony pony pony Nurse Nastys Audi TT Nurse Nastys Audi TT Mortar x23 Closed lad accounts

Last edited by Rodus on Thu May 24, 2007 5:27 pm; edited 1 time in total
View user's profileSend private messageSend e-mailYahoo Messenger
iMike
Elite Baiter


Joined: 21 Jan 2005
Posts: 1371
Location: Ministry of Serendipity


PostPosted: Thu May 24, 2007 5:26 pm Reply with quoteBack to top

Thunderbird.

_________________
-- Goat Goat Easter Egg

Closed lad accounts x2

"you have luke worm in your brain" - Ekaetta Bello
"invite me to your country and let me clearify your legitimacy asshole" - Mose5 Uzem3
"the transfer was not authorized due to my persistent double mind" - Clement Wank
"this is not the time to play planks" - Mack Anthony

WIFI PDA - post while you dump
SAY 'NO' TO GAS STORAGE!

<a href="/forum/donate.php">[FREE LAPHROAIG]</a>
View user's profileSend private message
Rodus
Baiting Guru


Joined: 13 Dec 2006
Posts: 3685
Location: Back under the cold shower


PostPosted: Thu May 24, 2007 5:30 pm Reply with quoteBack to top

Windows Laptop without firewall automatically starts alarm bells ringing. Can you simply use your email prefs to block incoming from the addresses the suspicious emails came from (and turn on the laptop firewall if your router doesn't have one)
I do know that Thunderbird did (does?) have some security issues with SMTP and down-negotiation, maybe a good time to swap to Thunderbird 2.

_________________
I will kiss you romance u,suck and penetrate u - Williams Muyeke
now am as poor as a church rat - Lou1s Mar1on
I AM FINANCIALLY DEAD RIGHT AWAY - Louis in Accra
u can keep sending money to Gomer and leave me alone - Agent Smith cracks up

Pith Helmet Lou1s Mar1on - Lagos to Accra (satellite IP) - "so, what i need to do to get out of these place?"
Sand Timer - 18 mths: Louis

starstar

The*Catb1ngo Hotel*
*My Church*

pony pony pony Nurse Nastys Audi TT Nurse Nastys Audi TT Mortar x23 Closed lad accounts
View user's profileSend private messageSend e-mailYahoo Messenger
iMike
Elite Baiter


Joined: 21 Jan 2005
Posts: 1371
Location: Ministry of Serendipity


PostPosted: Thu May 24, 2007 5:43 pm Reply with quoteBack to top

Quote:
Can you simply use your email prefs to block incoming


there's nothing showing as incoming - except when the mail was undeliverable & I received a notification from the intended recipient. None of these mails have appeared in either my sent or received boxes. Didn't know Thunderbird 2 (Virgil? Very Happy ) was out. Think it's time for an upgrade - still on 1.5. Daughter's been given strict instructions that firewall remains ON at all times!

_________________
-- Goat Goat Easter Egg

Closed lad accounts x2

"you have luke worm in your brain" - Ekaetta Bello
"invite me to your country and let me clearify your legitimacy asshole" - Mose5 Uzem3
"the transfer was not authorized due to my persistent double mind" - Clement Wank
"this is not the time to play planks" - Mack Anthony

WIFI PDA - post while you dump
SAY 'NO' TO GAS STORAGE!

<a href="/forum/donate.php">[FREE LAPHROAIG]</a>
View user's profileSend private message
The Man
Baiting Guru


Joined: 11 Apr 2007
Posts: 2885
Location: La La Land


PostPosted: Thu May 24, 2007 5:58 pm Reply with quoteBack to top

Mike:

Full virus scan with most recent update you can find. Here at work when we find this kind of thing happening it is because someone got a virus that zobified their computer. RUN A FIRE WALL AND VIRUS PROTECTION AT ALL TIMES.

_________________
---
The Man

YOU ARE A CHILD OF SATAN WITH YOUR HUNGRY DIRTY BODY ,TUNDER FIRE YOU BIG HEAD IDIOT !!! HA HA HA HA HA

IS THIS HOW YOU DECIDED TO TREAT US AFTER ALL WE WENT THROUGH?YOU MADE US TRAVELLED TO ABUJA AND INDEBTED US.

"Cursed is your mother that gave birth to a family-disgrace like you. Cursed is your father he could not control his lust for anything under skate"

"hey u crakhead motherf*cking nitwit, from the way u express the cockamamy sh*t that ur dumb brain is made up of it's so obvious that u never really made it past elementary school but anywayz dogs don't have to go to school afterall."

Pith Helmet (Lagos to Abuja)
Netherlands China Canada x2 United Kingdom Spain Ivory Coast Germany

Hello Kitty! <---in lieu of a brownie. TS
Mortar x8
View user's profileSend private message
Rodus
Baiting Guru


Joined: 13 Dec 2006
Posts: 3685
Location: Back under the cold shower


PostPosted: Thu May 24, 2007 6:26 pm Reply with quoteBack to top

For total piece of mind The Man is right, PC wise there are loads to choose from. For the Mac I recommend http://www.clamxav.com/

_________________
I will kiss you romance u,suck and penetrate u - Williams Muyeke
now am as poor as a church rat - Lou1s Mar1on
I AM FINANCIALLY DEAD RIGHT AWAY - Louis in Accra
u can keep sending money to Gomer and leave me alone - Agent Smith cracks up

Pith Helmet Lou1s Mar1on - Lagos to Accra (satellite IP) - "so, what i need to do to get out of these place?"
Sand Timer - 18 mths: Louis

starstar

The*Catb1ngo Hotel*
*My Church*

pony pony pony Nurse Nastys Audi TT Nurse Nastys Audi TT Mortar x23 Closed lad accounts
View user's profileSend private messageSend e-mailYahoo Messenger
kleindoofy
*** BANNED ***


Joined: 24 Oct 2004
Posts: 6248
Location: Europe


PostPosted: Thu May 24, 2007 7:22 pm Reply with quoteBack to top

@iMike

That's not a bounced email. It's just spam that's made to *look like* a bounced email.

My compi is super clean and is definitely not sending anything out and I still get about 20 of those every day.

Delete them and drink a cold beer.
View user's profileSend private message
iMike
Elite Baiter


Joined: 21 Jan 2005
Posts: 1371
Location: Ministry of Serendipity


PostPosted: Thu May 24, 2007 7:36 pm Reply with quoteBack to top

^^^ light's just begun to dawn - that particular email account's only been given to a very few people, yet recently it's been crawling with spam. One of the people who I gave it to started sending me 'joke' chain emails. Wonder if it's possible her machine's been infected with something?

Anyway, it's been a wake-up call. Upgraded Thunderbird & now got ClamXav running.

thanks for the input.

_________________
-- Goat Goat Easter Egg

Closed lad accounts x2

"you have luke worm in your brain" - Ekaetta Bello
"invite me to your country and let me clearify your legitimacy asshole" - Mose5 Uzem3
"the transfer was not authorized due to my persistent double mind" - Clement Wank
"this is not the time to play planks" - Mack Anthony

WIFI PDA - post while you dump
SAY 'NO' TO GAS STORAGE!

<a href="/forum/donate.php">[FREE LAPHROAIG]</a>
View user's profileSend private message
thud419
Baiting Guru


Joined: 04 Jan 2006
Posts: 3193


PostPosted: Thu May 24, 2007 8:25 pm Reply with quoteBack to top

Someone's PC is infected and it picked your name out as the disguise to hide behind. It sends out mail with a spoofed sender. I get loads of these every day. It's nothing to get worried about. If you got the full header in the bounce message it is usually possible to trace it back to the real sender.

In this case it's spam, but what's more annoying is when it's a virus sending itself out the same way. The anti-virus filters send you a message to say they found a virus when they know perfectly well you did not send it.

_________________
Click here to feel warm and cozy.

I did not f**k your wife in any way -- Nike Akanbi
I don't know what else to do or do I continue filling and filling forms. -- Barr. Koloti
you has been dribbling me up and down but I will show some thing you have never seen before, I think you breath air wait and see. -- Sand Timer Barr. Cole
Cellphone x14
United States x 0.25 won from Reaper in a sucker's bet

Hello Kitty! pony Mortar x8 Closed lad accounts x several
View user's profileSend private messageSend e-mailVisit poster's website
Dirteh Sanchez
Elite Baiter


Joined: 10 Sep 2004
Posts: 1470
Location: Under Parliament somewhere...


PostPosted: Thu May 24, 2007 9:02 pm Reply with quoteBack to top

The alternative is that somone has been sending spam and using your email address as the sender address.
I had it happen to me. But I have DNS control and simply set all bouncing emails to be redirected to the owner of the site that had used my address for the spamming.
In the course of two days, Mr spammers [email protected] address received over 4,000 bounced emails.

Lucky Ruskie...

_________________
Back and kicking bottom...
________________________

Killed Scammer Banks >100 (gave up counting longgggggg ago.) Jolly Roger x5 x2 Mortar
_______________________________________
Fight the Phishers at www.phishfighting.com
View user's profileSend private message
David Lister
Not quite a Newb


Joined: 16 May 2007
Posts: 64
Location: Scotland


PostPosted: Thu May 24, 2007 10:56 pm Reply with quoteBack to top

the bouncing emails could be the spam too.
I get a lot into my university account, never from my address or to it.

_________________
Don't try to be a great man, just be a man. Let history make it's own judgements
View user's profileSend private messageMSN Messenger
Display posts from previous:      
Post new topicReply to topic


 Jump to:   



View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



E-Mail Header Analysis


All Content © 2003 - 419Eater.com
Powered by phpBB © 2001, 2002 phpBB Group :S5: FI Theme :: All times are GMT