Strange e-mail behavior [Archive] - Glock Talk

PDA

View Full Version : Strange e-mail behavior


Garweh
01-22-2005, 15:20
I think that I have been hijacked...

I am using Mozilla Thunderbird for e-mail (v 1.0). Recently I have noticed some returned e-mail errors when I retrieve my e-mail. The server is usually listed as "mailer.daemon.net" and the subject is usually an offer for porn site(s). My e-mail address is listed as the sender. I AM NOT sending out these e-mails and they appear to be going to valid e-mail addresses (I have not checked the addresses). I wonder if 1) these are a form of "bounce messages" trying to infect my computer with a virus, or 2) somehow my e-mail address has been "hijacked" and is being used by a 3rd party to send out offensive e-mails/spam to other users in my name?!?

I am using a satellite internet service which is always "on" (these e-mails are sent while I am not active on my computer). I have both hardware and software firewalls, hardware and software antivirus protection. I use ad-aware and spybot regularly.

ANY SUGGESTIONS ON HOW TO ELIMINATE THIS??? If you require further info, please ask for it. Thank you all!

fastvfr
01-22-2005, 15:49
Not hijacked, exactly...spambotted is the term I use.

It seems that a small malware applet with embedded SMTP server capabilities is currently installed on your PC.

It has nothing to do with any Mozilla products.

Try running an updated Spybot 1.3 and Ad-Aware, then go to Trend for their excellent online Housecall scan.

With any luck, one of them will grease it for you. Good luck.

HerrGlock
01-23-2005, 00:56
I deal with this garbage regularly. In all honesty, if your ISP were to shut down for a couple days so your email address could not physically or logically send out email and you went on vacation without your computer and left it off, you would plug back in later to find a buttload more of these bounces that appear to have come from you during the time you could never have sent mail.

What happens:

Spammer gets email lists by buying them, spidering sites, etc.
Spammer sets up email server or finds open relay.
Spammer uses software to send out a bazillion emails and makes each one appear to be from a different From address, one of which happens to be yours.
Spammer sends these emails to a couple hundred ISPs with trial usernames in the hopes that the email will reach a number of legit email addresses.

The spammer does not care about the bounces as the spammer will never see them. The bounces will come back to you, the guy down the street, and everybody else. There was a way to slow the spam by making the mail server ensure the From address was legit so spammers now buy email address lists to ensure they always have a legit From address, yours.

There is very little you can do about it and even less you can do about it until after the spammer is caught by another means.

DanH