homepage Welcome to WebmasterWorld Guest from 54.227.77.237
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / Local / Foo
Forum Library, Charter, Moderators: incrediBILL & lawman

Foo Forum

    
Error from an email I didn't send
Sinner_G




msg:299103
 9:42 am on Nov 18, 2002 (gmt 0)

When I got to work this morning, I found a mail in my inbox telling me that some email was not delivered to someone. The problems are:

1) I don't know that person
2) I never sent the email

I would not be so surprised if I used Outlook, but I don't (I use Lotus Notes). So what happened?

Is it possible someone used an online mail agent and put my address as sender?

 

starec




msg:299104
 9:54 am on Nov 18, 2002 (gmt 0)

Yes, this happens a lot these days with some email viruses. Some infected user had your email address in his outlook address book and the virus used it as the "From" address when it resent itself to new targets.

It has happened to us with the email address I use for our newsletter and get nasty emails from people who think we are spreading the virus...

Terrible but there is nothing you can do about it.

mat




msg:299105
 9:56 am on Nov 18, 2002 (gmt 0)

Happened to a friend of mine recently. They were using OE, so I assumed some cruddy worm had gotten in (they had rather impressively managed to de-activate their kaspersky antivirus), but no, all was clean.
I eventually reckoned that they'd been mistakenly using 'Reply to all' (none too savvy, this person) and that the bounces were for some turkey addresses that were in the original (enormous) 'cc' list.

However, that's got very little to do with your circumstances, so I'm none too sure why I posted that!

Mat

[edited by: mat at 10:28 am (utc) on Nov. 18, 2002]

Sinner_G




msg:299106
 10:19 am on Nov 18, 2002 (gmt 0)

Nothing I can do about it? This is very disturbing. I mean, this is my professional email we're talking about.

Guess the only "option" (although it isn't really one) would be to tell every body I know to remove me from their adress book.

Starec, you make it sound like the virus resent the email with Outlook, not an online agent. Does that mean it is able to change the "from" adress in the program? That would be (another) M$ bug, so is there a reason it is not made impossible to have another sender than the person currently looged on the computer?

I know it wouldn't be a solution to the problem in general, but at least I would not be touched.

Josk




msg:299107
 10:28 am on Nov 18, 2002 (gmt 0)

> That would be (another) M$ bug...

No...more of just how the virus works.

> This is very disturbing. I mean, this is my professional email we're talking about.

Be a professional webmaster. Don't use insecure systems. Don't use Outlook, and if possible, don't use Microsoft

mat




msg:299108
 10:29 am on Nov 18, 2002 (gmt 0)

Josk - go re-read the original post.

bobriggs




msg:299109
 10:43 am on Nov 18, 2002 (gmt 0)

Sinner_G, here's an example of one of the klez virus variants:

Klez Virus Info [securityresponse.symantec.com]

See the section on email spoofing, and email.

This worm searches the Windows address book, the ICQ database, and local files for email addresses.

The (infected PC)/person sending the virus might not even know you; it could have found the address in a MSIE cache from a web page.

Unfortunately, there is little that you can do about it. This is assuming that it's one of these worm types. There are other possibilities.

JonB




msg:299110
 10:50 am on Nov 18, 2002 (gmt 0)

well, it could be just another spam tactic. i used to get thigns like this : undeliverable returned. i never sent and dont know who is this. there was attachment or "transcriot" of failed message included - and it was jsut some ad! so to put it simplay -spamer "shaped" his ad like it is my undeliverable. they are smart :)

also one time i was gettign a tons of emails telling me that 2this and this address is not valid" ...it tured out that spamer jsut used my address as "reply" address.

try looking at SOURCE of this email,maybe you will find some details. there are more detials when you look source of email(where it came etc)

mat




msg:299111
 10:55 am on Nov 18, 2002 (gmt 0)

Yes, it's well known that worms like Klez can scan address books for recipients - some even running there own SMTP client for sending them. They can also scan local drives for random files to attach (Sircam, for example) to outgoing messages.

However, the point that Sinner_G is making is that he was unaware that such worms/viruses could (genuinely) spoof the 'from' sender, and that is news to me also.

Mat

bobriggs




msg:299112
 10:59 am on Nov 18, 2002 (gmt 0)

Yes, could be from a spammer also.

If the returned/bounced email has the original headers, you can somewhat determine where it originated, only the IP address. You can't count on any From: or To: headers.

See:
Reading Email Headers [stopspam.org]

If you can determine the originating IP address, you can use samspade or whois or some other tool to see where it might have originated, but you won't be able to id the person.

Josk




msg:299113
 12:13 pm on Nov 18, 2002 (gmt 0)

> Josk - go re-read the original post.

Oops

Mardi_Gras




msg:299114
 2:44 pm on Nov 18, 2002 (gmt 0)

Just view the source of the e-mail and look for the reply-to address. That should be your culprit. Send them a note explaining that they are infected with the Klez virus and direct them to a site with removal tools (like Symantec).

I see a lot of Outlook bashing here - how about blaming the actual culprits, the users who are too lazy to install anti-virus software to stop a simple virus that's been around for what? A year now? Stopping this thing is not rocket science.

Mardi_Gras




msg:299115
 2:52 pm on Nov 18, 2002 (gmt 0)

Since your mail is being bounced back from the mailserver, not certain my advice above still holds. I think it does - it certainly works on any Klez-mail that arrives directly in your box.

Sinner_G




msg:299116
 3:26 pm on Nov 18, 2002 (gmt 0)

Unfortunately, I already deleted the email, so I can't look at the source. It's just some automatic reflex, anything that remotely looks like spam or a virus is involved gets deleted.

Outlook bashing: I've got some viruses from clients who do have the newest versions of anti-virus software. The problem is that the software is full of holes. The anti-virus industry normaly comes with patches quite fast, but still new viruses are programmed, mostly for Outlook simply because it's the most used tool. Still, no (or less) holes, no (or less) viruses.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Local / Foo
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved