| Examine these mail headers
Hotmail, weirdest thing I've seen. Well one of them |
rocknbil
msg:4063126 | 8:52 pm on Jan 18, 2010 (gmt 0) |
I know just enough about email headers to be dangerous. But I usually recognize the vital elements. This is someone who is a "known" email contact, but haven't heard from her in well over a year. The email content was a ploy to send money, which I find highly unlikely from this person. Unfortunately, she is unreachable, which makes it even more suspicious. But here's the weirdest thing of all: this email has no "To" to any of my email addresses. It comes from hotmail, all the original IP's in the headers were MS servers, but there's no TO. How did I receive this? Anonymized, but here's the headers . . . . Received: (qmail 16191 invoked from network); 18 Jan 2010 00:41:05 -0800
Received: from SOME HOTMAIL ID.hotmail.com (SOME HOTMAIL IP ADDRESS)
by MY SERVER IP ADDRESS with SMTP; 18 Jan 2010 00:41:05 -0800
Received: from BAY142-W17 ([SOME HOTMAIL IP ADDRESS]) by SOME HOTMAIL ID.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959);
Mon, 18 Jan 2010 00:57:13 -0800
Message-ID: <some-unique-id@phx.gbl>
Return-Path: THE KNOWN HOTMAIL ADDRESS@hotmail.com
X-Originating-IP: [SOME HOTMAIL IP ADDRESS]
From: COMPANY NAME <THE KNOWN HOTMAIL ADDRESS@hotmail.com>
To: <THE KNOWN HOTMAIL ADDRESS@hotmail.com> <!-- Added by bill: HUH? -->
Subject: I NEED YOUR HELP URGENTLY
Date: Mon, 18 Jan 2010 02:57:13 -0600
Importance: Normal
MIME-Version: 1.0
X-OriginalArrivalTime: 18 Jan 2010 08:57:13.0768 (UTC) FILETIME=[3A466A80:01CA981C]
Content-Type: multipart/mixed; boundary="=======AVGMAIL-00EC72F0======="
Hi,
(mail content follows) Some "Guesses": Their account hacked? Some weirdness going on at hotmail? Though we have no indication otherwise, have to consider, someone has gained access to our server? Conferred with my admin, he sees no such indication in this email, but just because I'm paranoid doesn't mean they're not after me . . .
|
lammert
msg:4063313 | 2:41 am on Jan 19, 2010 (gmt 0) |
I have received some of these emails last months from friends who used hotmail some years ago. It seems that hackers have found a bunch of hotmail passwords and are now using these accounts to send emails to people in the address book of those hotmail accounts. It may have something to do with [google.com...]
|
encyclo
msg:4063319 | 2:56 am on Jan 19, 2010 (gmt 0) |
Yes, many Hotmail users have had their accounts hacked, with the hackers spamming the people in the accounts' contact lists. This enables the spammers to bypass spam filters more easily. Another aspect is the hackers changing the auto-reply on hacked accounts to "auto-spam" anyone emailing to the hacked account address. The security of your own server would not be affected by any of this.
|
rocknbil
msg:4063737 | 7:10 pm on Jan 19, 2010 (gmt 0) |
That's kinda what I thought. I looked through **some** of the links today (and yesterday :-) ) but what fascinates me about this one in particular is how I received it without a to in the headers, or that the to is the hotmail address. Even in an auto-reply it should have a "to."
|
lammert
msg:4063759 | 7:27 pm on Jan 19, 2010 (gmt 0) |
You are in the BCC: list. That is an easy way to compose one email message and send it to tens of people at once, without any of the recipients knowing that they received a bulk message.
|
rocknbil
msg:4066446 | 7:28 pm on Jan 23, 2010 (gmt 0) |
Yes, I'd thought of that, but usually a BCC still has a "to" to the recipient(?) Does anyone know of a way to report abuse to hotmail? I looked around their site, couldn't find anything, abuse@ returns undelivered. I did submit a "feedback" to their site, if that's the only avenue, good enough . . . .
|
|
|
