Tilted Forum Project Discussion Community  

Go Back   Tilted Forum Project Discussion Community > Interests > Tilted Technology


 
 
LinkBack Thread Tools
Old 04-28-2004, 05:06 AM   #1 (permalink)
Registered User
 
sixate's Avatar
 
Location: Somewhere in Ohio
Someone's spoofing my email address

So how can I find out who it is?

I know it's happening because for the past 3 days I've been getting Failed delivery emails, all of which are coming from the same email address whicjh I have never ever contacted. They're coming from a site called http://www.hucardguys.com/. Basically, they sell shit to program cable satellite cards. Now here's the thing, there are only 8 or 10 people who have my email. I generally give out my hotmail or yahoo email, and don't give out my email which I use most often to contact friends. Even more interesting, 2 of those so called friends program these fucking satellite cards. I emailed the person who they were contacting in hopes that they can give me enough info to find out who it is. I don't wanna ask one of the 2 guys because it's not like they'll tell me, and then they'll be able to cover their ass. All I know is if it is one of these 2 people I think it is I'm gonna kick somebody's fucking ass. I hate when I find out I can't trust people......

Any help would be appreciated.

Something else I just thought of. On the 24th I got an email which was supposed to go to one of the 2 guys in question. Now, if he was spoofing my email could he have fucked something up to where I would recieve an email which was directed to him, not me?

Last edited by sixate; 04-28-2004 at 05:11 AM..
sixate is offline  
Old 04-28-2004, 05:20 AM   #2 (permalink)
Jam
Junkie
 
im not to smart about this but couldnt this also been some spyware/virus thing...
Jam is offline  
Old 04-28-2004, 05:21 AM   #3 (permalink)
Right Now
 
Location: Home
It sounds like one of the 8 or 10 people with your email address were infected with netsky. It spoofs the "From" line with an address randomly selected from the address book. I think you just got lucky.
Peetster is offline  
Old 04-28-2004, 06:51 AM   #4 (permalink)
"Officer, I was in fear for my life"
 
hrdwareguy's Avatar
 
Location: Oklahoma City
/me agrees with Peetster

I've got 188 messages sitting in an undeliverable folder because of this. Netsky sucks.
__________________
Gun Control is hitting what you aim at

Aim for the TFP, Donate Today
hrdwareguy is offline  
Old 04-28-2004, 09:09 AM   #5 (permalink)
It's all downhill from here
 
docbungle's Avatar
 
Location: Denver
Happened to me too. Had me scratching my head for a while. It's like I have to update my virus protection every day now, if not more, just to stay safe.
__________________
Bad Luck City
docbungle is offline  
Old 04-28-2004, 09:12 AM   #6 (permalink)
Insane
 
Location: A fuzzy cloud.
It's netsky or one of the variants, without a doubt. Work for an ebay company and we get 100's of undeliverables a day thanks to it.
Realizm is offline  
Old 04-28-2004, 09:46 AM   #7 (permalink)
Registered User
 
sixate's Avatar
 
Location: Somewhere in Ohio
Quote:
Originally posted by Peetster
It sounds like one of the 8 or 10 people with your email address were infected with netsky. It spoofs the "From" line with an address randomly selected from the address book. I think you just got lucky.
So I should be emailing the 8-10 people to tell them they may have a virus? Because I know I don't have it.
sixate is offline  
Old 04-28-2004, 09:50 AM   #8 (permalink)
Devils Cabana Boy
 
Dilbert1234567's Avatar
 
Location: Central Coast CA
it is easy to spoof email, all you have to do is run an email server and send waht you wnt where you want. there are programs out there that let you spoof the senders name.

it is probubly just some jack ass who wants to mess with you.

let your freinds know and switch you email address. there is little you can do.
__________________
Donate Blood!

"Love is not finding the perfect person, but learning to see an imperfect person perfectly." -Sam Keen
Dilbert1234567 is offline  
Old 04-28-2004, 09:55 AM   #9 (permalink)
Right Now
 
Location: Home
Quote:
Originally posted by sixate
So I should be emailing the 8-10 people to tell them they may have a virus? Because I know I don't have it.
It would likely be a waste of time. They'll figure it out and fix it or they won't. Chances are your email would alarm/piss off/frighten the ones that aren't infected.
Peetster is offline  
Old 04-28-2004, 10:14 AM   #10 (permalink)
Darth Papa
 
ratbastid's Avatar
 
Location: Yonder
I agree, probably one of your two card-programming buddies has the virus and it's latched onto your address to spoof in the "From" field. It's then trying to send mail to somebody else in their address book (which is probably loaded with card-programming folks), which is failing because of who knows why, and bouncing back to you.

This happens a lot with email viruses--they circulate in pockets of community. I was getting it from the other resellers of the hosting service I resell. I heard about very specific pockets of people passing it back and forth. Scientists at distant universities who are researchers in the same field, for instance. It'd be sort of an interesting social connectivity experiment, if it weren't so damn annoying.

What the hell, though. Post some headers, we'll take a look and see if it looks more suspicious than that.

Last edited by ratbastid; 04-28-2004 at 10:16 AM..
ratbastid is offline  
Old 04-28-2004, 11:05 AM   #11 (permalink)
Registered User
 
sixate's Avatar
 
Location: Somewhere in Ohio
Obviously, I deleted all entries with my email and domain with ------------------------
I have 3 headers which are exactly like the first 2, and the 3rd one I recieved while I was sleeping.


Return-Path: <>
Delivered-To: ----------------------------------
Received: (qmail 20043 invoked from network); 28 Apr 2004 14:20:12 -0000
Received: from cpe002078d1af34-cm014490002869.cpe.net.cable.rogers.com (HELO --------------------) ([24.102.138.211]) (envelope-sender <>)
by mail-4.---------------------------- (qmail-ldap-1.03) with SMTP
for <--------------------------->; 28 Apr 2004 14:20:12 -0000
MIME-Version: 1.0
Message-Id: 408FBD45.000003.17633@VAIO
Date: Wed, 28 Apr 2004 10:18:45 -0400 (Eastern Daylight Time)
Content-Type: Multipart/report;
report-type="delivery-status";
boundary="------------Boundary-00=_93XVG6G0000000000000"
From: MAILER-DAEMON@------------------- (Mail Delivery Subsystem)
Message-Id: E1BIo1v-0002VL-H6@mx1.-----------------------
Auto-Submitted: auto-generated (failure)
To: -------------------------------------------
Subject: Undelivered mail: User unknown

Along with this first one a .txt was attatched. This is what it said:

Reporting-MTA: dns; mx1.------------------------------
Received-From-MTA: dns;
Arrival-Date: Tue, 27 Apr 2004 14:51:26 -0700
Final-Recipient: rfc822; <maxine@hucardguys.com>
X-Actual-Recipient: rfc822; maxine@hucardguys.com

Action: failed
Status: 5.1.1
Last-Attempt-Date: Tue, 27 Apr 2004 14:51:26 -0700
Diagnostic-Code: smtp; 550 <maxine@hucardguys.com>: User unknown in virtual mailbox table




Return-Path: <>
Delivered-To: -------------------------------
Received: (qmail 7356 invoked from network); 28 Apr 2004 11:57:56 -0000
Received: from mail-3.------------------------ ([63.67.120.3]) (envelope-sender <>)
by mail-4.--------------------------(qmail-ldap-1.03) with QMQP
for <>; 28 Apr 2004 11:57:56 -0000
Delivered-To: CLUSTERHOST mail-3.----------------------- --------------------------
Received: (qmail 23299 invoked from network); 28 Apr 2004 11:57:57 -0000
Received: from 69-28-195-132.waterhosting.com (HELO server1.waterhosting.com) ([69.28.195.132]) (envelope-sender <>)
by mail-3.------------------------- (qmail-ldap-1.03) with SMTP
for ------------------------------; 28 Apr 2004 11:57:56 -0000
Received: from mailnull by server1.waterhosting.com with local (Exim 4.24)
id 1BInhM-0002AD-5x
for -----------------------------; Wed, 28 Apr 2004 07:57:56 -0400
X-Failed-Recipients: maxine@hucardguys.com
Auto-Submitted: auto-generated
From: Mail Delivery System Mailer-Daemon@server1.waterhosting.com
To: -----------------------------------
Subject: Mail delivery failed: returning message to sender
Message-Id: E1BInhM-0002AD-5x@server1.waterhosting.com
Date: Wed, 28 Apr 2004 07:57:56 -0400
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server1.waterhosting.com
X-AntiAbuse: Original Domain - ---------------------------
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain -




Return-Path: trickofmind@earthlink.net
Delivered-To: -------------------------------
Received: (qmail 9162 invoked from network); 28 Apr 2004 17:21:45 -0000
Received: from unknown (HELO ChrissyLewgood.org) ([207.195.108.66]) (envelope-sender <trickofmind@earthlink.net>)
by mail-4.--------------------------- (qmail-ldap-1.03) with SMTP
for ------------------------------; 28 Apr 2004 17:21:45 -0000
Date: Wed, 28 Apr 2004 11:21:42 -0600
To: "-----------" ------------------------------------
From: "Trickofmind" trickofmind@earthlink.net
Subject: Fax Message Received
Message-ID: <ikdnmdknuzqkpozvyb@-----------------------------
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="--------iuoyozfzjjanhzpfjugi"


This was a message sent with one of the Failures:

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

maxine@hucardguys.com
This message has been rejected because it has
a potentially executable attachment "Joke.vbs"
This form of attachment has been used by
recent viruses or other malware.
If you meant to send this file then please
package it up as a zip file and resend it.

------ This is a copy of the message, including all the headers. ------

Return-path: <----------------------------------->
Received: from [24.64.178.237] (helo=bill.org)
by server1.waterhosting.com with smtp (Exim 4.24)
id 1BInhJ-0002A8-Io
for maxine@hucardguys.com; Wed, 28 Apr 2004 07:57:53 -0400
Date: Wed, 28 Apr 2004 05:54:57 -0700
To: "Maxine" <maxine@hucardguys.com>
From: "------" <--------------------------->
Subject: Re: Thank you!
Message-ID: <cbhszpucazwbieuibwt@hucardguys.com>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="--------mrbcympdjopcrugpcusy"

----------mrbcympdjopcrugpcusy
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit

html body


br
body html

----------mrbcympdjopcrugpcusy
Content-Type: application/octet-stream; name="Joke.vbs"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Joke.vbs"
sixate is offline  
Old 04-28-2004, 12:52 PM   #12 (permalink)
beauty in the breakdown
 
Location: Chapel Hill, NC
Yeah, that looks like a return from a virus-spoofed email. I wouldnt worry about it. I get them all the time, and I *know* that I dont have any viruses. No worries
__________________
"Good people do not need laws to tell them to act responsibly, while bad people will find a way around the laws."
--Plato
sailor is offline  
Old 04-28-2004, 03:08 PM   #13 (permalink)
undead
 
Location: nihilistic freedom
Dude, I know it's probably just an email virus... but I suggest you change your email password. Let's say one of your "buddies" needs an email address and just happened to know your password.... he uses your box and your password to check back later to see if anyone replied.

For your sake though, I hope it is just a virus and none of your friends would be such an asshole.
nothingx is offline  
Old 04-28-2004, 04:31 PM   #14 (permalink)
Quadrature Amplitude Modulator
 
oberon's Avatar
 
Location: Denver
I'll echo Peetster & hrdware etc. here.

I get about 20-50 a day. Nowadays they just get filtered into my spam mailbox.
__________________
"There are finer fish in the sea than have ever been caught." -- Irish proverb
oberon is offline  
Old 04-29-2004, 02:42 AM   #15 (permalink)
Jam
Junkie
 
lucky... i get more then a hundred per day now
Jam is offline  
Old 04-29-2004, 03:33 AM   #16 (permalink)
Registered User
 
sixate's Avatar
 
Location: Somewhere in Ohio
Well, it seems that both of the dudes in question are also getting this shit, but nobody else who has my email address is getting it. I know my system is clean. I hope they get theirs clean soon.
sixate is offline  
Old 04-29-2004, 05:15 AM   #17 (permalink)
Darth Papa
 
ratbastid's Avatar
 
Location: Yonder
Yup. Here's the giveaway in the message you posted:

Quote:
This message has been rejected because it has
a potentially executable attachment "Joke.vbs"
This form of attachment has been used by
recent viruses or other malware.
If you meant to send this file then please
package it up as a zip file and resend it.
ratbastid is offline  
 

Tags
address, email, spoofing


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -8. The time now is 05:47 AM.

Tilted Forum Project

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Search Engine Optimization by vBSEO 3.6.0 PL2
© 2002-2012 Tilted Forum Project

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360