Delivery failure notices
Starting a couple of weeks ago or so, I've been getting random batches of delivery failure notices from several random mail servers that I've never heard of before and aren't on my address book. I've looked at the messages that are supposedly being sent out by my address (my address is synthetic@***.
Starting a couple of weeks ago or so, I've been getting random batches of "delivery failure notices" from several random mail servers that I've never heard of before and aren't on my address book. I've looked at the messages that are supposedly being sent out by my address (my address is synthetic@***.net), and they appear to be advertisements trying to sell prescription drugs. I currently run norton antivirus 2003 with updated definitions, am behind a linksys router, and run the new version of ICF (I'm a winxp sp2 tester)... and so far I haven't seen any virus activity on my machine. I also downloaded "The Cleaner" to check for trojans and it didn't come up with anything. Am I simply the victim of a spammer spoofing my address in the From field? How else would I double check to make sure there's not a virus on my machine sending these emails out?
Participate on our website and join the conversation
This topic is archived. New comments cannot be posted and votes cannot be cast.
Responses to this topic
The only thing is APK, I've had a few of the same things occur to me, however if you look/review the full headers of the affected email, they are passing through some other domain/network with just your spoofed email address as the sender.
Of course I can't fully discount back doors, spyware and the like but so far neither my anti-virus nor the latest AdAware refernce file has found anything. Also there are no extra apps/processes running on my machine to cause me to think otherwise
Of course I can't fully discount back doors, spyware and the like but so far neither my anti-virus nor the latest AdAware refernce file has found anything. Also there are no extra apps/processes running on my machine to cause me to think otherwise
So APK, do you think that the good folks at AdAware know about this kind of thing, as far as spyware goes that is ?!?
I'd like to think so, however who knows for sure :x
If there are apps like this then how is anybody going to know if they are running if they don't show up in the Task Manager, perhaps a third party process manager instead or a thread manager, or how about getting down to the opcode level and a machine language sniffer then 8)
Man I miss 68k M/L 4e75h
I'd like to think so, however who knows for sure :x
If there are apps like this then how is anybody going to know if they are running if they don't show up in the Task Manager, perhaps a third party process manager instead or a thread manager, or how about getting down to the opcode level and a machine language sniffer then 8)
Man I miss 68k M/L 4e75h
This is so simple. It is I would say 99.99999% not a virus or spyware. it's just spoofed email.
Email has NO security built into it. Any and every email program can sens as billgates@microsoft.com from any and every smtp server. A spammer is sending and typing youe email address in the send field. Nthing can be done about this except a revised mail protocol. What I see comng is everyone will have to register their email with their ISP, and the SMTP server will reject any from emails that are not on the list. (This will have to be one part of the solution) It will be a separate smtp server but will run on the same server during transition. This way legacy email suport will still function while people adopt the new secure method.
Email has NO security built into it. Any and every email program can sens as billgates@microsoft.com from any and every smtp server. A spammer is sending and typing youe email address in the send field. Nthing can be done about this except a revised mail protocol. What I see comng is everyone will have to register their email with their ISP, and the SMTP server will reject any from emails that are not on the list. (This will have to be one part of the solution) It will be a separate smtp server but will run on the same server during transition. This way legacy email suport will still function while people adopt the new secure method.
Quote:
Might very well be... but, I do see some NASTY ones on the job that operate like this as well, & make systems turn into email spam sending engines.
true that, however, these email spaming zomie engines do not forge the email from: the infected machine. All they do is install an open relay SMTP server. The sender(s) of the spam still send from: whoever@whatever.com. The point being, the location and identity of the infected SMTP zombie has nothing to do with the from file from an email! Spammers post san for smtp servers and send through them, or the SMTP zombies announce themselves on irc secret chans.
(However I said 99.999% because the rogue server COULD harvest the email address from its victoms machine, but it is unlikely. This draws unwanted attention to the smtp zombie. They don't want the host finding out its infected for as long as possible, and getting bounced emails raises flags.
Might very well be... but, I do see some NASTY ones on the job that operate like this as well, & make systems turn into email spam sending engines.
true that, however, these email spaming zomie engines do not forge the email from: the infected machine. All they do is install an open relay SMTP server. The sender(s) of the spam still send from: whoever@whatever.com. The point being, the location and identity of the infected SMTP zombie has nothing to do with the from file from an email! Spammers post san for smtp servers and send through them, or the SMTP zombies announce themselves on irc secret chans.
(However I said 99.999% because the rogue server COULD harvest the email address from its victoms machine, but it is unlikely. This draws unwanted attention to the smtp zombie. They don't want the host finding out its infected for as long as possible, and getting bounced emails raises flags.
I do run Ad-Aware every few days and get rid of anything it finds, I'm still getting these delivery failure notices daily but I'm fairly certain it's just some spammer spoofing my address. I've checked running processes, startup items and the whole 9 yards without finding anything suspicious. Die spammers.
Check out the failure delivery notices and look at the domains that the mail is being sent to.
Then email the admins of these domains and explain the situation and ask them to tell you the address/dns the the emails are originating from.
From there you can consider contacting the admins of the originating domain and tell them what is happening.
If you are lucky, you/they can trace the spammer's account to an ISP or a free mail server and have that account shut down.
Beyond that, I don't know.
Then email the admins of these domains and explain the situation and ask them to tell you the address/dns the the emails are originating from.
From there you can consider contacting the admins of the originating domain and tell them what is happening.
If you are lucky, you/they can trace the spammer's account to an ISP or a free mail server and have that account shut down.
Beyond that, I don't know.