My wife just received a email from my email address with a ".exe" file attached. I DID NOT SEND IT TO HER. It did disabled her Norton AV system works. It came with my "email name" NOT my real name, which I have my email set up to do. (at least I thought I do, going to check after this post)

Has someone hacked my system or my email address?

HOW do I trace it back to whom did this??? Wife deleted the email, (yeah I know she shouldn't have)

I have sent email to all my contacts not to accept anything from me with that name or .exe files attached.

Need some help here !!! Never had anything happen like this before.

ALL ADVICE WELCOMED!!!!

Thanks

you can view ALL HEADERS then see the gateways and servers it went passed by before your wife received it

if you deleted the message you wont be able to do that anymore

:t

She deleted it after I told her it wasn't from me. I know she shouldn't have but....... better safe than sorry!!

I have contacted my ISP and notified them of what going on. Several friends have said that they will forward it back to me if they get one. SO I still may get the chance to find them.

Thanks Allgamer.:t

Rite now you should run an updated av scan just in case and maybe a trojan scanner as well

http://swatit.org/download.html since that executable may give the hacker his way in.

I have a similar problem with hijacked email. my yahoo mail account, that i've had for 5 years now, recently recieves strange messages. I get a few emails from people asking me to remove them from my list, some people very irate. one had attached the email that "I" had sent, an ad for some porn not surprisingly. I see in the from header my email address, but of course I didnt send it. the first time i got one of these "REMOVE ME" emails, I ran virus scan on full and came up empty. Ran adaware and found a couple things that I can't remember now. I use web email like yahoo because I try not to be a target for spammers.


Anyone have any idea how they (spammers) use my email address in their from header?

Anyone have suggestions on action to take besides close that email address? (I had it first, why should I give it up)

DOnt know how they do it. But I do know they can send a email that looks like it comes from any email address they want. ;)

that's call mail Spoffing

and it's the simplest thing to do

even a kid can do it

ok make that a smart kid :p

:t

Originally posted by AllGamer
that's call mail Spoffing

and it's the simplest thing to do

even a kid can do it

ok make that a smart kid :p

:t

Can you explain a little ?

well obviously it can be done, otherwise i wouldnt have the problem. any ideas on how to UNdo it? or should i just wait a few years until they pick some other poor sap to spoof?

I have ran Noton System works and updated Norton AV...Nothing

Ran Trojan Remover....nothing

Reinstalled Norton System Works on my wifes system and updated and ran full system scan...nothing. Her system seem to be fine now.

I'm going to run that SWAT IT trojan program that RangerAl gave me a link to and see if I can find something there.

Haven't run Adaware, yet, but will as soon as I finish posting this.

Thanks guys. Just hope they try it again so I can "hopefully" trace it back and catch the BAST......S


Thanks:t

You can waste a lot of time trying to catch that loser. I've recieved probably hundreds of virus mail and other nasty grams. I just delete them and get on with life. I don't use any AV programs but do run a firewall. My ISP provider now handles AV and spam quite effeciently. I probably don't even need a firewall anymore. And honestly I have never infected any computer I owned with a viris or worm that I know about since I first got on line way back in 1991.

I get spam from myself all the time :p

Originally posted by sm8000
I get spam from myself all the time :p

LOL :r

you sure are a Masorquist :p

:t

Originally posted by sm8000
I get spam from myself all the time :p

Well quit sending spam then. :p

Well I ran "Swat it" my both my wifes and my systems...nothing.
So I have no viruses and no trojans any where. I also ran Adaware and cleaned out a few cookies too.

I did get a message from my ISP and they said that they can't do much about it. They suggested that I change my email address. I really don't want to go through that mess again. So I'm not emailing anything to anyone for about a week and see if anything comes up. Everyone has been instructed to forward anything that come to them from me back to me.

Oh well...

Thanks guys!!!
:t

I did get a message from my ISP and they said that they can't do much about it.

And if you believe that, I know where there is a bridge for sale for cheap. :p They are playing you like just another fish on the hook.
Maybe, they are the ones making beer money off your E-mail address?


:eek:

WHAT !!!???!!!!:eek:

And not invite me.....those scumbags..........just hope it's not cheap beer;)

here's another Hijack
http://www.sysopt.com/forum/showthread.php?s=&threadid=136698

some good info re: Mail abuse filters

:t

Originally posted by TweakerXP
WHAT !!!???!!!!:eek:

And not invite me.....those scumbags..........just hope it's not cheap beer;)

If it is true, I would hope it is cheap **** and they all get Montezuma's revenge.

Just to let anyone know.......We got a virus at work, the office manager checked an email in the preview pane and unleashed a version of the Klez I\worm. Funny thing is, it instantly disabled the resident AV (Grisoft AVG).
Within minutes, we were recieving e-mails with twisted versions of names from our own address books, all with different titles and attachments. NAV picked them up instantly, and stopped that particular spread through the .wab listings. Then, we started getting mail from ISP's that returned the mail back to us due to infection...thank goodness!
Riding it's back (KLEZ) was another (ILKORN?) worm. It corrupted files in all programs that had .htm, .html, .doc, and .txt. Which effectively crashed our business program, databases, quickbooks, shut down the network, and creatd four hours of general havoc!
The gist of this distressing tale? If you don't know the sender...don't touch. And please shut down the preview panes! That nasty little sucker did a whole lot of damage in a few minutes! I now understand how viruses cost businesses 200 Billion dollars a year.
BTW..I educated the office manager as I was cleaning the network. She's not allowed to use the business as her own e-mail service anymore:p

Um, for the clueless here...look up Klez, etc.

The machine sending these mails is infected with a worm and the "sender" does not know he/she is sending them.

Your isp isn't going to do anything about it.

Do you think isp's have the resources to hunt down everyone who is infected?

belgarath16, there has been a patch for the preview pane issue for quite some time now...like two years.

Well, so far I haven't sent out any emails to anyone, since this first happened. No one has received anything from that email address either, that I know of.

Ran Trojan scans and AV scan with Norton. Both still comes up empty. I'm going to give it a couple more days and then start answering emails again.

Thanks:t

mpc2 is correct. The virus is on someone else's computer, not yours. That someone has your email address in their contacts. The best you can do is to advise everyone who may have your email address in their contacts to virus scan their systems. Have them pay special attention to the instructions for eliminating the virus. It's most likely disabling their anti-virus tools and reinstalling itself at every startup. The process to eliminate it can be complicated and time consuming.

good luck

read THIS (http://packetstormsecurity.nl/0305-exploits/hotmailpassport.txt)

It is easy to spoof mail addresses. The Klez virus mentioned before does this. It looks at the Windows Address Book or Outlook cantact list. It then picks a name as the sender and a name to receive the virus. It creates a mail message with a random subject and random contents and attaches itself to the mail. It hopes to spread itself this way.

You can spoof a mail address from and SMTP server that does not prevent sending from specific addresses. An attacker/hacker/virus/whatever only needs to send packets to the mail servers SMTP port and the server does the rest. We have all of our mail servers set up to only send mail from our registered domian. It prevents spoofing. It is a simple step to take, but many new admins to not do it. Configuring sendmail is tedious to someone who has never done it.

I have tested sending these spoofed messages to my self and my family memebers. I have made it look like my address is someone@microsoft.com, someone@cisco.com and others. It is easy to do.

Configuring sendmail is tedious to someone who has never done it.
Now we're getting to the root of the problem. The other one is money. The simple fact is that your ISP provider is a cheapskate and as I said before you are just a fish on a hook.