stolen e-mail identidy

[oldguy]

My ISP Admin e-mailed me this morning and told me that my box has a virus.
They stated that I had sent them a e-mail and it had a virus payload
after updating and scanning my machine I found no prob's. So I called and was told that other people have the same problem.
My ISP is using apachie server and neo-mail, this guy is a friend of mine and wouldn't give me a hard time with out a professional reason.
Anybody else hear of this or any exploits like this, I would love to know who is using MY name and sending viruses to my ISP
HELP

[tampabay420]

Search for the exploits...

PacketSotrm.LinuxSecurity.com
Neworder.box.sk
etc...

Every once and a while i will search for exploits on my system. Haven't found any yet, but if i do- i know what to expect...

[pierreke77]

I dont know mutch about this sh*t ( still learning) but as far as i know , its really easy to send a fake mail under another one's e-mail adress , without really entering their e-mail box , tou prolly know that

but with some e-mail handlers like pine it is possible to find a e-mail ID , with that id you can look the sender's smtp server he used ...
maybe that will help

sincereley

[tampabay420]

pierreke77:: i know that some data (like ISP, IP, etc...) is sent with the email. Where/How do i find this information?

[waytallgel]

Well, Virii like Klez.H (I think) and Bugbear can take an email address out of your contact list use that in the from field of the email. So when it sends itself out it is actually using that email address so it becomes difficult to figure out who is sending it. So, if you were in someone else's address book then they could have sent a virus to your ISP with your name in the header. I think though that your ISP email address would also have to be in their address book too.

Greg

[nebulus200]

One thing that would be really helpful is if you ask your friend what virus was detected in the payload of the message. If you know that, you probably have your answer on what was responsible for the email being sent out.

/nebulus

[pierreke77]

Like is said you can retrieve these kind of information by using the a-mail handler pine ,
there you choose in rich text e-mail or standard , and then professional , pick the proffesional way , ant there they are .
Message id , the route that the e-mail has taken , ISP , SMTP - server used , e-mail program used etc...

sincerely

[oldguy]

Thank's for the info people, I have sent inquries to my isp and the other people who have had the same problem. when they get back to me i will let you know what all of the details are untill then I won't be using my home machine!!! seems there may be something there after all Mcafee and norton missed it so i went and bought OnTrack virus scanner pro with firewall and the scanner won't find it the firewall is going bats#&t and then locking up, so I may have a problem that hasen't been found by consumer scanners.

[nebulus200]

As a note oldguy, commerical scanners are able to find it otherwise your friends wouldn't have been able to tell you that you were sending out infected email. Perhaps the virus has disabled your AV software (yes it can do that), the last one I am aware of that acted like this was bugbear...

Reference here for more info.

/neb

[oldguy]

nebulus200 i checked the link out and ALL of the symptoms given are poping up on my machine. I no longer use mcafee av any body use OnTrack seems they just sold to another company and the product is not being supported right now( maybe later I hope)
my av is less than 8 hours old and had a 19.5 meg update but still missed whatever is wrong. Thanks again for the help