What can you do if an infected computer is targeting you?
Results 1 to 7 of 7

Thread: What can you do if an infected computer is targeting you?

  1. #1
    Junior Member
    Join Date
    Jan 2003
    Posts
    5

    What can you do if an infected computer is targeting you?

    In the last little while I have been receiving a several different emails for two different targets. These emails seem to be very suspicious because they are from people who I don't know, but have legitimate email addresses, and always contain strange attachments (either .scr, .exe, .html, etc.).

    This is really starting to annoy me beacsue all of these emails are over 100k and are filling up my hotmail account. I know you can block a single email address with hotmail, but is it not the resposibility of the network admin to block obvious virus related attachments such as .scr and .exe? Am I completely helpless against these attacks or can you take further action to ensure that these types of email attachments are blocked at their source?

    Also, I know that in some cases the email addresses are spoofed, and I have checked the headers and they are coming from this server. Can they be held accountable if someone is spoofing email on their server (I know its not easy to stop)?

    Thanks for any info!

  2. #2
    Member
    Join Date
    Oct 2003
    Posts
    78

    Re: What can you do if an infected computer is targeting you?

    Originally posted here by growland


    This is really starting to annoy me beacsue all of these emails are over 100k and are filling up my hotmail account. I know you can block a single email address with hotmail, but is it not the resposibility of the network admin to block obvious virus related attachments such as .scr and .exe?
    No.. its not the responsibility of the network admin to do anything if its in your personal Hotmail account.. if it was a business account, yes.. Hotmail isn't his problem..


    Originally posted here by growland

    Am I completely helpless against these attacks or can you take further action to ensure that these types of email attachments are blocked at their source?

    Thanks for any info!
    Make a few e-mail boxes and start blocking everyone .. only give out your addy when absolutely necessary.. otherwise than common sense, there's not much you can do with a Hotmail account.. I'm assuming someone's going to drop in a post with a anti-spam program but those are worthless and overpriced..
    [pong][shadow]Why won\'t anyone give me greenies???[/shadow] [/pong]

  3. #3
    Junior Member
    Join Date
    Jan 2003
    Posts
    5

    Re: Re: What can you do if an infected computer is targeting you?

    Originally posted here by :-\


    No.. its not the responsibility of the network admin to do anything if its in your personal Hotmail account.. if it was a business account, yes.. Hotmail isn't his problem..
    Sorry for the confusion, but I am getting them in my hotmail account, but the source of the emails is from a private network (both Canadian Universities). Or are you saying it is the responsibility of the receiving mail server to do the blocking and not the sending server?

  4. #4
    Banned
    Join Date
    Apr 2003
    Posts
    1,147
    Before you start saying that an email is from this place or that place, make sure you have access to the email's complete internet header. If you use Outlook, open the email, select View, Options, and you will see a box at the bottom of the dialog that contains the entire header. Copy and paste this information into a Notepad or new email window and examine it.

    You may find that the information in the header doesn't necessarily match the information in the From: or ReplyTo: lines. The source IP of the mail will be in the header and you can use SamSpade (http://www.samspade.org/) to find the source domain with that IP.

    You may be surprised to find that the mail is coming from half-way around the world and there really isn't much you will be able to do about it.

    If the email is actually coming from said university, or another legitimate ISP, you can copy the notes and forward them to abuse@whatever.com or postmaster@university.edu.

  5. #5
    Senior Member
    Join Date
    Jul 2003
    Posts
    813
    I don't know how the deal goes in Canada [though I live here, I'm not in Univ yet] but it's a common practice for hackers to obtain univ accounts for different purposes. Although it's much more probable it's spoofed... and being a hotmail account, I'm amazed you just started receiving this kind of 'virus-spam'.. there was a major 'flood' in the winter and again in the spring, at least the ones I've been subjected to... good thing hotmail isn't my most important e-mail account, nor am I accessing it through Outlook...
    /\\

  6. #6
    Senior Member
    Join Date
    Aug 2001
    Location
    Calgary, AB Canada
    Posts
    140
    I agree with rapier57 here, this is what I do after it gets really annoying. You can usually spot the x-originating address which usually leads you to where it originated. I used to get a bunch of emails regarding fake diplomas for almost a year until I reported it. Within a week, it stopped and I haven't received any more since. It doesn't always work, as a few times the IP didn't show up in my email headers (i use hotmail too btw) but for the most part, you can see it. Here is the header of an email I sent from my Linux terminal:
    -------------------------------------
    MIME-Version: 1.0
    Received: from linux.local ([xxx.xx.xx.xxx]) by mc8-f33.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); Mon, 27 Oct 2003 21:39:19 -0800
    Received: by linux.local (Postfix, from userid 500)id CB8E13F4E8; Mon, 27 Oct 2003 23:40:40 -0700 (MST)
    X-Message-Info: JGTYoYF78jEtgzaPLUDTX0XCtOncEMlD
    Message-ID: <3F9E0F68.mail4EK1ISQMJ@linux.local>
    User-Agent: nail 10.3 11/29/02
    Return-Path: dave@linux.local
    X-OriginalArrivalTime: 28 Oct 2003 05:39:19.0925 (UTC) FILETIME=[D58E4250:01C39D15]
    ------------------------------------
    I turned my IP into x's just b/c i'm a little paranoid, but basically thats what you look for. (the line 'Received: from linux.local ([xxx.xx.xx.xxx])' Then as rapier57 said, go to http://www.samspade.org/ and look it up. It should give you information on the network the IP belongs to. Then look for the 'abuse@xxxxx.xxx' in which you can email. Be nice, quick, brief (they don't have time to read your ranting and raving ) and include the full email header.

    Of course blocking them all don't work, I know. They keep coming from new emails and you can only block so many addresses to begin with. I keep some of them in an 'evidence' folder if they aren't too big, just in case. I reported a number of times over the past 6 months and hardly ever get junk mail anymore. Maybe 2-3 messages a week? thats about it.

    Also, sometimes you can tell it came from a persons computer. I have had this happen a few times. (like bob@aol.com for example with some common virus, and NO I'm not picking on AOL, its just the last one I had, but it wasn't bob...) and all I did was email the user explaining they probably were infected, and after a week of emailing back and forth, they finally got rid of it.

    Hope I made sense, if I made any mistakes, please someone correct me. Its late and I'm barely thinking at all. If I didn't give u any info you were lookin for, please let me know!

    Take care,

    Dave
    Alcohol & calculus don't mix. Never drink & derive.

  7. #7
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    DISCLAIMER

    Before anyone gets excited about the e-mail addy..............I have it because I do not give a rat's a$$ what happens to their server. If this is a problem to anyone, might I suggest that you relocate?

    please send some copies of different mails to (that is forward them):

    leontrotskyREMOVEME@vol.vnn.vn

    This is not a joke. It is one of my addys, but I don't like to look at potentially nasty stuff on my local server

    You know enough to take out the "removeme" bit?........It is to stop spambots picking up the addy.

    Cheers & good luck
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides