December 12th, 2003, 08:29 PM
Return Path Problem. Urgent.
Hi--a friend of mine thinks that his computer e-mails are being hacked into by virture of the fact that the person doing the hacking always seems to know what his e-mails say.
Today, I sent him an e-mail from my home, and for the first time ever there was a return path. Not only that,but it seems suspious. Can you please tell me what some of these terms mean--like " Albatross Mail", and if it seems that his mail is being routed to someone else who is reading it.
He is on earthlink. I'm on aol.
Here is the path:
Received: from rly-yb04.mx.aol.com (rly-yb04.mail.aol.com [172.18.146.4]) by air-yb04.mail.aol.com (v97.10) with ESMTP id MAILINYB44-19a3fd7aab7353; Wed, 10 Dec 2003 18:23:03 -0500
Received: from albatross.mail.pas.earthlink.net (albatross.mail.pas.earthlink.net [126.96.36.199]) by rly-yb04.mx.aol.com (v97.10) with ESMTP id MAILRELAYINYB410-19a3fd7aab7353; Wed, 10 Dec 2003 18:22:31 -0500
Received: from user-12hdpl0.cable.mindspring.com ([188.8.131.52])
by albatross.mail.pas.earthlink.net with esmtp (Exim 3.33 #1)
for EVAINK@aol.com; Wed, 10 Dec 2003 15:22:30 -0800
Date: Wed, 10 Dec 2003 19:22:26 -0400
Subject: Re: No Subject
From: Red Suydam
December 12th, 2003, 08:33 PM
There's nothing unusual about the "albatross" mail. It's the name of the SMTP server run by Earthlink (which merged with Mindspring in 1999/2000). Has your friend looked for things like:
- access times (when email was last accessed)
- keystroke loggers
Is the "attacker" someone at his house or is this a remote unknown person?
December 12th, 2003, 08:35 PM
Tell him to change his password. The account may have been hijacked. Also, the message headers don't mean a whole lot, since we don't know which are yours, his, and possibly a third partys. However I can tell you that Earthlink bought Mindspring some time ago, but left the servers online for existing Mindspring customers.
Thats why it appears to have a third party intercept.
December 12th, 2003, 08:36 PM
Another question is, is he always accessing this email from the same computer or from different locations? You say he is on earthlink, I would think it might be a good time for him to CHANGE his password. It is good practice to change your passwords often. Sounds kinda to me like he may be using something obvious so tell him to change it and use varying characters/numbers and letters. Definitely follow msmittens other suggestions, check for spyware, viruses, keyloggers and the sort
edit: sbg just seems to type faster than me
Duct tape.....A whole lot of Duct Tape
Spyware/Adaware problem click
December 12th, 2003, 08:57 PM
This is a header for a message sent from him to you it appears. Not a message from you to him. And all messges have the return path and things like that in their header... you just normally don't see it.
What does this say? Well... It was sent from his Macintosh using outlook express at 3.22pm (in his timezone) via a cable modem. The first machine to see it was a mindspring (earthlink) machine, who sent it on to another earthlink machine who then sent it to an aol machine which sent it to the aol machine that stores your email. Doesn't look like any intercept in there as that is the shortest possible path.
\"Ignorance is bliss....
but only for your enemy\"