Page 1 of 2 12 LastLast
Results 1 to 10 of 19

Thread: email question

  1. #1
    Junior Member
    Join Date
    Mar 2004
    Posts
    8

    email question

    I've been getting virus infected mails on a daily basis for many weeks, all aparently from different senders, some genuine (if I google the address shown) some probably not.

    reading the headers they're all coming from the same IP during weekdays, often another at weekends, both seem fixed IP's. From what I've read the IP shown identifies a particular computer logged onto a network so cannot be from different people

    just curious as to how it's possible for these to be coming from so many different people, but apparently all from the same IP?

    not a huge problem as I have no intention of ever opening any of them, I would like to find out who is behind it as I'm convinced it's someone deliberately targeting me which has happened before, and forced me to close another email account.

    sorry if this in the wrong place, wasn't sure where to post.

  2. #2
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    Most likely the email address is spoofed. The IP being the same on the weekdays sounds like a laptop that is moved from work to home and back again.

    I've unfortunately had a bit too much experience with this as a user at my work evidentally has this and nothing I do can convince my email admin to put a block on the IP so the user might get a clue.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  3. #3
    Junior Member
    Join Date
    Mar 2004
    Posts
    8
    The IP being the same on the weekdays sounds like a laptop that is moved from work to home and back again.
    ah, that makes a lot of sense.

    After doing a little searching about tracking IP's I have been able to submit abuse reports to the relevant ISP but I feel like it's probably a waste a time, although from what I understand it should possible to trace the user.

    thanks for quick reply, I guess deleting the account is the only way to go

  4. #4
    Senior Member
    Join Date
    Mar 2003
    Posts
    452
    Is the subject line the same on all of the emails? You might not have to remove the account, if it's important to you. You could propably just as well, filter the subject line, sender, specific words in the body.

    Also, you might want to look @ getting a decent antivirus, so it can help you mitigate that threat of viruses.


    --PuRe
    Like this post? Visit PuRe\'s Information Technology Community. We\'ve also got some kick ass Technology Forums. Shop for books and dvds on LiveWebShop.com

  5. #5
    Junior Member
    Join Date
    Mar 2004
    Posts
    8
    have anti virus, and setup outlook to filter the body text so they go straight to the bin, it's just the fact that it's very annoying as it seems to be one person...

    shouldn't let it bug me, but it does

  6. #6
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hi,

    1. What is the name of the virus?

    2. Do you recognise any of the "senders"?

    I think that MsM has a good call with the dockable laptop scenario...........the person sending them might not even be aware?

    3. Are there any CC. addresses and do you recognise any of them?

    Obviously, if you are in the address book of an infected computer you will keep getting them, particularly if it is a private address book (fewer entries than a corporate one).

    A fixed IP (all of the numbers) would suggest a corporate network, or a cable/satellite connection?

    Cheers

  7. #7
    HeadShot Master N1nja Cybr1d's Avatar
    Join Date
    Jul 2003
    Location
    Boston, MA
    Posts
    1,840
    I've been getting a lot of them lately too and one of them was from Cheyenne lol. I dont know whats going on but I'm currently working with the OIT department at my school to figure out the headers of the email. All the senders are different...but I'm thinking that it could have something to do with the Email provided to us by theBBGN *which hosts our website/gameserver*. I'll get back to you if I find out some more information. Right now I have to get the headers first...then have cheyenne contact BBGN and they'll see if its theirs. I never used to get viruses on my school's email until we setup the website lol. The viruses are automatically deleted by the school's AV, but it attaches a text file saying that the file was deleted because it was suspicious of being a virus.

    Cheers,

  8. #8
    Junior Member
    Join Date
    Mar 2004
    Posts
    8
    1. What is the name of the virus? IWorm NetskyD

    2. Do you recognise any of the "senders"? No, it seems completely random, some are genuine company contacts that can be found on the net, others are just jumbled up letters eg. vnxetgbfgkxgx@yahoo.com.

    I think that MsM has a good call with the dockable laptop scenario...........the person sending them might not even be aware? I guess that is possible but I dont see how they would appear to be all from different senders with same IP unless that person was deliberately trying to conceal their idenity??

    3. Are there any CC. addresses and do you recognise any of them? No, none at all.

    I used to be involved with gaming websites and have been targeted before, I suspect this is a result of that and they've somehow got hold of my home e-mail (probably me not being careful enough ) Although am starting to think this is someone I know as many of the "addresses" appear to be from my local towns council and other organisations which I've had no contact with.

    I hope if I submit enough abuse reports they'll look into it.

    I've also been using various tools to trace the two IP's, using lookup on tjping i get the following...

    Official Name: cpc2-stev2-4-0-cust69.lutn.cable.ntl.com

    Official Name: cpc3-hatf2-6-0-cust92.lutn.cable.ntl.com

    am not certain but am guessing the "stev2" and "hatf2" apply to two local towns? (Stevenage & Hatfield) strange coincidence if it doesn't.

    is all very odd, but am determined to get to the bottom of it.

  9. #9
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    I guess that is possible but I dont see how they would appear to be all from different senders with same IP unless that person was deliberately trying to conceal their idenity??
    There are viruses out there that will randomize who it's sent from. Some will just use info in the address book, other just create them out of a random list provided by the virus writer. It's not a hard thing to do.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  10. #10
    Junior Member
    Join Date
    Mar 2004
    Posts
    8
    so it could be someone I know, but they dont know they're doing it......

    some of it doesn't make much sense to me, but at least there's a chance it's not malicious.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •