Strange e-mail question...
Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: Strange e-mail question...

  1. #1
    Junior Member
    Join Date
    Jun 2006
    Posts
    17

    Question Strange e-mail question...

    Hi Everyone!

    I'm a newbie with a strange e-mail question. When I checked my gmail yesterday, I had a strange message which said it was sent by me, and I didn't send it. It wasn't just my display name disguising spam sent from somewhere else - it was my e-mail address in the brackets <>. In the suject line was written 557 and in the body 969. Does anyone know what the heck this could be? I haven't given my e-mail password out, and I've since changed it and deleted all the saved passwords in Firefox. I have Norton security with a firewall and do regular virus checks. I also have Lavasoft's Adaware and run scans regularly. Neither program came up with anything. I'm baffled and wondering if someone's gotten into my computer.

    Thanks!
    Sandy

  2. #2
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    Do you still have the header records from the e-mail? If so, post them here for us to look at. "X" out any private info (eg. your e-mail address).

    Cheers:

    /edit

    Check that, this was just posted at SAN's:

    Published: 2006-06-06,
    Last Updated: 2006-06-06 12:31:16 UTC by Swa Frantzen (Version: 1)

    A new twist in spammer tactics is being reported, although we're not sure what their goal is at the moment.

    Users report receiving messages apearing to originate from themselves, with only numbers as subject and body.

    The body does apears to be HTML encoded, but it's so basic as to not pose a threat so far.
    Chalk it up as spam.

    Link
    DjM

  3. #3
    Banned
    Join Date
    Apr 2003
    Posts
    1,146
    Just for a quick answer: you probably don't have someone getting into your computer. The email, as SPAM, was likely generated by a virus on an infected machine that had your email address in the local address book.

    Of course, it could still be your machine. There are a number of things that cannot be detected from a regular scan. I suggest that you reboot your system and go to SafeMode with networking (press F8 during the reboot and make the selection from the menu). Run your AV scans and spyware scans from this mode. Make sure your software is up to date (that's why with networking).

    You might also want to download, install and run SpyBot to give you a second opinion of your system. Adaware can miss some things, as any spyware tool can. Always good to have more than one. If your scans find anything, you may want to have Hijackthis take a look at your system too. Google SpyBot and Hijackthis to find those tools.

    If you post the mail header, as DjM suggested, we can look over things.

  4. #4
    Junior Member
    Join Date
    Jun 2006
    Posts
    17
    Here's the info:

    X-Gmail-Received: f67d9333f3e0dbf09c967850e56f33f0407fafb1
    Delivered-To: (my e-mail address)@gmail.com
    Received: by 10.35.113.9 with SMTP id q9cs8190pym;
    Mon, 5 Jun 2006 10:35:11 -0700 (PDT)
    Received: by 10.37.21.52 with SMTP id y52mr6690537nzi;
    Mon, 05 Jun 2006 10:35:11 -0700 (PDT)
    Return-Path: <(my e-mail address)@gmail.com>
    Received: from terri.org (mail.satevepost.org [207.250.213.206])
    by mx.gmail.com with SMTP id 7si7831570nzn.2006.06.05.10.35.11;
    Mon, 05 Jun 2006 10:35:11 -0700 (PDT)
    Received-SPF: neutral (gmail.com: 207.250.213.206 is neither permitted nor denied by domain of (my e-mail address)@gmail.com)
    Date: Mon, 05 Jun 2006 12:29:37 -0600
    To: "Ghostowl" <(my email address)@gmail.com>
    From: "Ghostowl" <(my e-mail address)@gmail.com>
    Subject: 557
    Message-ID: <ppxjokwbkcpkjajjeqn@gmail.com>
    MIME-Version: 1.0
    Content-Type: text/html; charset="us-ascii"
    Content-Transfer-Encoding: 7bit

    <html><body>
    969

    <br>
    </body></html>

    I see now that this came from somwhere else, although my address is in the From field. Does anyone know what this is or what it means? I found it rather alarming!

    Thanks so much for helping a newbie!
    Sandy

  5. #5
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    Check my edited post above.

    Cheers
    DjM

  6. #6
    Junior Member
    Join Date
    Jun 2006
    Posts
    17
    Thanks for the help, DjM! I really appreciate it.

  7. #7
    Senior Member
    Join Date
    Sep 2005
    Posts
    221
    Here, I got one too.

    X-Gmail-Received: e0f081065a139637b3bd86541b9d11c70498f080
    Delivered-To: XXXX@gmail.com
    Received: by 10.78.68.9 with SMTP id q9cs72456hua;
    Tue, 6 Jun 2006 01:39:14 -0700 (PDT)
    Received: by 10.67.25.9 with SMTP id c9mr4249197ugj;
    Tue, 06 Jun 2006 01:39:14 -0700 (PDT)
    Return-Path: <XXXX@gmail.com>
    Received: from s2b7x1.org (c1-87-2.vbp.dial.mweb.co.za [196.23.244.87])
    by mx.gmail.com with SMTP id s1si6716497uge.2006.06.06.01.39.08;
    Tue, 06 Jun 2006 01:39:14 -0700 (PDT)
    Received-SPF: neutral (gmail.com: 196.23.244.87 is neither permitted nor denied by domain of XXXX@gmail.com)
    Date: Tue, 06 Jun 2006 10:39:06 +0200
    To: "XXXX" <XXXX@gmail.com>
    From: "XXXX" <XXXX@gmail.com>
    Subject: 1545453
    Message-ID: <ceptcibywugnulxgcix@gmail.com>
    MIME-Version: 1.0
    Content-Type: text/html; charset="us-ascii"
    Content-Transfer-Encoding: 7bit

    <html><body>
    969

    <br>
    </body></html>
    Definitions: Hacker vs. Cracker
    Gentoo Linux user, which probably says a lot about me..
    AGA member 14460 || KGS : Trevoke and games archived

  8. #8
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    I wonder if it's a test to see what generated emails actually match to valid emails. The body, a number, wouldn't be enough to trigger most spam detection sites I suspect and it would appear harmless enough to receive. But because it doesn't bounce, it could mean an email address to add to a spammer's long listing of addresses.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  9. #9
    Senior Member
    Join Date
    Oct 2001
    Posts
    748
    We are seeing these emails as well. I'm a member on the alert lists at messagelabs and they are seeing a ton of these. More than likely it is either a new virus that has a bad payload, or a precursor to a spam attack.

    Messagelabs starting reporting on it at 5am this morning. I saw the first one yesterday. The headers don't really show anything other than it is spoofing the sending info.

  10. #10
    Top Gun Maverick811's Avatar
    Join Date
    Oct 2001
    Posts
    852
    First one showed up here at my work today as well...

    I'm very curious to see what the point of this one is - just hoping it's not a precursor to a broader attack...


    EDIT:
    Is everyone that is seeing these seeing '969' as the body but a random number as the Subject?
    - Maverick

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •