stolen e-mail identidy

Printable View

October 17th, 2002, 05:35 PM
oldguy

stolen e-mail identidy

My ISP Admin e-mailed me this morning and told me that my box has a virus.
They stated that I had sent them a e-mail and it had a virus payload
after updating and scanning my machine I found no prob's. So I called and was told that other people have the same problem.
My ISP is using apachie server and neo-mail, this guy is a friend of mine and wouldn't give me a hard time with out a professional reason.
Anybody else hear of this or any exploits like this, I would love to know who is using MY name and sending viruses to my ISP
HELP
October 17th, 2002, 05:48 PM
tampabay420

Search for the exploits...

PacketSotrm.LinuxSecurity.com
Neworder.box.sk
etc...

Every once and a while i will search for exploits on my system. Haven't found any yet, but if i do- i know what to expect...
October 17th, 2002, 05:49 PM
pierreke77

I dont know mutch about this sh*t ( still learning) but as far as i know , its really easy to send a fake mail under another one's e-mail adress , without really entering their e-mail box , tou prolly know that

but with some e-mail handlers like pine it is possible to find a e-mail ID , with that id you can look the sender's smtp server he used ...
maybe that will help

sincereley
October 17th, 2002, 05:52 PM
tampabay420

pierreke77:: i know that some data (like ISP, IP, etc...) is sent with the email. Where/How do i find this information?
October 17th, 2002, 05:59 PM
waytallgel

Well, Virii like Klez.H (I think) and Bugbear can take an email address out of your contact list use that in the from field of the email. So when it sends itself out it is actually using that email address so it becomes difficult to figure out who is sending it. So, if you were in someone else's address book then they could have sent a virus to your ISP with your name in the header. I think though that your ISP email address would also have to be in their address book too.

Greg
October 17th, 2002, 06:24 PM
nebulus200

One thing that would be really helpful is if you ask your friend what virus was detected in the payload of the message. If you know that, you probably have your answer on what was responsible for the email being sent out.

/nebulus
October 17th, 2002, 07:19 PM
pierreke77

Like is said you can retrieve these kind of information by using the a-mail handler pine ,
there you choose in rich text e-mail or standard , and then professional , pick the proffesional way , ant there they are .
Message id , the route that the e-mail has taken , ISP , SMTP - server used , e-mail program used etc...

sincerely
October 17th, 2002, 08:03 PM
oldguy

Thank's for the info people, I have sent inquries to my isp and the other people who have had the same problem. when they get back to me i will let you know what all of the details are untill then I won't be using my home machine!!! seems there may be something there after all Mcafee and norton missed it so i went and bought OnTrack virus scanner pro with firewall and the scanner won't find it the firewall is going bats#&t and then locking up, so I may have a problem that hasen't been found by consumer scanners.
October 17th, 2002, 08:07 PM
nebulus200

As a note oldguy, commerical scanners are able to find it otherwise your friends wouldn't have been able to tell you that you were sending out infected email. Perhaps the virus has disabled your AV software (yes it can do that), the last one I am aware of that acted like this was bugbear...

Reference here for more info.

/neb
October 17th, 2002, 08:22 PM
oldguy

nebulus200 i checked the link out and ALL of the symptoms given are poping up on my machine. I no longer use mcafee av any body use OnTrack seems they just sold to another company and the product is not being supported right now( maybe later I hope)
my av is less than 8 hours old and had a 19.5 meg update but still missed whatever is wrong. Thanks again for the help
October 17th, 2002, 08:36 PM
nebulus200

Did you try the removal tool provided by AVERT on that link (towards the bottom of the page)? Remember, your AV may be useless until you get that thing removed so don't trust a no results ...

/nebulus
October 17th, 2002, 08:40 PM
geepod

i am sure you all know this but it is easy to send email using someone elses identity just through telnet.

Telnet into the smtp port of a mail server (hundreds out there ) e.g mail.btinternet.com mail.virgin.net etc etc then usiong simple smtp commands such as rcpt to, mail from and data etc you can say who it is going to and who from !!

This is well old and well documented as i am sure people will flame me for !!
October 17th, 2002, 08:40 PM
oldguy

not yet I am In adv. spead sheets class at the moment but as soon as I get home i will
October 17th, 2002, 08:50 PM
|The|Specialist

It sounds like you have a worm. Unplug the computer from its internet connection and scan.. scan... scan... If you can't detect a worm or whatever then someone may be spoofing your address with some type of re-mailer.
October 17th, 2002, 08:51 PM
oldguy

sorry if some of my questions seem foolish but I am just a little behind the curve (whoa tons ) with some of this stuff
Please dont flame anybody who is trying to help they know a rookie when they see one
thanks again
October 17th, 2002, 10:45 PM
nebulus200

As a last note, please let us know what happens when you run the bugbear removal tool. I am very curious if this is the culprit...

/nebulus

All times are GMT +1. The time now is 07:49 PM.