weird e-mail hack

[oxygen]

Heres the info steve.milner


X-Apparently-To: [email protected] via 66.218.78.207; Mon, 15 Dec 2003 12:38:04 -0800
Return-Path: <[email protected]>
Received: from 220.226.40.105 (HELO alpha) (220.226.40.105) by mta144.mail.scd.yahoo.com with SMTP; Mon, 15 Dec 2003 12:38:02 -0800
From: [email protected]
To: [email protected]
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
X-Priority: 3
Content-Length: 136

[SDK]

You received a email from a SMTP server who was using ip address 220.226.40.105 (Who is now not responding). So it's probably a spam.

This is a spam method who forge the email source so it's the same the destination email address.

[bpiedlow]

Agreed - just common open-relay spam:

The fact that it shows "(HELO alpha)" very much matches the common methods of using an open relay email server.

Which as mentioned allows them to type in ANYTHING for the MAIL FROM address and they've just choosen to use the same thing as the RCPT TO line.

RRP

[lokes_ooty]

hi,
The problem to : & from: [email protected] .... is fake mail..
some websites are providing like "www.fakemailz.com"...or he will send through connecting ftp server in any of the mailserver
get the full header & find the system ip id ...
regards,
lok

[therenegade]

you sure it isnt a forgery?I mean..forging mail's easy plus there're a lot of programs out there that allow any script kiddie to forge mail..n yup...you'll have to have a peek at the headers to find out if it's been forget or not..I seriously doubt someone's hacked your password..wouldnt it be more logical for him to change it then?

[ShagDevil]

I'd also recommend reading up on Forged/Spoofed Email
Use PGP/Encryption if you're really worried about people snooping around your emails.

[moxnix]

Yes, I would say it is just spam:

Search results for: 220.226.40.105


OrgName: Asia Pacific Network Information Centre
OrgID: APNIC
Address: PO Box 2131
City: Milton
StateProv: QLD
PostalCode: 4064
Country: AU

ReferralServer: whois://whois.apnic.net

NetRange: 220.0.0.0 - 220.255.255.255
CIDR: 220.0.0.0/8
NetName: APNIC6
NetHandle: NET-220-0-0-0-1
Parent:
NetType: Allocated to APNIC
NameServer: NS1.APNIC.NET
NameServer: NS3.APNIC.NET
NameServer: NS.RIPE.NET
NameServer: RS2.ARIN.NET
Comment: This IP address range is not registered in the ARIN database.
Comment: For details, refer to the APNIC Whois Database via
Comment: WHOIS.APNIC.NET or http://www.apnic.net/apnic-bin/whois2.pl
Comment: ** IMPORTANT NOTE: APNIC is the Regional Internet Registry
Comment: for the Asia Pacific region. APNIC does not operate networks
Comment: using this IP address range and is not able to investigate
Comment: spam or abuse reports relating to these addresses. For more
Comment: help, refer to http://www.apnic.net/info/faq/abuse
Comment:
RegDate:
Updated: 2002-09-11

OrgTechHandle: AWC12-ARIN
OrgTechName: APNIC Whois Contact
OrgTechPhone: +61 7 3858 3100
OrgTechEmail: [email protected]

# ARIN WHOIS database, last updated 2003-12-26 19:15
# Enter ? for additional hints on searching ARIN's WHOIS database.

[xicepik]

I made a newsletter program and I used the "hidden cc" option to post mail to a list of persons. That's exactly what it's doing: The customer receives an email with the same From and To. So I don't think you should be afraid about it.

[UrikoOnFire]

hehehe I forgot how... but there's a way to track the mofo down somewhere through DOS I thinks.. =/

[Cybr1d]

lol, telnet, whois