1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Question for Ramona

Discussion in 'Firefox, Thunderbird & SeaMonkey' started by retiredlearner, 2008/07/22.

  1. 2008/07/22
    retiredlearner

    retiredlearner SuperGeek WindowsBBS Team Member Thread Starter

    Joined:
    2004/06/25
    Messages:
    7,214
    Likes Received:
    514
    Hi Ramona, I just received an email in Thunderbird about an hour and a half ago which has me puzzled. It was headed "Angelina Jolle XXX video movie ". This was blued as in a link but the puzzling part is that it was sent from our email address to ourselves and purportedly by Microsoft because we had inquired about MSN (supposedly). How do I track back to find where this email came from? I'm treating this as a possible Trojan/Virus/Worm/Spam at the moment and will not open it. Thanks Neil.:confused:
     
    retiredlearner,
    #1
  2. 2008/07/23
    Ramona

    Ramona Geek Member Alumni

    Joined:
    2001/12/31
    Messages:
    7,481
    Likes Received:
    2
    Neil,

    Right click the message, but don't select anything from the context menu. Instead click on View | Message Source. The "Return path" will give you the sender.

    From - Mon Feb 25 14:38:13 2008
    X-Account-Key: account11
    X-UIDL: b6d86a5a451cb73be4a515123fe6a8ae
    X-Mozilla-Status: 0201
    X-Mozilla-Status2: 00000000
    X-Mozilla-Keys:
    Return-path: <InstantCheckIn@checkin.info.aa.com>
     
    Ramona,
    #2


  3. to hide this advert.

  4. 2008/07/23
    retiredlearner

    retiredlearner SuperGeek WindowsBBS Team Member Thread Starter

    Joined:
    2004/06/25
    Messages:
    7,214
    Likes Received:
    514
    Thanks Ramona. Hopefully I'll be able to report later on what I find. Neil.
     
    retiredlearner,
    #3
  5. 2008/07/23
    Ramona

    Ramona Geek Member Alumni

    Joined:
    2001/12/31
    Messages:
    7,481
    Likes Received:
    2
    Neil,

    Report spam to your IS, but never reply to SPAM message, or try to email the sender.
     
    Ramona,
    #4
  6. 2008/07/24
    TonyT

    TonyT SuperGeek Staff

    Joined:
    2002/01/18
    Messages:
    9,072
    Likes Received:
    400
    FYI:
    The return path does NOT necessisarily tell you who the Sender was. Nor can you always tell who sent the message when viewing the email headers. The Return Path and Sender IP address can be easily spoofed. In your case, for certain these data are spoofed (intentionally forged to hide the real sender).

    example:
    If view the Return Path in the below header from a spam I received you'll see "reilly@headersmallsniffed.com ". If one replies to this message that's where it will get sent. But the message actually came from a computer connected to Hurricane Electric, Inc. Internet Services and was assigned this IP address by Hurricane: 65.49.41.42, supposedly sent from this address: yar09.yardhallaffect.com.

    However, yardhallaffect.com is a domain used specifically for spam, there is no site there. It is hosted by this company: http://easymight.com/ which is specigically a spam/advertising company.

    From the header below one cannot be certain just WHO sent the message. More than likely it was sent from a compromised computer (malware/viruses) or an employee at some place is trying to make a few extra bucks by sending spam promotions.

    I coule easily send you an email that appears to have been sent by YOU, not me. Header info in the message can be spoofed.

    Code:
    From - Wed Jul 23 22:44:26 2008[FONT=monospace]
[/FONT]X-Account-Key: account4
X-UIDL: <MTEyMTY4NDQ5NTQ=@Omni>
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:                                                                                 
Return-Path: <reilly@headersmallsniffed.com>
Received: from eastrmimpi01.cox.net ([68.1.16.117])
          by eastrmmtai104.cox.net
          (InterMail vM.7.08.02.01 201-2186-121-102-20070209) with ESMTP
          id <20080723203129.CBEY6220.eastrmmtai104.cox.net@eastrmimpi01.cox.net>
          for <MY-EMAIL-ADDRESS-REMOVED@cox.net>; Wed, 23 Jul 2008 16:31:29 -0400
Received: from yar09.yardhallaffect.com ([65.49.41.42])
	by eastrmimpi01.cox.net with IMP
	id tYXK1Z05C0uak4H01YXU15; Wed, 23 Jul 2008 16:31:29 -0400
X-VR-Score: 177.00
X-CM-Score: 0.00
Received: by yar09.yardhallaffect.com id hguaa80c9eo4 for <MY-EMAIL-ADDRESS-REMOVED@cox.net>; Wed, 23 Jul 2008 13:29:14 -0700 (envelope-from <Reilly@headersmallsniffed.com>)
Date: Wed, 23 Jul 2008 13:29:14 -0700
To: MY-EMAIL-ADDRESS-REMOVED@cox.net
From:  "ScholarshipOffe "<Reilly@headersmallsniffed.com>
Subject:  Project working moms putting education to work!
Message-ID: <MTEyMTY4NDQ5NTQ=@Omni>
x-status: dG9ueXRAY294Lm5ldA==
Content-Type: text/html; charset=us-ascii
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 8bit
     
    Last edited: 2008/07/24
    TonyT,
    #5
  7. 2008/07/24
    retiredlearner

    retiredlearner SuperGeek WindowsBBS Team Member Thread Starter

    Joined:
    2004/06/25
    Messages:
    7,214
    Likes Received:
    514
    Ramona, my most common action to Spam which gets past IS Shift > Delete. I get at least 3 Nigerian scam emails per week and apart from reading and getting a laugh, Shift > Delete works overtime. My son is quite PC savvy and works for a large Australasian Bank Group as Credit Card Fraud and Analysis Tech - so I get the right advice with regard to care and handling, so rest assured I never click on links or answer or uninstall. Thanks for the reminder. Neil.:D
     
    retiredlearner,
    #6
  8. 2008/07/24
    Westside

    Westside Inactive Alumni

    Joined:
    2003/03/30
    Messages:
    4,506
    Likes Received:
    14
    Neil,
    may I assume that your ISP has no Spam Controls? I have Cox cable, and they do have spam controls, so a lot of junk is stopped there. Occasionally, I get some e-mails which so sneaky that they fool their antispam, but I can tell apart them from legit message. Then I forward the messages to Cox, and, I have yet to see a similar message again.
    My Junk Mail settings are to send to Trash, so I have little to do to take care of the situation.
     
    Westside,
    #7
  9. 2008/07/24
    Ramona

    Ramona Geek Member Alumni

    Joined:
    2001/12/31
    Messages:
    7,481
    Likes Received:
    2
    Neil,

    Good to hear that you are savvy to SPAM treatment. You can't beat good old Shift+DEL, and Compact! :D
     
    Ramona,
    #8
  10. 2008/07/24
    retiredlearner

    retiredlearner SuperGeek WindowsBBS Team Member Thread Starter

    Joined:
    2004/06/25
    Messages:
    7,214
    Likes Received:
    514
    Tony T, Thanks for your excellent reply and explanation. There are obviously some very smart "cookies" out and I suppose the bottom line is $$$ and no conscience. We recently had a 17 year old prosecuted in court in NZ and (slapped over the hand with a wet bus ticket by a magistrate) as he had been detected as one of a group who were causing millions of $'s damage world wide hacking, and now the NZ Police want to use him and his skills to help in their Fraud Unit.:confused:
    Westside, Telecom NZ ran the ISP as xtra.co.nz, then they did a deal with Yahoo who now are the ISP combo. Since the arrangement was put in effect, there have been many complaints about the amount of Spam/Spoofs/cons etc. that are coming into mail boxes despite assurances that they have Filters in use. I currently run Avast AV, Comodo Pro (Firewall) Win Defender, Spybot Search and Destroy and as I said to Ramona I use Shift > Delete plenty. Thanks for the replies Neil.:D
     
    retiredlearner,
    #9

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...