An odd (most likely not) problem

Discussion in 'Trojan Defence Suite' started by blean1, Mar 2, 2005.

Thread Status:
Not open for further replies.
  1. blean1

    blean1 Registered Member

    Joined:
    Jan 12, 2005
    Posts:
    5
    I have an ongoing problem. A friend of mine insists I'm sending him infected email. He's an MSCE, so I believed him. However, I've run scans on this pc (yes, which I only use for email), and found nothing. He told me "every email I get from you has YOUR NAME, A BLANK SUBJECT LINE, AND INCLUDES AN ATTACHEMENT.(I know this was an exaggeration, as we correspond frequently). I had no idea what he was talking about. Until the day before yesterday...I received an email that what was close to my email addy, and it did indeed have no subject line and came with an attachment. I checked my Outlook Express address book, and I don't have that address in there. It looks like it came from me. I ran a visual trace on it, and it looks like it came from the Seattle area. I don't know anybody in Seattle. Not that that matters. I immediately deleted the email, and it's currently in the "deleted items" file. Is there any among you I could send it to? To take a look at? If I have a trojan I can't find, I certainly don't want to infect anybody else. If anyone can help, I'll need info on how to send the email so they can examine the headers and determine the true origin. If it is me, I'll wax this system and start over. My concern is to not compromise anybody else.
    Thanks.
     
  2. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi there!
    Your friend could save the email with attachment outside the email client, say a separate folder and scan it from there. If you know what you're doing you might like to save the attachment separate from the email for easier scanning. Most probably one of the current internet infections.
    The adresses are harvested, generated, whatever, you might even get them yourself with yourself as a sender. You could have for instance blean1_at_yahoo.com blean_at_aol.com etc etc, just generated.
    It has nothing to do with you, your friend should be very careful with those emails.
    Maybe you can in your email client add something extra like
    "Blean123" <myname _at_mydomain> so your friend might know it is most probably your real email.
    Good luck!
     
  3. blean1

    blean1 Registered Member

    Joined:
    Jan 12, 2005
    Posts:
    5
    Thank you so much, Jooske. I was getting sick over this.

    :-*
     
  4. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    Natural reaction :). I have a had few of those too. Always turns out to be someone else with a compromised address book. If you study the e-mail header, you can often identify the source.

    Nick
     
  5. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    How do you think i felt receiving spam from some illigal anti-security software sent by myself many years ago? Came to the same conclusions.
    In lots of cases there is no use finding out the IP and sender as those are spoofed anyway and complaining at the "abuse" department of that sender could even be just a validation of your email address resulting in more spam/infections.
    Are you familiar with SamSpade? It has a desktop version too, enabling you to put the whole email source with header in it, parsing it and it will try to determine as much as possible true origins and enabling you to complain etc. if you feel you must.
    http://www.samspade.org/ssw/download.html
     
    Last edited: Mar 3, 2005
  6. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    Very true. For me, it did help twice when a customer's network was the source.

    Nick
     
  7. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Before i send a complaint i whois (i love the whois in Port Explorer btw over the SamSpade's in cases) to try to find out about that domain. When i think it's of any use sometimes i do send in a complaint.
     
Thread Status:
Not open for further replies.