Help! No idea how they did that!

Help! No idea how they did that!
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 General Computer Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Help! No idea how they did that! David 07-11-2004
Posted by David on July 11, 2004, 6:40 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Today I received nearly 20 e-mails with the same attachement
(Thyda.jpg) and body (Dear Everybody can i infect in ur
machine???????????????? See U Next Time). I noticed one of them has
the same From: address as mine. For example:

From: Am Cmac Center [myname@myorgdomain]
To: My Name [myname@myorgdomain]
....

And few others:

From: Thyda [PrettyGirl@myorgdomain] (which PrettyGirl is not my
registered mail user in my org mail server)
To: My Name [myname@myorgdomain]

From: Ghost [bongry@myorgdomain](which bongry is not my registered
mail user in my org mail server)
To: My Name [myname@myorgdomain]

And the rest of them have other domains than my org domain which sent
to me and my colleagues.

My questions are:

1. How they did that?
2. I couldn't track their IP. How can I track them?
3. How can I stop them

Any help would greatly appreciated.

David


Posted by Thor Kottelin on July 12, 2004, 10:28 am
If you were  Registered and logged in, you could reply and use other advanced thread options


David wrote:
>
> Today I received nearly 20 e-mails with the same attachement
> (Thyda.jpg) and body (Dear Everybody can i infect in ur
> machine???????????????? See U Next Time). I noticed one of them has
> the same From: address as mine.

> 1. How they did that?

They wrote a "From:" line with your address in it, just like you presumably
do yourself.

> 2. I couldn't track their IP. How can I track them?

Look at the "Received:" lines.

> 3. How can I stop them

Generally speaking, you can't. Their provider might kick them out, but there
are always bulletproof providers around.

Thor

--
http://www.anta.net/


Posted by Bill Unruh on July 12, 2004, 4:32 pm
If you were  Registered and logged in, you could reply and use other advanced thread options


In comp.security.misc you write:

]Today I received nearly 20 e-mails with the same attachement
](Thyda.jpg) and body (Dear Everybody can i infect in ur
]machine???????????????? See U Next Time). I noticed one of them has
]the same From: address as mine. For example:

]From: Am Cmac Center [myname@myorgdomain]
]To: My Name [myname@myorgdomain]
]...

]And few others:

]From: Thyda [PrettyGirl@myorgdomain] (which PrettyGirl is not my
]registered mail user in my org mail server)
]To: My Name [myname@myorgdomain]

]From: Ghost [bongry@myorgdomain](which bongry is not my registered
]mail user in my org mail server)
]To: My Name [myname@myorgdomain]

]And the rest of them have other domains than my org domain which sent
]to me and my colleagues.

]My questions are:

]1. How they did that?

Easily. The smtp protocol accepts the From address put on the mail by the
sender.

]2. I couldn't track their IP. How can I track them?

Look at the last Received: line in the full header of the message.

(They are listed from latest to earliest)


]3. How can I stop them

You can't
]Any help would greatly appreciated.

]David


Similar ThreadsPosted
OT New botnet virus idea September 26, 2007, 12:37 pm
Utility to test IDEA encryption algorithm May 8, 2005, 12:46 am

The site map in XML format XML site map

Contact Us | Privacy Policy