|
Posted by Phil Weldon on July 4, 2005, 6:50 pm
If you were Registered and logged in, you could reply and use other advanced thread options
'roberto' posted, in part:
| This is the message I received now!!! And before i received 4 spams!!
|
| Well... this is the Original Code of message. Dave suggested 2 days ago
that
| my e-mail account has been forged... but in any case the original message
is
| on my HOTPOP INBOX...!! Whats going on with this site?? Hasn't AV
protection
| or what??
_____
As David suggested, an infected system has
harvested your email address
uses your harvested email address as a forged 'From:' entry on infected
email
infected email using your email address as a forged 'From:' entry is
received by the hotpop.com mail server
the antivirus protection on the hotpop.com mail server detects and removes
the infected package
the hotpop.com mail server sends a notice of infected mail recieved to the
forged address (yours)
How did your hotpop.com email address get harvested? Well, you posted to
this newsgroup using a hotpop.com email address. Some malware harvests
email addresses from Usenet newsgroup postings, reading directly from news
servers.
Never post to Usenet newsgroups using a valid email address as the 'From:'
address. Instead, use a guaranteed invalid email address. 'invalid.com'
and 'example.com' are reserved domain names and can be used safely without
fear of directing spam or infectious attacks to an email address in use.
Use not.disclosed@invalid.com is a good choice - since it is reserved, any
number of people can use it and no bounces are generated.
Phili Weldon
> This is the message I received now!!! And before i received 4 spams!!
>
> Well... this is the Original Code of message. Dave suggested 2 days ago
> that
> my e-mail account has been forged... but in any case the original message
> is
> on my HOTPOP INBOX...!! Whats going on with this site?? Hasn't AV
> protection
> or what??
>
> X-EMS: wait 10s
> X-EMS: wait 20s
> X-EMS: wait 30s
> X-EMS: wait 40s
> X-EMS: wait 50s
> X-EMS: wait 60s
> X-EMS: wait 70s
> X-EMS: wait 80s
> X-EMS: wait 90s
> Received: from swip.net (mailfe07.swip.net [212.247.154.193])
> by mx1.hotpop.com (Postfix) with ESMTP id 85AF3E810E
> X-T2-Posting-ID: HqRFDKJEwrPQ5sNJ3Bpz2A==
> Received: from [193.216.200.207] (HELO myigrk)
> by mailfe07.swip.net (CommuniGate Pro SMTP 4.3.4)
> with SMTP id 217137596; Mon, 04 Jul 2005 21:04:33 +0200
> SUBJECT: Advice
> Date: Mon, 04 Jul 2005 21:04:35 +0200
> X-HotPOP-Delivered-To: ralplavner@hotpop.com
> X-Antivirus: AVG for E-mail 7.0.323 [267.8.9]
> Mime-Version: 1.0
> Content-Type: multipart/mixed;
> boundary="=======AVGMAIL-42C9D19567D7======="
>
> --=======AVGMAIL-42C9D19567D7=======
> Content-Type: multipart/alternative; boundary=iyintzjmvh
>
> --iyintzjmvh
> Content-Type: text/html
> Content-Transfer-Encoding: quoted-printable
>
> <HTML>
> <HEAD></HEAD>
> <BODY>
> <iframe src=3D"cid:umsoemmyjfvpmm" height=3D0 width=3D0></iframe>
> <BR><BR>Hi.
> <BR>I'm sorry =
> I wasn't able to deliver your message =
> to the following addresses:<BR>
> </BODY></HTML>
>
> --iyintzjmvh--
> --=======AVGMAIL-42C9D19567D7=======
> Content-Type: text/plain; x-avg=cert; charset=us-ascii
> Content-Transfer-Encoding: quoted-printable
> Content-Disposition: inline
> Content-Description: "AVG certification"
>
> Viruses found in the attached files.
> The file haipvb.bat: Virus identified I-Worm/Swen.A. The attachment was
> mov=
> ed to the virus vault.
>
> Checked by AVG Anti-Virus.
> Version: 7.0.323 / Virus Database: 267.8.9/39 - Release Date: 04/07/2005
>
> --=======AVGMAIL-42C9D19567D7=======--
>
>
>
| 
XML site map