I have a question. Is it possible to hijack someone elses email account and send out emails to others containing viruses? Because this is what seems to have happened to me. I get lots of returned emails, saying that "this email was undeliverable to______ because it contained viruses" ! And I did NOT send any such mails!
And then, not to mention a large amount of strange mails containing attached files, with alluring messages as " here is your password" and "try this new game" to fool people to open the attachments, wich I never do, of course.
The thing with these emails that I'm supposed to have sent, is that they are returned to me, but the sender of the original mail is not my adress...

The following is an educated guess at what is happening:


The server that is causing the problem is one that is running a TELNET session on it. This means that a Worm can run a WHOIS and gain information about the "USERS" for that server, and even their "Mail aliases".

The worm then utilises the "Mail aliases" as destination addresses.

How I-Worms act, is they have been using SENDMAIL ( the protocol that Pipelines your e-mails across the internet).

With SENDMAIL is possible to "Spoof" a sender address, and have no more trace than the logs of the system you have written the mail on (or sent through) More recent versions of Sendmail have been patched to stop this occuring so easily. (but its now a hundred times harder to configure)

The problems with it being tough to configure means that it's easy for a wrong configuration to occur, which causes a potential to an exploit. (Although Sendmail is suppose to have been programmed to deal with most wrong configurations without opening a system right up.)

Simply there probably is an IIS server running a mailing list scam, that "datamines" e-mail address, which has got itself infected with something like Win32.KLEZ.H or Win32.KLEZ.E

Both "White Virii", there payload is a mixture of malicious while also stopping certain other Virii (Like Nimda) You can find information out on the virii and what names they go under.
Of course these ones utilise MS systems to be able to exist and continue to spread.

There are ways of people hijacking e-mails, but that too involves bounces, like inserting themselves as a DNS. This of course is too technical for what I think is occuring with yourself though.

If your running an MS system, I would suggest getting a Virii checker like AVG (or AVP as Avatar keeps stating) and check your system for those particular virii.

Move your friends addresses from outlook to a .txt file, rather than using the inbuilt address book. This stops virii being circulated.

Turn off Windows Script Hosting by going to Control Panel -} Add/Remove Programs -} Windows Setup -} Accessories -} [Untick] Windows Script Hosting.

If you've got a MAC... just laugh loudly :D

Yes, I do have a Mac...does that mean that I laugh because I'm then safe or because all hope is lost, and insanity is all that remains?
Thanks for the tips though. :) I will read this about 20 times, and after that, when I maybe have figured out what it all means, I will take action....or laugh.

Simply, your MAC is safer.

If you continue having the mails appear, send as much data to your Webspace provider, I'm sure they probably have some method of filtering out the problemed addresses.

If all else fails, you'll just have to make a rule for your e-mail program to dump and files like that in a particular folder to look at or dump.

I have had my email ADDRESS hijacked. Is there any way short of cancelling my acocunt to get it stopped? Some company is using my email address (though not my IP address or my computer) to send out SPAM. I have tried changing the password on my account, cleaning my machine of spyware and disconnecting my machine and computer from the net (though not in that order). Is there anything I can do to stop this outrage?

If someone has "Hijacked" your e-mail address, they are most likely using it to access a server that runs a protocol like SMTP or Sendmail.

No matter if you change your password, or format you system it won't do any good. The only thing you could do is try to get hold of a copy of the route that the e-mail took.

Namely if you have someone complain tell them to forward not just the e-mail to you be the e-mail headers of the original.

===Example==============================
Received: from [202.46.240.6] (helo=gatotkaca.bppt.go.id)
by sub.address.com with esmtp (Exim 3.22 #8)
id 17b3rR-0007lB-00
for Stryders@address.com; Sat, 03 Aug 2002 19:42:45 +0100
Received: from smtp0361.mail.yahoo.com ([66.169.68.218])
by gatotkaca.bppt.go.id (8.11.0/8.11.0) with SMTP id g73Iw5814853;
Sun, 4 Aug 2002 01:58:06 +0700
Message-Id: <200208031858.g73Iw5814853@gatotkaca.bppt.go.id>
Date: Sat, 3 Aug 2002 14:42:20 -0400
From: "Dallas Bhatia"<beldanielchanaiir@yahoo.com>
X-Priority: 3
To: Stryders@address.com
CC: bogus@addresses.com
Subject: mental floss prevents moral decay.
Mime-Version: 1.0
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
Status:
===========================================

Basically the above is from some SPAM someone sent ot me.
The Bolded areas are the areas of interest, since they give you a clue as to where the mail was first inputted into the network.

From this instance the SMTP from *.go.id was recieved before the yahoo one. Which basically means that .go.id is piping their e-mail into yahoo's mail servers.

This allows spoofing, of course it didn't quite work here as the individual got caught out. Simply put the Yahoo "From" address, is bound to be spoofed. Faked from the SMTP of .go.id

If I was the owner of that yahoo account, there wouldn't be much I can do apart from report the occurance and know that if people report my account wrongfully that my e-mail might be investigated.

The only real way of truly dealing with it, is to send a mail to "postmaster@go.id" and explain their SMTP is being misused to spoof, while also sending the same mail to "abuse@yahoo-inc.com". (containing the Header of the original post, the Subject line and the body of the post.)

(Eventually someone will have to do something about sites that allow e-mailaddress mining, and SPAM mail lists like www.emailbucks.com <sad B****** *ankers)

Stryder, I think with your experience you should know that .go.id is actually a web extension, and that the actual SMTP for bppt.go.id is gatotkaca.bppt.go.id.

Oh, in case you didn't already know, .go.id is the web extension used by Indonesian government institutions.

BPPT has something to do with technology if I remember correctly.

Bebe,

Ya the same thing happened to me!!! I was getting emails for people that I knew with viruses. It only lasted a few months and it doesnt happen anymore, but it still sucks!

Good luck:)

GB-GIL Trans-global

An error on my part, easy to overlook when you see things like www.mydomain.theirdomain.com and the like.