Email Worm Spoofing not stopped by mbam

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

http://www.hoax-slayer.com/email-worm-spoofing.html

I had gotten some spoofs [ infectee ] before and after running updated mbam
quick scans
I have checked the security panel of windows [vista] to make sure the
antivirus and firewalls were active

anybody think of anything else I could have forgotten?
It was a hotmail address they used
--
Tommy



Re: Email Worm Spoofing not stopped by mbam


|
| http://www.hoax-slayer.com/email-worm-spoofing.html
|
| I had gotten some spoofs [ infectee ] before and after running updated
mbam
| quick scans
| I have checked the security panel of windows [vista] to make sure the
| antivirus and firewalls were active
|
| anybody think of anything else I could have forgotten?
| It was a hotmail address they used

What are you asking ?

If it is using your email address, there is nothing you can do.  Once your
email address is harvested it can/may be used as a sender of email, spoofing
or impersonating you.  The proof it didn't come from you would be in the
headers.


--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp


Re: Email Worm Spoofing not stopped by mbam




David H. Lipman wrote:
Quoted text here. Click to load it

how did you know that was the answer i was looking for?


--
Tommy




Re: Email Worm Spoofing not stopped by mbam


|
| David H. Lipman wrote:
Quoted text here. Click to load it

|
| how did you know that was the answer i was looking for?
|

Huh ?
I had trouble finding the question ;-)



--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp

Re: Email Worm Spoofing not stopped by mbam




David H. Lipman wrote:
Quoted text here. Click to load it
just looking for suggestions.
apparently the pc must be doing it because it didn't do anything while I was
working on it.
thought mbam would be strong emough, will scan again full scan
may try a restore,

--
Tommy



Re: Email Worm Spoofing not stopped by mbam


|
| David H. Lipman wrote:
Quoted text here. Click to load it
| just looking for suggestions.
| apparently the pc must be doing it because it didn't do anything while I
was
| working on it.
| thought mbam would be strong emough, will scan again full scan
| may try a restore,
|

Don't assume thaty beacuse your email address is found to be used in spam or
malicious email.

It could be a harvested emails address just pretending to eb you or it could
be a case of a compromised webmail account.  Neither of which stem from your
PC having to be in fected.

Let's get to the REAL problem that prompted your posting.  Please provide
all the facts.


--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp


Re: Email Worm Spoofing not stopped by mbam




David H. Lipman wrote:
Quoted text here. Click to load it
more details? ok, sorry I wasn't giving you enough info.
my neighbors email address [hotmail] seems to be sending me an email [
without subject ] which has been blocked by my avast
I got these yesterday in the morning.
here is the only content [of one] http://machine9.nQWERTYet/stuff/loade.html
[remove in caps]
here is the other one
http://paratrooperdigZXCVBNital.com/manage/wp-content/themes/ptd1/images/loade.html

I asked her to bring the pcs over and I scanned them with MBAM [updated] [
it found 27 items ]
I gave it back to her last evening about 8 pm
this morning at 5:20am I got 2 more emails [ with no subject ] with links
http://toothefairie.POIUYTcom/loade.html
and
http://paintthetownread.info/wp-cMNBVContent/plugins/extended-comment-options/loade.html
in the other one

So, I assume that it was on the machine [ lousy assumption I agree, but
logical]

one machine is  dell with vista the other is an acer with win 7
I am trying to remember how to use SpamCop to report these . I have used it
before [ not in years ]

--
Tommy





Re: Email Worm Spoofing not stopped by mbam


Quoted text here. Click to load it

Chances are your neighbour's HotMail accout was compromised.  Malware does not
have to be
on her computer for this to have happened.

What needs to be done is have her change her password to a strong password ASAP.
http://en.wikipedia.org/wiki/Password_strength

Honestly, the URLs in the email don't mean anything.  What *IS* needed is the
full headers
of the spammed email.  I'll lay a bet that it shows that the spam eminated from
from the
HotMail webmail system but will also show a source IP outside the US such as
Brazil.

For example here is a header from a Jobe Froaud email using a compromised
Optimum Online
account....

++++++++++++++++++

Received: from mta3.srv.hcvlny.cv.net ([unknown] [167.206.4.198])
by vms169127.mailsrvcs.net
(Sun Java(tm) System Messaging Server 7u2-7.02 32bit (built Apr 16 2009))
DLipman@Verizon.Net; Thu, 16 Feb 2012 12:11:08 -0600 (CST)
Received: from apsede.sede.ffb ([189.22.125.210]) by mta3.srv.hcvlny.cv.net
(Sun Java System Messaging Server 6.2-8.04 (built Feb 28 2007))
DLipman@Verizon.Net; Thu, 16 Feb 2012 13:11:00 -0500 (EST)
Date: Thu, 16 Feb 2012 15:08:19 -0300
From: #######@optonline.net
Subject: Employment opening.
X-Originating-IP: [167.206.4.198]
To: David Lipman <DLipman<at>Verizon.Net>
Reply-to: ufs_hr@gmx.com
MIME-version: 1.0
X-Mailer: Mutt 1.0.1i
Content-type: text/html; charset=iso-8859-1
Content-transfer-encoding
X-Priority: 3 (Normal)
Original-recipient: rfc822;DLipman<at>Verizon.Net
X-PMFLAGS: 35144320 0 16711681 PVKRTJ87.CNM

++++++++++++++++++


Note the above line; Received: from apsede.sede.ffb ([189.22.125.210])

inetnum: 189.22.125.208/28
aut-num: AS4230
abuse-c: GSE6
owner: CELI PRAIA HOTEL
ownerid: 004.046.208/0001-00
responsible: Francisco Franco Barreto
country: BR
owner-c: FRFBA2
tech-c: FRFBA2
created: 20101008
changed: 20101008
inetnum-up: 189.22/15

So this is a case of a Brazillian IP being used to access the Optimum Online
webmail
interface to send a Job Fraud email

--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp



Site Timeline