Hotmail problem

bigben2k · 09-03-2003, 07:21 PM

Argh! I hate Microsoft!

Someone is using my hotmail addresses, to send spam, but not my account.

The e-mail contains a file, that has a virus.

So I get continous e-mails from miscellaneous servers, telling me that the message has been deleted or otherwise terminated.

But sometimes, they include the attachment (100k), and when those come in, it fills up my inbox!

Microsoft help is as one would expect it: not helpful.

Anyone have any ideas?

No I haven't come across a message that includes the originating IP address, yet. The latest batch of e-mails bounced back from the Reliant Energy mail server (but didn't include the attachment, just the infected filename).

Anyone in for a counter-attack?

iggiebee · 09-03-2003, 08:18 PM

NOT someone is using your email addy. It's the virus itself that uses the email addresess it finds in the computer that has infected. It inserts your email as a "fake" return address.

This occurance happens very often, and there is nothing you can do, other than sit down at weather the storm of compalints, until the user desinfects his/her computer.

Whatever ISP receceives a complaint will immediately notice the fake headers using your email address. SO do not worry.

jaydee · 09-03-2003, 08:27 PM

Quote:

Originally posted by iggiebee
NOT someone is using your email addy. It's the virus itself that uses the email addresess it finds in the computer that has infected. It inserts your email as a "fake" return address.

This occurance happens very often, and there is nothing you can do, other than sit down at weather the storm of compalints, until the user desinfects his/her computer.

Whatever ISP receceives a complaint will immediately notice the fake headers using your email address. SO do not worry.

What he said. I even had this problem with a work e-mail addy. One of our customers got the virus and it was sending e-mails in our companies name.

Alchemy · 09-04-2003, 01:21 AM

Damn, Ben, how was your vacation on Mars for the past two weeks?

A new Sobig variant ("F") hit the Internet a few weeks ago, not long after the Blaster fiasco. Iggiebee pretty much has the story. You might also read here:

http://securityresponse.symantec.com...obig.f@mm.html

The worm is set to deactivate Sept 10th, so those annoying spoofed Emails will be gone within a week.

I'm amazed it just started bothering you now - I've been getting infected Emails and illegitimate bouncebacks/rejected Emails at a rate of about ten a day since the virus was released.

Alchemy

bigben2k · 09-04-2003, 08:11 AM

thanks all.

The problem has been bothering me for more than a week, actually. I figured it was virus related, but I thought there might be a spammer behind it. (Heck, even my father in law thinks I'm spamming him!)

I can wait until September 10, and clear my inbox on a regular basis. In the mean time, I'm still going to try to catch a return e-mail with an IP address, and report it to Microsoft, for what it's worth.

In related news, Microsoft is being blasted by the security community, because the warning that they issued, and the solution, about "Blaster", doesn't work on all of Microsoft's OS (Windows 2000 in particular). System admins everywhere now laugh at Microsoft's recently re-vamped "high security" initiative.

I hate Microsoft. I've always hated Microsoft, and I'm always going to hate Microsoft. My only comfort is that they're predictable...

iroc409 · 09-04-2003, 08:42 AM

nice thing with most mail hosts is they can block a hell of a lot of crap right at their box, but in a case like this there's not a lot of hope, really. especially since it's a microsoft mail server, and hotmail nonetheless.

if it is a spammer, good luck catching them. they are pretty smart these days, it's fairly difficult to catch a good spammer.

hopefully it's just the virus. i know a lot of isp's were _insanely_ busy blocking off the latest virus.. basically blocking attachments and such. they were having their systems block thousands of these emails an hour. that totally sucked, there was a lot of shit flying around.

bigben2k · 09-04-2003, 09:26 AM

Got some more in this morning.

The first message bounced back from:
relay4.volny.cz [212.20.96.13]

The second bounced back from
[204.17.27.162] (returned from www.jobwarehouse.com)

The third bounced from:
[204.17.27.162] (returned from www.jobwarehouse.com)

The fourth (no attachment this time!)
mailhost2.reliant.com

The fifth (no attachment)
mailhost2.reliant.com

and the sixth (with attachment)
adinet.com.uy

I can understand the jobwarehouse one, because I use that hotmail address there (it's my job search e-mail address).

Obviously the virus is still active. I know that ".cz" is Checkoslovakia, but where is ".uy"?

iggiebee · 09-04-2003, 10:19 AM

Quote:

Obviously the virus is still active. I know that ".cz" is Checkoslovakia, but where is ".uy"?

Uruguay, S. America

09-03-2003, 07:21 PM	#1
bigben2k Responsible for 2% of all the posts here. Join Date: May 2002 Location: Texas, U.S.A. Posts: 8,302	Hotmail problem Argh! I hate Microsoft! Someone is using my hotmail addresses, to send spam, but not my account. The e-mail contains a file, that has a virus. So I get continous e-mails from miscellaneous servers, telling me that the message has been deleted or otherwise terminated. But sometimes, they include the attachment (100k), and when those come in, it fills up my inbox! Microsoft help is as one would expect it: not helpful. Anyone have any ideas? No I haven't come across a message that includes the originating IP address, yet. The latest batch of e-mails bounced back from the Reliant Energy mail server (but didn't include the attachment, just the infected filename). Anyone in for a counter-attack? __________________ WBTA (Water Block Testing Alliance) Nordic Hardware WC 101

09-03-2003, 08:18 PM	#2
iggiebee Cooling Savant Join Date: Jun 2003 Location: Miami, Florida US Posts: 117	NOT someone is using your email addy. It's the virus itself that uses the email addresess it finds in the computer that has infected. It inserts your email as a "fake" return address. This occurance happens very often, and there is nothing you can do, other than sit down at weather the storm of compalints, until the user desinfects his/her computer. Whatever ISP receceives a complaint will immediately notice the fake headers using your email address. SO do not worry. __________________ I stop for 1 C. "Those that give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -- Benjamin Franklin (1773)

09-04-2003, 08:11 AM	#5
bigben2k Responsible for 2% of all the posts here. Join Date: May 2002 Location: Texas, U.S.A. Posts: 8,302	thanks all. The problem has been bothering me for more than a week, actually. I figured it was virus related, but I thought there might be a spammer behind it. (Heck, even my father in law thinks I'm spamming him!) I can wait until September 10, and clear my inbox on a regular basis. In the mean time, I'm still going to try to catch a return e-mail with an IP address, and report it to Microsoft, for what it's worth. In related news, Microsoft is being blasted by the security community, because the warning that they issued, and the solution, about "Blaster", doesn't work on all of Microsoft's OS (Windows 2000 in particular). System admins everywhere now laugh at Microsoft's recently re-vamped "high security" initiative. I hate Microsoft. I've always hated Microsoft, and I'm always going to hate Microsoft. My only comfort is that they're predictable... __________________ WBTA (Water Block Testing Alliance) Nordic Hardware WC 101

09-04-2003, 08:42 AM	#6
iroc409 Cooling Savant Join Date: Oct 2002 Location: midwest side, yo Posts: 596	nice thing with most mail hosts is they can block a hell of a lot of crap right at their box, but in a case like this there's not a lot of hope, really. especially since it's a microsoft mail server, and hotmail nonetheless. if it is a spammer, good luck catching them. they are pretty smart these days, it's fairly difficult to catch a good spammer. hopefully it's just the virus. i know a lot of isp's were _insanely_ busy blocking off the latest virus.. basically blocking attachments and such. they were having their systems block thousands of these emails an hour. that totally sucked, there was a lot of shit flying around. __________________ :shrug:

09-04-2003, 09:26 AM	#7
bigben2k Responsible for 2% of all the posts here. Join Date: May 2002 Location: Texas, U.S.A. Posts: 8,302	Got some more in this morning. The first message bounced back from: relay4.volny.cz [212.20.96.13] The second bounced back from [204.17.27.162] (returned from www.jobwarehouse.com) The third bounced from: [204.17.27.162] (returned from www.jobwarehouse.com) The fourth (no attachment this time!) mailhost2.reliant.com The fifth (no attachment) mailhost2.reliant.com and the sixth (with attachment) adinet.com.uy I can understand the jobwarehouse one, because I use that hotmail address there (it's my job search e-mail address). Obviously the virus is still active. I know that ".cz" is Checkoslovakia, but where is ".uy"? __________________ WBTA (Water Block Testing Alliance) Nordic Hardware WC 101

09-04-2003, 01:21 AM	#4
Alchemy Cooling Savant Join Date: Oct 2002 Location: Boston Posts: 238	Damn, Ben, how was your vacation on Mars for the past two weeks? A new Sobig variant ("F") hit the Internet a few weeks ago, not long after the Blaster fiasco. Iggiebee pretty much has the story. You might also read here: http://securityresponse.symantec.com...obig.f@mm.html The worm is set to deactivate Sept 10th, so those annoying spoofed Emails will be gone within a week. I'm amazed it just started bothering you now - I've been getting infected Emails and illegitimate bouncebacks/rejected Emails at a rate of about ten a day since the virus was released. Alchemy

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)