Has my computer been hijacked?

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • John of Phoenix
    Senior Member
    • Jun 2001
    • 31214

    Has my computer been hijacked?

    I've read where spammers are able to use a person's computer as a mail machine. I have recieved a number of similar messages in my mail box recently. Earthlink has very good incoming spam protetection so I'm puzzled as to how this got through.
    Did my machine in fact send it? I have no idea who "[email protected]" is.
    Mail Delivery Subsystem
    Returned mail: User unknown

    The original message was received at Wed, 17 May 2006 13:02:06 -0400 (EDT) from fe-relay03.albacom.net [217.220.57.137]

    *** ATTENTION ***

    Your e-mail is being returned to you because there was a problem with its delivery. The address which was undeliverable is listed in the section labeled: "----- The following addresses had permanent fatal errors -----".

    The reason your mail is being returned to you is listed in the section labeled: "----- Transcript of Session Follows -----".

    The line beginning with "<<<" describes the specific reason your e-mail could not be delivered. The next line contains a second error message which is a general translation for other e-mail servers.

    Please direct further questions regarding this message to your e-mail administrator.

    --AOL Postmaster

    ----- The following addresses had permanent fatal errors -----
    <[email protected]>

    ----- Transcript of session follows -----
    ... while talking to air-na01.mail.aol.com.:
    >>> RCPT To:<[email protected]>
    <<< 550 MAILBOX NOT FOUND 550 <[email protected]>... User unknown
    I run XP (firewall enabled) with latest updates, McCafee for virus protection on constantly and run AdAware occasionally. Cox cable connection.

    Any thoughts?
  • capt jake
    Invisible Senior Member
    • Mar 2002
    • 4556

    #2
    I had simular problems a few years ago. I determined that somebody else was using my e-mail address to send out spam. I believe that somebody else (who had my e-mail address in their address book) was infected with a virus and 'that' machine sent out the bogus e-mail. I was getting mail from irrate people telling me to stop sending things, when it truely wasn't me. I ignored it and the problem eventually went away.

    Good luck.

    Comment

    • High C
      Senior Member
      • Mar 2003
      • 8984

      #3
      Jake is probably right. If you are sure you are virus free, then someone else who has your address in their Outlook Contacts is infected with a virus that sends itself to everyone in their Contact list.

      It'll blow over with time.

      Comment

      • Nicholas Carey
        Flâneur • Seattle
        • Feb 2001
        • 20299

        #4
        Spoofed return address

        The spammers often spoof return addresses. They probably just put your return address on the spam. Often they'll just auto-generate addresses for this sort of purpose. Take a list of different domains. Add a dictionary of common surnames and given names and run a little program to generate likely email addresses:

        Code:
        <given-name>.<last-name>@domain
        <given-name-1st-letter>.<last-name>@domain
        <given-name-1st-letter><last-name>@domain
        etc.

        It's pretty easy to generate millions of likely email addresses this way.

        The mail server that bounced the message should have attached the bounced message to the email you received regarding the bounce. If you open it up in a text editor, you should see the mail headers at the head of the file. The RECEIVED: headers are the interesting ones.

        Each MTA (Mail Transfer Agent) that receives the mail should add a RECEIVED header to the beginning of the file. RECEIVED headers have the general format:

        Code:
        RECIEVED: from <sending-MTA> by <receiving-MTA>; <date/time>
        Consequently, the topmost RECEIVED header is the header added by the last MTA to receive the message; the last RECEIVED header is the header added by the first MTA to receive the message (This can sometimes be misleading because spammers will often add bogus RECEIVED headers to mislead people trying to track down the source. So the RECEIVED headers show the path traversed by message as it travelled across the network:

        Code:
        MTALast <- MTA-X <- MTA-Y <- MTAFirst
        At any rate, if the mail originated on your machine, your machine's name/ip address should appear as the sending MTA in the first RECEIVED header (or, if the spammer has been forging RECIEVED headers, somewhere in the chain).

        More on reading mail headers at http://www.stopspam.org/email/headers.html
        “The big joke on democracy is that it gives its mortal enemies the tools to its own destruction,” Goebbels said as the Nazis rose to power—one of those quotes that sound apocryphal but are not.​
        — Adam Gopnik

        Comment

        • John of Phoenix
          Senior Member
          • Jun 2001
          • 31214

          #5
          Thank you gentelmen. I'll check it out.

          Comment

          Working...