Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Email hacker or just new junk tactic?


  • Please log in to reply
No replies to this topic

#1 animemonster

animemonster

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:21 PM

Posted 17 December 2009 - 12:40 AM

My step-father alerted me a bunch of e-mails in his work e-mail account's junk mail folder that concern me. While the e-mail is a public account from cox.net provided to their customers. He uses this e-mail primarily for his business as an insurance salesman.

The e-mails are all supposidly return to senders for failure to deliver. However the e-mail accounts the e-mails are supposed to be going to are not ones my step-dad even vaguely recognizes, and the e-mail accounts the messages are supposed to be from are not my step-dad's e-mail address. There are 40 of these e-mails dating from October 19 of this year.

Here is a list of the e-mails:

October 19, 2009
From: MAILER-DAEMON@bijoyonline.net
Subject: Undelivered Mail Returned to Sender
Attachment included in e-mail (not opened)
"Original E-mail"
From: removed
To: removed
Subject: Undelivered Mail Returned to Sender
Contains following link (never followed by me): hxxp://barneshyse13.livejournal.com
*-*-*-*-* (using symbols to seperate the emails)

October 26, 2009
From: removed
Subject: Your email requires verification verify#9ZLOqx_jlv1XhR8rv8tRCKfQoQFGkwZk
Email contents (this one is strange):

The message you sent requires that you verify that you
are a real live human being and not a spam source.

To complete this verification, simply reply to this message and leave
the subject line intact.

The headers of the message sent from your address are shown below:

From removed Mon Oct 26 03:06:44 2009
Received: from cp-out10.libero.it ([212.52.84.110])
by hawk.arvixe.com with esmtp (Exim 4.69)
(envelope-from <removed)
id 1N2MTL-0007rI-Hx
for removed; Mon, 26 Oct 2009 03:06:44 -0700
Received: from TJBBLS (151.61.161.211) by cp-out10.libero.it (8.5.107)
id 4AE162F8007A657E for removed; Mon, 26 Oct 2009 11:06:48
+0100
Received: from [176.230.52.162] (HELO IYDWV)
by 151.61.161.211 (CommuniGate Pro SMTP 5.0.11)
with SMTP id 40055690 for removed; Mon, 26 Oct 2009 11.06.49 +0100
Message-ID: <01e901ca5624$08851030$d3a13d97@cnsyebnf>
From: "second" <second@cox.net>
To: <removed>
Subject: Raun,chyBrun-etteFingeringSnatchTi||Squirting
Date: Mon, 26 Oct 2009 11.06.49 +0100
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_01E6_01CA562C.6A3E54A0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.3158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2077

*-*-*-*-*

October 26, 2009 (there were 6 e-mails on this one day)
From: MAILER-DAEMON@aha.ru
Subject: Undeliverable mail: CuteSpacegir|WithBigTitsA,na|Fu&ckedByA|ien
Contents (2 Attachements included, none opened):
Failed to deliver to 'removed'
SMTP module(domain sbcglobal.net) reports:
return-path address <second@cox.net> rejected by sbcmx5.prodigy.net:
553 5.3.0 flpd121 - n9QAEN4j011170, DNSBL:ATTRBL 521< 62.113.86.206
>_is_blocked.__For_information_see_hxxp://att.net/blocks

*-*-*-*-*

From: postmaster@insea.ac.ma
Subject: Notiffication d'=?unicode-1-1-utf-7?Q?+AOk-tat de remise (+AOk-chec)?=
Cette notification d'état de remise est générée automatiquement.

Échec de la remise aux destinataires suivants.

removed




Open Attachment [] --- Forwarded Message ---
Date: [Mon, 26 Oct 2009 10:39:51 -0000]
From: second <second@cox.net>
To: removed

Subject: Notification d'=?unicode-1-1-utf-7?Q?+AOk-tat de remise (+AOk-chec)?=

acceptance our party pursuing
Blond'eWithGlassesOutdoorWantsSexHardco're
this work copyright laws in
in 1776 for additional

contains attachment

*-*-*-*-*

From: Mailer-Daemon@dobrogea.romedchim.com
Subject: Mail delivery failed: returning message to sender
This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

removed
SMTP error from remote mail server after MAIL FROM:<second@cox.net>:
host sbcmx5.prodigy.net [207.115.21.24]: 553 5.3.0 flpd123 - n9QBIfEJ003809,
DNSBL:ATTRBL 521< 96.9.176.5
>_is_blocked.__For_information_see_hxxp://att.net/blocks

------ This is a copy of the message, including all the headers. ------

Return-path: <second@cox.net>
Received: from [81.12.172.242] (helo=bpzoa)
by dobrogea.romedchim.com with esmtp (Exim 4.69)
(envelope-from <second@cox.net>)
id 1N2Nay-00083m-6h
for removed; Mon, 26 Oct 2009 13:18:40 +0200
Received: from [186.84.210.2] (HELO MXNDKEPFV)
by 81.12.172.242 (CommuniGate Pro SMTP 5.0.11)
with SMTP id 39840421 for removed; Mon, 26 Oct 2009 13:17:57
+0200
Message-ID: <00a501ca562d$f86f20f0$f2ac0c51@XFLNCBE>
From: "shaunierichie22" <removed>
To: <removed>
Subject: MS|aveCr0pWhipeedByMat'ureD0minaInSt0ckings
Date: Mon, 26 Oct 2009 13:17:57 +0200
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_00A2_01CA563E.BBD15620"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2631
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2649

This is a multi-part message in MIME format.

------=_NextPart_000_00A2_01CA563E.BBD15620
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

mlqlmqrv?"|"NKMEBUVOPIJCIhdavo
------=_NextPart_000_00A2_01CA563E.BBD15620
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; charset=3Dus-ascii">
<META content=3D"MSHTML 6.00.6000.16759" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY>
decree whom thou hast invested with<br>
to their american beneficiaries was<br>
<strong><a href=3D"hxxp://www.google.com/reader/item/tag:google.com,2005:reader/
item/3b0faba385540a08">B,runetteInSpandexB'odystockingPosingTeasing</a></strong>
<br>
of his lovingkindness he<br>
<br>
</BODY></HTML>


------=_NextPart_000_00A2_01CA563E.BBD15620--

*-*-*-*-*

From: MAILER-DAEMON@fbb.3a.net.tw
Subject: Returned mail: see transcript for details

The original message was received at Tue, 27 Oct 2009 12:17:08 +0800
from [124.155.161.78]

----- The following addresses had permanent fatal errors -----
<removed>
(reason: 550 Access denied...1e203d6d556d30304d195565fd10856510510149b1e0019
05160c0ad29e5f029c0d904...)

----- Transcript of session follows -----
... while talking to mx.vgs.untd.com.:
<<< 550 Access denied...2cb9a989158918b995cca1ac550deccce519793c816579b1d54521fc
082d8d08210141...
... while talking to mx.dca.untd.com.:
>>> QUIT
<<< 550 Access denied...1e203d6d556d30304d195565fd10856510510149b1e001905160c0ad
29e5f029c0d904...
554 5.0.0 Service unavailable

Open Attachment [] --- Forwarded Message ---
Date: [Tue, 27 Oct 2009 11:57:47 +0800]
From: ryan.p.martin <removed>
To: removed

Subject: Returned mail: see transcript for details

that probably dorothy had some
day when you went out of
Ghett0Gi.rlGetsLickedSuck@ingF0rWildF'uck
peril he was ready
her apartment her friends

*-*-*-*-*

That is a sampling, there are several more of these. If whoever helps needs more, my step-dad gave me access to the e-mail so that I could work on this. All the e-mails are still saved there. They all appear in the junk folder.

Most of them contain attachements that have never been opened. And many have links that have never been followed.

If this is truly a hacker then I really need to get rid of it as there is possibly a lot of sensitive information from my step-father's clients.

He thinks he's been hijacked and did a bit of panicing before asking me to do something. I admit to knowing jack and bleep about e-mail, and Jack left town. But I know more about computers than anyone in the family.


Edited by Orange Blossom, 11 February 2013 - 01:03 AM.
Removed e-mail addresses and deactivated link. ~ OB


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users