Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

spoofed spam emails


  • This topic is locked This topic is locked
2 replies to this topic

#1 Nethacker

Nethacker

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:50 PM

Posted 01 March 2012 - 07:09 AM

Hi guys,
My Names Jason I work as an IT manager for an animation company, I'm having an issue with what seems to be a spam virus that doesn't appear to be sending from the computer that it looks like its coming from. there's a clever bit of code in the header that spoofs the sender I've done a whois lookup on the originating IP address and it goes to an ISP in the United Arab Emirates. it seems that who ever clicks on the spam link is then infected and there contact list is exposed to the spammer to use while at the same time spoofing the name of the recipient who opened the email. I've pasted a copy of one of the headers below, the mail.spider-eye.com is my mail server and I've removed any contact information of my company email addresses and replaced them with * for security. any help on stopping these would be a missive help! sorry if I've posted in the wrong section or anything im new to this forum. Thanks in advance!

Received: from blu0-omc4-s15.blu0.hotmail.com ([65.55.111.154])
by mail.spider-eye.com
with hMailServer ; Mon, 16 Jan 2012 11:25:01 +0000
Received: from BLU0-SMTP189 ([65.55.111.137]) by blu0-omc4-s15.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675);
Mon, 16 Jan 2012 03:24:52 -0800
X-Originating-IP: [2.48.191.24]
X-Originating-Email: [******@spider-eye.com]
Message-ID: <BLU0-SMTP189798FE50C24F8745B6D0EE0830@phx.gbl>
Return-Path: ******@spider-eye.com
Received: from [192.168.1.1] ([2.48.191.24]) by BLU0-SMTP189.phx.gbl over TLS secured channel with Microsoft SMTPSVC(6.0.3790.4675);
Mon, 16 Jan 2012 03:24:51 -0800
From: ****** ****** <******@spider-eye.com>
Subject: Drove
Date: Mon, 16 Jan 2012 11:24:48 +0000
To: *****@spider-eye.com
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="------------3739b58cb0674f1b9f79042e"
X-OriginalArrivalTime: 16 Jan 2012 11:24:52.0420 (UTC) FILETIME=[772B7040:01CCD441]
Sender: <hotmail_34b22ed386948eed@live.com>
X-EsetId: BE9BE22711194D27EADBB8

BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:50 PM

Posted 04 March 2012 - 03:29 PM

Heya

I'm not quite sure I understand, do you think it's originating from your own machines or not?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:50 PM

Posted 29 March 2012 - 08:16 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users