Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Mystery Email - Is This A Virus/malware?


  • Please log in to reply
13 replies to this topic

#1 tekchallenged

tekchallenged

  • Members
  • 257 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Western Australia
  • Local time:12:20 PM

Posted 12 April 2007 - 10:09 PM

I just got an email saying it is a "delivery status notification" and that my email failed, etc etc, but I didn't send an email to the address listed (it is a bit similar to my email address name). There are attachments. Is this an attempt to get me to open dodgy attachments with viruses, or has my computer been up to something? Thanks.
Feel free to assume that I won't know what you are talking about...

BC AdBot (Login to Remove)

 


m

#2 buddy215

buddy215

  • BC Advisor
  • 12,608 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:20 PM

Posted 12 April 2007 - 10:21 PM

The rule is NEVER open an email if you don't at least recognize the sender. Delete immediately. Don't let your curiosity get you infected. Attachments from even a known sender should not be opened unless you were expecting them. Always verify links sent in emails or paste them into google and see what comes up.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 tekchallenged

tekchallenged
  • Topic Starter

  • Members
  • 257 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Western Australia
  • Local time:12:20 PM

Posted 12 April 2007 - 10:44 PM

The rule is NEVER open an email if you don't at least recognize the sender. Delete immediately. Don't let your curiosity get you infected. Attachments from even a known sender should not be opened unless you were expecting them. Always verify links sent in emails or paste them into google and see what comes up.

No worries - I didn't open it, I could see what it said from the preview window. But, in this case, the sender was recognizable because, if an email doesn't get through, that's who sends the "it didn't go through" messages. But this time, the message is (apparently) nonsense because what it's saying didn't go through wasn't sent (as far as I know - unless my computer has been sending nuisance emails by itself... somehow...can it do that? :thumbsup: )
Feel free to assume that I won't know what you are talking about...

#4 fozzie

fozzie

    aut viam inveniam aut faciam


  • Members
  • 3,516 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ossendrecht/The Netherlands
  • Local time:05:20 AM

Posted 13 April 2007 - 02:02 AM

It could also be that yu are the vicitim of a spambot, meaning that somewhere this spambot picked up your email adress somewhere on the net and is now using that to send random emails.

A remark though, viewing emails in the preview pane is not without danger, this is strongly disadvised by safety experts since you are reading the email anyway. I have disabled preview pane Info on preview pane

A small tip to quickly identify if somebody is using your adressbook :

1) Make an email-adress like 0@0.com in your adress book
2) If somebody is using your adressbook the first warning you will get is that emails to this adress could not be delivered.

Edited by fozzie, 13 April 2007 - 02:03 AM.


#5 tekchallenged

tekchallenged
  • Topic Starter

  • Members
  • 257 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Western Australia
  • Local time:12:20 PM

Posted 13 April 2007 - 03:37 AM

It could also be that yu are the vicitim of a spambot, meaning that somewhere this spambot picked up your email adress somewhere on the net and is now using that to send random emails.

That's what I was wondering, because the content is so weird..... (but I've never heard of a spambot...)

A remark though, viewing emails in the preview pane is not without danger, this is strongly disadvised by safety experts since you are reading the email anyway.


The alternative for emails like this is that I'd probably go and open it anyway, so there's not a lot of choice. If a legitimate email gets the raspberry, I need to know......

2) If somebody is using your adressbook the first warning you will get is that emails to this adress could not be delivered.

Do you mean hacker, or actual person? Anyway nobody can use my addressbook, because I don't have one.... :thumbsup:
Feel free to assume that I won't know what you are talking about...

#6 jgweed

jgweed

  • Staff Emeritus
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:11:20 PM

Posted 13 April 2007 - 05:51 AM

E-mail containing malware often masquerades itself as coming from mailer-deamons, since this bypasses many of the Spam filtres put in place by E-mail services and ISPs; as a piece of social engineering, it also seems to be very effective in getting the curious to open it's attachments.
Unless there is strong evidence that the return notice actually refers to an E-mail you recently sent, it should be deleted immediately without opening it or any of its attachments.
Regards,
John
Whereof one cannot speak, thereof one should be silent.

#7 tekchallenged

tekchallenged
  • Topic Starter

  • Members
  • 257 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Western Australia
  • Local time:12:20 PM

Posted 13 April 2007 - 06:23 AM

E-mail containing malware often masquerades itself as coming from mailer-deamons,


A-ha, so it probably was suspicious.... Another question - if the attachments were "virus-y", should that have been detected on a scan? (I did an extra scan when the email came in, just to see, but nothing was found).
Feel free to assume that I won't know what you are talking about...

#8 buddy215

buddy215

  • BC Advisor
  • 12,608 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:20 PM

Posted 13 April 2007 - 07:44 AM

The constant addition and altering of malware makes it impossible for security programs to always identify malware.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#9 jgweed

jgweed

  • Staff Emeritus
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:11:20 PM

Posted 13 April 2007 - 08:55 PM

What was the file extension of the attached file (s)?
Cheers,
John
Whereof one cannot speak, thereof one should be silent.

#10 tos226

tos226

    BleepIN--BleepOUT


  • Members
  • 1,568 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:LocalHost
  • Local time:11:20 PM

Posted 13 April 2007 - 09:39 PM

There is a bunch of those "delivery failure notification" all over the place lately.
I use Verizon ISP and do get the mail from their servers, and it reports that Symantec identified the .zip attachment as including a TROJAN. So I guess they scan a bit which is nice. In anycase, the DELETE button does wonders.
I actually opened one of those and read that notice, but at work :thumbsup: not on my computer, but I did not go anywhere near the attachment.

Edited by tos226, 13 April 2007 - 09:43 PM.


#11 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:09:20 PM

Posted 13 April 2007 - 09:44 PM

Ah, Yes, the old trick of sending delivery failure notices from apparent good servers. If you know how to dissect these, you will eventually find the original sender in the header.

I have set up a filter in thunderbird to automatically delete "Delivery Failure"
The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#12 hillbillygreek

hillbillygreek

  • Members
  • 397 posts
  • OFFLINE
  •  
  • Location:SC
  • Local time:11:20 PM

Posted 13 April 2007 - 10:39 PM

but I've never heard of a spambot


Click link: > Spambot

Read the intro at this link: > Web Crawler

Anyway nobody can use my addressbook, because I don't have one


As a precautionary measure, you should look under your email options to make sure that there is not a checkmark next to an option that would automatically add an email address to your address book when sending or replying.

#13 tekchallenged

tekchallenged
  • Topic Starter

  • Members
  • 257 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Western Australia
  • Local time:12:20 PM

Posted 13 April 2007 - 11:17 PM

What was the file extension of the attached file (s)?

Don't know - I deleted it....
Feel free to assume that I won't know what you are talking about...

#14 tekchallenged

tekchallenged
  • Topic Starter

  • Members
  • 257 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Western Australia
  • Local time:12:20 PM

Posted 13 April 2007 - 11:30 PM

As a precautionary measure, you should look under your email options to make sure that there is not a checkmark next to an option that would automatically add an email address to your address book when sending or replying.

There really isn't anything in my address book - believe me..... :thumbsup:
Thanks for info everyone. You learn something new every day...
Feel free to assume that I won't know what you are talking about...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users