Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Flixter, Wrong E-address And My Own Photo


  • Please log in to reply
2 replies to this topic

#1 Pneumatomania

Pneumatomania

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 22 May 2007 - 07:24 AM

I am using a Dell XPS 410 with Vista Home Premium (purchased in Feb) and running Office 2007. I am a novice depending on security from my Linksys router and NIS 2007 and maybe a little some common sense. I haven't had a security problem in years so the learning curve of all the current issues has been a challenge for me.
Of late there have been emails that I cannot explain. For example, one of the first took the first name and first letter of the last name of someone in my address book then used the e-address I had for my friend. It had to come from my address book because I had his address wrong and the email said this message is from "xxxx x" then gave the e-address from me.
This email (sent in March) said it was sent "via Flixster by {name of friend with email from my address book}" to a variation of my primary e-address. The subject line said, "xxxx x has sent you a private message" and it is marked as high importance. The body of the text starts with the Flixster web and ds /serviet/invite/650915076azaA650923531Btlkhln3CM signed "xxx x". And finally it shows the email sent from "xxx x" with the wrong e-address from my address book. This is a close friend, but I had seen him in person and talked by phone and had not sent email in months.
Circa May 14 and this morning, I received email sent using my personal primary e-address and my photo. I have very few photos in Outlook 2007 and that is one of them. The one that arrived this morning had the heading "Daily News 975609" followed by Investor Petra then my e-address with photo in the upper right hand corner. This email was also flaged as high importance. The body of the email was a graphic blocked by Outlook so I do not know what it said since I quickly deleted the email. Finally, this is not an AOL, Yahoo, et al account, but one tied to my small academic web.
My wife is the only other person to use the home pc and I alone use the my two other computers (see below). I have not signed up with Flixster nor has my wife. I am not aware of receiving frequent email from anyone who has joined Flixter.
Anyway this worries me. I do have two other computers. The one at my office that is used daily has Symantec AntiVirus (10.1.0.394) and Microsoft Firewall Client for ISA Server 2004 but neither program is connected in any way to Outlook 2007 on this pc. My office pc (Dell XPS 600) is configured different than everyone else in the complex (my Internet email from a small web is more important than the internal office emails about selling furniture). This Internet email account does have Barracuda (?) and each morning I run Outlook at home hoping to catch the worst offenders first thing in the morning. The other computer is a laptop (Latitude) that is primarily used for trips but does get used at home. It uses a wireless connection to my router but is not connected long enough to be a high security risk. The laptop has Office 2003, not Office 2007 and no photos in the address book.
I have been proactive since getting the first email with my photo. After doing yet several scans with my NIS 2007 and Counter Spy, I have done multiple scans with: Spybot, Ad-aware person SE Edition, Vista Defender, AVG Anti-Spyware, eTrust Antivirus, and Trend Micro HouseCall 6.6. In spite of all this and have followed other suggested avenuyes, the only "infections" found were a few low risk tracking cookies.
I submitted HJT logs to the appropriate forum here and elsewhere and no one has found evidence of a trojan. What is this and how do I clean out this infection?
Thanks in advance for your help.

Edited by Pneumatomania, 22 May 2007 - 07:44 AM.


BC AdBot (Login to Remove)

 


#2 Pneumatomania

Pneumatomania
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 24 May 2007 - 06:24 PM

Even though no specialist has yet to reply or maybe because of it, I thought I needed to update this thread with what I learned today.

I've been searching to see if I failed to delete the original email on one of my three computers and found one today in Microsoft Mail on my Vista pc.

Now I don't know what to do. If I post the headers in a forum, then I give up a lot of personal information. I tried to email it to a specialist, but my ISP blocked it saying that it contiained potential spam. If it caught it now, then how did it miss it coming in? And does leaving this original email in Microsoft Mail leave my computer at risk?

Is it safe to save these headers to a Word file and go from there or does that keep the risk of infection alive?

Anyway, I don't know how to read headers, but there is a line that came from my Barracuda "spam firewall" report that says:
"0.28 MAIL_TO_SPAM_ADDR URI: Includes a link to a likely spammer email". It also shows the reply email as "bounce@flixster.com".

If I am reading the headers correctly, the email was sent by Flixster and only used my friend's e-address as a cover. I don't know where they got my address although it could have been an email sent this friend over a year ago.

Also, I continue to scan with all kinds of programs and the only things eliminated of late have been tracking cookies. The most ominous early finding was the AdWare BestOffer which HJT says no longer had a file, but I cleaned out all references hopnig that might help.

And finally, it turned out that the email in this original message was probably correct after all. During this search, I found email from my friend that used the e-address in this suspect email. He has had viruses, before but this is the first time I fumbled so badly by clicking on an obviously suspect link.

So I still don't know what I unleased because as noted already, when they spoof my email it includes my primary address and photo neither of which were part of the original email.

#3 Pneumatomania

Pneumatomania
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 25 May 2007 - 11:08 AM

Just got another email "from" my e-address with my photo. The headers say nothing about Flixster.
Is there somewhere to post these headers for analysis?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users