Jump to content

Spamming myself?


monfis

Recommended Posts

My mailbox is filled with mails that have a virus infected file attached every few minutes, since about a week.

According to the header I am sending these messages to myself.

Any suggestions to sort the real sender?

Return-Path: <hostmaster#owners-direct-rentals.com>

Received: from saturn.eroute.net (root[at]localhost)

by owners-direct-rentals.com (8.12.10/8.12.10) with ESMTP id j4SNEb0W025121

for <adam#owners-direct-rentals.com>; Sun, 29 May 2005 11:14:37 +1200

X-ClientAddr: 82.154.231.170

Received: from owners-direct-rentals.com (bl5-231-170.dsl.telepac.pt [82.154.231.170])

by saturn.eroute.net (8.12.10/8.12.10) with ESMTP id j4SNEW5m025059

for <adam#owners-direct-rentals.com>; Sun, 29 May 2005 11:14:33 +1200

Message-Id: <200505282314.j4SNEW5m025059[at]saturn.eroute.net>

From: hostmaster#owners-direct-rentals.com

To: adam#owners-direct-rentals.com

Subject: Your Email Account is Suspended For Security Reasons

Date: Sat, 28 May 2005 23:14:39 +0100

MIME-Version: 1.0

Content-Type: multipart/mixed;

boundary="----=_NextPart_000_0010_104F8686.528D3794"

X-Priority: 3

X-MSMail-Priority: Normal

:(

EDIT: Munged email addresses to reduce munging.

Link to comment
Share on other sites

My mailbox is filled with mails that have a virus infected file attached every few minutes, since about a week.

According to the header I am sending these messages to myself.

Any suggestions to sort the real sender?

Return-Path: <hostmaster[at]owners-direct-rentals.com>

Received: from saturn.eroute.net (root[at]localhost)

     by owners-direct-rentals.com (8.12.10/8.12.10) with ESMTP id j4SNEb0W025121

     for <adam#owners-direct-rentals.com>; Sun, 29 May 2005 11:14:37 +1200

X-ClientAddr: 82.154.231.170

Received: from owners-direct-rentals.com (bl5-231-170.dsl.telepac.pt [82.154.231.170])

     by saturn.eroute.net (8.12.10/8.12.10) with ESMTP id j4SNEW5m025059

     for <adam#owners-direct-rentals.com>; Sun, 29 May 2005 11:14:33 +1200

28656[/snapback]

No, accoding to the headers, this message came from (bl5-231-170.dsl.telepac.pt [82.154.231.170]). The To: and From: fields are easily forged.

Link to comment
Share on other sites

Per Symantec's Virus Encyclopedia, the system at bl5-231-170.dsl.telepac.pt [82.154.231.170] is probably infected with either mm.html]W32.Mytob.CH[at]mm or one of four variants of W32.Mydoom[at]mm. The Parser recommends reporting to postmaster[at]mail.telepac.pt and abuse[at]mail.telepac.pt at this time based on a registration at abuse.net. It is probable that one of your correspondents in Portugal runs the infected system, so you may want to contact those correspondents, as well.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...