PDA

View Full Version : Mystery email



Daz34
11th July 2004, 05:33 PM
Hi,
Can anyone help with this "thing"?
I had a mail rejected message turn up, but the thing is I never sent email to the person it was rejected from. What is weirder is that I wasn't on the net yesterday, but the mail apparently was sent yesterday.
Plus the rejected message says I sent a .pif file. Apparently these have contained viruses but I didnt think OSX was affected by .pif.
My idea is that it's either the ISP's problem or I am a host for some virus thingy.

There is also a claim that the message is in MIME format and the thing I attached is a bunch of weird random letters and numbers e.g
"5F2FAOSZjm6qHl6hsFKXITMx1F0b3W+RR5ewnlJ2ijs2S3+6t9 ExQ0HbEIP4tAbDmz4tTVz7"
there is a page full of this ^.


Any thought on the subject would be great!

:blink:

elvis
11th July 2004, 05:52 PM
Earlier this year there were a few viruses in a row that targetted the Microsoft Windows operating system. You may remember the names "MyDoom", "Blaster" and a few others.

Anyhoo... these viruses are what some security folk refer to as "swiss army knife" viruses. That is, they don't have a single method of attack, but rather several methods.

First and foremost, they are a simple virus. That is, they either attach themselves to an executable, or are one, and spread themselves through contact with other machines.

Secondarily they are worms. A worm uses a known vulnerability in an Operating Systems to tunnel it's way in and set up a home of sorts. Then, once comfortable and warm it sets itself up as a sort of "distribution centre" for spreading more of it's kind around other computers that it can see.

And finally, these worms also have built-in SMTP servers. SMTP is the "Send Mail Transfer Protocol". ie: the method by which emails are sent. This particular worm had a habit of embedding itself on a machine, and then emailing itself all over the place. It can also do tricky things like read a user's contacts list in their email client, and use the names from there.

OK, so everbody still with me? Here come's the point of all this...

This worm emails itself using someone's contact list as not only targets for attack, but as a false header to disguise the owner. This is called "header spoofing".

So say you've sent an email to somone in the past (very likely). That person then forwards it on to someone else, so on and so forth. Eventually the email lands in an infected computer. The virus reads the email headers, and sends out thousands of emails a minute to random hosts all over the world, a few of which might even have your email address attached.

Mail servers everywhere get bombarded with these emails. Those that haven't yet been set up by smart admins to ignore bad emails might send a "rejection" notice in return to the author saying "sorry, this email box deosn't exist". End result is you are seeing emails that some other computer originally sent!

Moreso, the .pif attachment is a "Program Information File". When Windows peopler create shortcuts, they can embed certain rules or settings to that shortcut (eg: run in fullscreen mode, don't allow screensaver, etc). These settings are stored in PIF files.

PIF files by default are executable. Windows being rather silly in it's design doesn't actually care about permissions on a file, but rather just looks at the extension to work out if it can or should run a program. The MIME attachment you recieved is actually a virus masquerading itself as a Windows executable. The idea being that less intelligent Windows users will double-click first, and think second. Thus infecting their computer and setting up yet another host for the virus to propogate.

Have no fear, this virus cannot affect your Mac. MacOSX is based on BSD, which needs special permission to execute a file. Not only that, but your system files are readable by your user-level privaledges, but not writable. That means that even if there was a MacOSX virus, you would have to execute it manually, and then it would die once your memory space was killed (ie: you logged off or switched off your machine). You are at higher risk of accidentally dragging your entire home folder to the trash than ever getting a virus on a Mac. :)

SO! There you go. A brief history of viruses in the last 6 months, why you are getting emails returned that you never sent, and why Windows really, REALLY sucks. Isn't the internet a marvellous place? :D

Currawong
11th July 2004, 07:22 PM
Adding to elvis's excellent explanation, I might add that there are a number of badly configred mail server virus checking programs that contribute to virus spam by sending out these "You sent a virus/attachment/whatever and your mail has been rejected by this server" messages. When I get these replies, I email a suitable address at the domain, which I gather from the site web page, informing them that they have a badly configured virus checker, and it shouldn't be replying to virus emails this way.

Daz34
12th July 2004, 06:21 PM
Thanks guys!!!! :)

LCGuy
12th July 2004, 07:53 PM
Originally posted by elvis@Jul 11 2004, 05:52 PM
SO! There you go. A brief history of viruses in the last 6 months, why you are getting emails returned that you never sent, and why Windows really, REALLY sucks. Isn't the internet a marvellous place? :D
Windohze does suck. Thankfully, now that i've switched to LInux on my PC i don't have to spend all my computing life chasing after spyware and viruses anymore. :D

elvis
12th July 2004, 07:57 PM
Risking this thread being turned into a Windows-bashing event, I'm completely baffled at how Microsoft actually continue to make money of such a crap product.

I mean, if I were to try to sell you a car that constantly broke down, and required over 10 times it's own value in annual maintenance, and then told you it was a danger to drive without it's own cost on top yet again in thrd party addons, would you buy it?

How the hell do Microsoft actually manage to make any money in this world? I mean, if my business sold products that were half as crap, I wouldn't make a cent!

This world is a strange place... :blink:

LCGuy
12th July 2004, 08:00 PM
Microsoft Windows is living proof that a piece of shit can be a success if you market it properly.

One of my mates reckons that the reason why i've had so many problems with Windohze is that i fuck around with the settings. Like...c'mon. If an OS breaks cuz you screw around with the settings then it MUST be a POS. Thats like buying a car and then having it break down because you tuned the radio to a different radio station.

Edit - I just remembered...did anyone read an entry (http://www.danamania.com/newdiary/index.pl?entryshow=1075357174&start=0) in Danamania's blog a while ago about M$? Heh, soo true.

pipsqeek
13th July 2004, 01:30 PM
Seen this picture? how true is it?

Steve

LCGuy
14th July 2004, 02:54 PM
Very true. :P I prefer KFC. :)

diannet
25th September 2006, 12:02 AM
Hi, perhaps those on this thread could enlighten me about another email anomaly. (I do get the stuff already mentioned in this thread and it's a common problem for people whose email is on their website - talk about learn the hard way!).
My current very worrying problem could be some theft of my signals just outside my firewall? Here's what happens:
1. I send a friend an email (no CC).
2. Within hours, I get a spam email, could be robot-generated, that is from a sender containing a name taken from the email I sent, eg. from the recipient address or even from the body of the text.
Example:
1. I send an email to Dolores, mentioning Serena in the text.
2. Within a few hours I get a spam email from Serena Richardson (not the surname of my Serena!), containing some junk stuff that's coming from zillions of spam names, like replica watches, lotteries, viagra, etc.
This is happening every day, from all my email accounts, yahoos, gmails and private.

I would not have picked it up, except I noticed the extraordinary co-incidence of it from very unusual names in my emails.

I once downloaded Limewire and in the first day, got a yukky message from someone saying I was being watched and would be in trouble. Is this an empty threat or could that person really be hacking into my computer? I disabled all the sharing preferences in Limewire, and then just trashed it anyway.

If MacOSX (I run 10.3.9 on my G4 ibook) is virus-proof, how does one explain this? Is some robot "hanging around outside my firewall" taking my outgoing signals and using them to generate spam back at me? If so, can they also get hold of my outgoing personal ID info, passwords, credit card CCVs, etc? Scary! I want to know what's going on so I can try to stop it.

Does anyone have any ideas?

tintinaujapon
25th September 2006, 04:36 AM
<div class='quotetop'>QUOTE(diannet &#064; Sep 24 2006, 10&#58;02 PM) 217768</div>

I once downloaded Limewire and in the first day, got a yukky message from someone saying I was being watched and would be in trouble. Is this an empty threat or could that person really be hacking into my computer? I disabled all the sharing preferences in Limewire, and then just trashed it anyway.

Does anyone have any ideas?
[/b]

This is simply a stern warning many developers of P2P are putting in these days to try and cover themselves in the event the RIAA pings you and decides to sue you and the maker of the software you were using to download Britney&#39;s latest.

You&#39;re no more vulnerable than you&#39;ve ever been using Limewire. When you file-share, your IP is public for a time. If the RIAA takes the time and effort to note it down and trace it back, and threaten your ISP and etc etc etc... then it&#39;s an issue.

Limewire has already been hamstrung to not display many results. Use Frostwire by some of the same developers. No overbearing authoritarian messages at startup and no hamstrung results.

hawker
25th September 2006, 07:26 AM
<div class='quotetop'>QUOTE(elvis &#064; Jul 12 2004, 07&#58;27 PM) 7852</div>

I mean, if I were to try to sell you a car that constantly broke down, and required over 10 times it&#39;s own value in annual maintenance, and then told you it was a danger to drive without it&#39;s own cost on top yet again in thrd party addons, would you buy it?
[/b]

Ha - funny Elvis - sorry to take the thread sideways, but I just had to, I love Microsoft that much ;)

If Microsoft Built Cars

1. Every time they repainted the lines on the road, you&#39;d have to buy a new car.
2. Occasionally your car would just die on the motorway for no reason, accept this, restart and drive on.
3. Occasionally, executing a manoeuvre would cause your car to stop and fail to restart and you&#39;d have to reinstall the engine. For some strange reason, you&#39;d just accept this too.
4. You could only have one person in the car at a time, unless you bought a "Car 95" or a "Car NT". But then you&#39;d have to buy more seats.
5. Other car manufacturers would make a car that was powered by the sun, was twice as reliable, five times as fast, twice as easy to drive - but it would only run on five percent of the roads.
6. The Macintosh car owners would get expensive Microsoft upgrades to their cars which would make their cars go much slower.
7. The oil, engine, gas and alternator warning lights would be replaced with a single "General Car Fault" warning light.
8. People would get excited about the "new" features in Microsoft cars, forgetting completely that they had been available in other cars for many years.
9. We&#39;d all have to switch to Microsoft gas and all auto fluids but the packaging would be superb.
10. New seats would force everyone to have the same size butt.
11. The airbag system would say "Are you sure?" before going off.
12. If you were involved in a crash, you would have no idea what happened.
13. They wouldn&#39;t build their own engines, but form a cartel with their engine suppliers. The latest engine would have 16 cylinders, multi-point fuel injection and 4 turbos, but it would be a side-valve design so you could use Model-T Ford parts on it.
14. There would be an "Engium Pro" with bigger turbos, but it would be slower on most existing roads.
15. Microsoft cars would have a special radio/cassette player which would only be able to listen to Microsoft FM, and play Microsoft Cassettes. Unless of course, you buy the upgrade to use existing stuff.
16. Microsoft would do so well, because even though they don&#39;t own any roads, all of the road manufacturers would give away Microsoft cars free, including IBM&#33;
17. If you still ran old versions of car (ie. CarDOS 6.22/CarWIN 3.11), then you would be called old fashioned, but you would be able to drive much faster, and on more roads&#33;
18. If you couldn&#39;t afford to buy a new car, then you could just borrow your friends, and then copy it.
19. Whenever you bought a car, you would have to reorganise the ignition for a few days before it worked.
20. You would need to by an upgrade to run cars on a motorway next to each other.

rooread
25th September 2006, 07:41 AM
I also get stacks of junk mail which seems to have bizzarre coincedences in the subject and sender lines.... Sometimes the name of websites I&#39;ve visited in the last 24 hours, sometimes the first name of friends that I&#39;ve emailed recenently etc.... I&#39;d love to know the answer to this one.

Goodbye
25th September 2006, 08:02 AM
Anyone remember in "Tomorrow Never Dies" when Bond and the girl have been caught and are talking to Elliot Carver in front of all those screens, Carver is talking to his editors etc all round the world about how they are wreaking havoc, he asks one of his them "How is the new software coming" and the guy responds "Excellent&#33; The software is full of bugs, people will be forced to upgrade for years&#33;", or something similar to that.

Now is that a direct jab at MS or what&#33;

Currawong
25th September 2006, 08:53 AM
Those of you who are receiving coincidental email, it&#39;s very possible the people you are sending email to have a virus or trojan that&#39;s stealing addresses from their computers.

hawker
25th September 2006, 08:58 AM
<div class='quotetop'>QUOTE(Currawong &#064; Sep 25 2006, 08&#58;23 AM) 217815</div>

Those of you who are receiving coincidental email, it&#39;s very possible the people you are sending email to have a virus or trojan that&#39;s stealing addresses from their computers.
[/b]

It&#39;s happening a lot lately. I had someone e-mail me the other day asking me to stop spamming them - funny thing was I&#39;d never even heard of them nor e-mailed them&#33;

I have spam assassin on our servers, so I upped it the other day, my spam e-mail dropped to nothing, problem was it bounced about ten clients e-mails... I&#39;m trying to find the middle ground ;)

diannet
25th September 2006, 12:03 PM
If it&#39;s a virus or trojan in someone else&#39;s computer, then it doesn&#39;t only steal addresses, it steals text out of the body of the email. Can they do that?
And there are so many instances of it, with many, many different names and recipients, that an awful lot of my contacts would have to have the same kind of virus or trojan&#33;

Georgina EG
25th September 2006, 12:32 PM
The spam I receive has increased significantly lately, much of it the same sort of rubbish and wording, about a dozen this morning. Where do they get my email address?

If it continues to increase, the World Wide Web and the internet will break down eventually from the pressure.

Currawong
25th September 2006, 12:45 PM
It&#39;s happening a lot lately. I had someone e-mail me the other day asking me to stop spamming them - funny thing was I&#39;d never even heard of them nor e-mailed them&#33;[/b]

That means someone you know has a virus which is using your email address in the "from" field.

I suggest to everyone that they get a Google Mail (GMail) account. I managed for about 5 years to avoid all spam by not submitting my regular email address anywhere, but eventually it was harvested by viruses on friends&#39; computers.

stewiesno1
25th September 2006, 12:51 PM
Very good description Elvis. Thats why you are the King

antechinus55
25th September 2006, 01:25 PM
back to Microsoft for a moment. To answer how they sell products is simple: standardisation. There are innumerable examples where the &#39;standardised&#39; product is inferior but prevails, almost everyone can remember beta/vhs and we may see a rerun with bluray and competing dvd formats. My very favourite standardised product is standard guage railway, where the width of the rails is determined by the width of Roman chariots > road ruts > later horse drawn vehicles > eventually trains (this may be apocrophyl, but wikipedia mentions it, and anyway it demonstrates that once established standardised products are almost impossible to remove). Note I am not saying based on standards, just standardised. For companies, once they have standardised on MS products that part of the process never has to be done again. For them, indeed for almost everyone, they will live with the shortcomings, because its simpler than starting from scratch. (One small example from myself, I have MS office, open office and pages on my macs. I would prefer to use pages because of the quality of the output possible, prefer to use open office because I like the philosophy of open source, but everytime I am presented with a deadline I use word, because I can make it sing. Its not that I can&#39;t learn new word processors, I have already learned enough.)

sao

HDK
25th September 2006, 01:32 PM
(Can we keep on topic. I referred dianet here in the hope she could have a puzzling and annoying problem solved.)

<div class='quotetop'>QUOTE(Currawong &#064; Sep 25 2006, 12&#58;45 PM) 217880</div>

I suggest to everyone that they get a Google Mail (GMail) account. I managed for about 5 years to avoid all spam by not submitting my regular email address anywhere, but eventually it was harvested by viruses on friends&#39; computers.
[/b]
It seems that dianet is having the same problemm with the gmail account, see her post.

The closest thing she has come to an answer is that it&#39;s a virus on someone elses pc machine, namely anyone with a pc she sends an email too? That must mean nearly all her contacts are infectd by the same virus. Not impossible but... is there any other explanation? There seems to be some sort of exploitation going on, somewhere. It just seems unlikely that that is the only answer available so far. Not that it&#39;s a bad answer, it&#39;s very good actually, esp if all her contacts regularily send emails to each other aswell. Do they, dianet?

antechinus55
25th September 2006, 01:43 PM
some things will never get a difinitive answer. While I am not advocating complancy re possible viruses (I run clam av) it is not possible to infect the mac with any of the viruses proposed. Nor would I suggest anyone should be forwarding infected emails. My proposal: don&#39;t spend a huge amount of time trying to figure out what has happened, esp not since we have a plausible explanation; do check your firewall settings; do run an antivirus program.

sao

Mctastic
25th September 2006, 02:31 PM
HDriveKilla.... Elvis&#39; description of the problem and the root of the problem is conclusive. That is exactly how spam mail comes about. There is no mystery here.
From the first day i reactivated my .Mac account, i received spam(viagra and the likes) mail. Funny how i didn&#39;t in any of my other mailboxes. Wherever your mail address sits, whether havin been cc&#39;d, bcc&#39;d to various people, . . that&#39;s the source of the problem and definately spawned from a pc spam/smtp app. Many users and large companies have anti-virus, spam filter software, but neglect to watch and block their outgoing(smtp) ports. Remember, these mail messages are randomly generated outside of any e-mail app and typically without the knowledge of the host.

HDK
25th September 2006, 03:36 PM
Apologies, I didn&#39;t read the thread from the top thoroughly (in fact skipped the first few inc elvis&#39; post), only from where dianet post began as I thought it was a new problem.
Elvis explains it all.
Cheers.