Help - Search - Members - Calendar
Full Version: Odd email
ieXbeta Board > Tech > Software Corner
dkreifus
Mar 8 2004, 13:44
I know ther are alot of email viruses going around...I never know where they were getting my email address and such, but I just got an odd one...

******
FROM: myemail@149.*.*.*
TO: myemail@yahoo.com
SUBJECT: Hey, dude, it's me ^_^ tongue.gif

message:
Argh, i don't like the plaintext smile.gif

archive password: 80426
******


There was the usual attachment deleted by NAV, but I was just wondering how this person was able plug in my email address and IP into the return sender box? I am on a college campus with a very strong firewall. (they permit nothing in or out. it kinda sucks)

Here is the source:

X-Apparently-To: myemail@yahoo.com via 66.218.78.110; Mon, 08 Mar 2004 05:33:22 -0800
Return-Path: <myemail@149.*.*.*>
Received: from 67.84.155.58 (HELO jessica) (67.84.155.58)
by mta150.mail.scd.yahoo.com with SMTP; Mon, 08 Mar 2004 05:33:21 -0800
Date: Mon, 08 Mar 2004 08:27:36 -0500
To: myemail@yahoo.com
Subject: Hey, dude, it's me ^_^ tongue.gif
From: dkreifus@149.*.*.*
Message-ID: <lkcpurshqltaffaidcw@149.*.*.*>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="--------gwyihuvtxfryvfvcqjqw"
::daedelus::
Mar 8 2004, 13:52
When an email is sent the 'From' field can be user defined, the virus obviously grabbed your email address from the persons address book and put it in both the To, and From fields.

BTW, you didn't edit out EVERY instance of your 149.x.x.x IP address wink.gif

EDIT: just to elaborate on that a little more, when the typical email worm infects a user it uses the persons address book to find the addresses for more potential victims. But not only does the worms randomly use these addresses to send itself out TO, it also randomly use these addresses to mask itself as coming FROM (in general unless it's been hardcoded in to only use specific FROM addresses). This way the virus is NEVER coming from any 1 specific person/host/domain wink.gif

I'm guessing it just happened to RANDOMLY select your name from the address book as both the FROM and TO. And as for it displaying your IP address i'm guessing that maybe the users SMTP server automatically resolved the domain name to its IP before shipping the email out wink.gif
dkreifus
Mar 8 2004, 15:23
Even though the IP is my school address, and the email is a yahoo account, web based?
the sys admin
Mar 8 2004, 20:08
new worm going around, even i've been gettign a few 'odd' e-mails.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2008 Invision Power Services, Inc.