Author |
Topic: Trojan Report (Read 262 times) |
|
Mark C
CH.com Alumnus
New Board Hall of Famer
Onward through the fog.
Gender: 
Posts: 2660
|
 |
Trojan Report
« on: Oct 27th, 2003, 12:25am » |
 Quote  Modify
|
I believe someone has a Trojan and is spoofing addresses. I have received 5 e-mails today alone. The info I have is the following.....
Number 1....
The original message was received at Sun, 26 Oct 2003 09:52:36 -0500 (EST)
from sccrmhc13.comcast.net [204.127.202.64]
----- The following addresses had permanent fatal errors -----
<sweetlouisianne1@aol.com>
----- Transcript of session follows -----
... while talking to air-zd04.mail.aol.com.:
>>> DATA
<<< 554 TRANSACTION FAILED - Unrepairable Virus Detected. Your mail has not been
sent.
554 <sweetlouisianne1@aol.com>... Service unavailable
Number 2....
The original message was received at Sun, 26 Oct 2003 09:52:49 -0500 (EST)
from sccrmhc11.comcast.net [204.127.202.55]
----- The following addresses had permanent fatal errors -----
<wispysmoke@aol.com>
----- Transcript of session follows -----
... while talking to air-xm02.mail.aol.com.:
>>> DATA
<<< 554 TRANSACTION FAILED - Unrepairable Virus Detected. Your mail has not been
sent.
554 <wispysmoke@aol.com>... Service unavailable
Number 3....
The original message was received at Sun, 26 Oct 2003 11:44:08 -0500 (EST)
from rwcrmhc11.comcast.net [204.127.198.35]
----- The following addresses had permanent fatal errors -----
<wispysmoke@aol.com>
----- Transcript of session follows -----
... while talking to air-xb02.mail.aol.com.:
>>> DATA
<<< 554 TRANSACTION FAILED - Unrepairable Virus Detected. Your mail has not been
sent.
554 <wispysmoke@aol.com>... Service unavailable
Number 4...
The original message was received at Sun, 26 Oct 2003 11:43:46 -0500 (EST)
from rwcrmhc13.comcast.net [204.127.198.39
----- The following addresses had permanent fatal errors -----
<sweetlouisianne1@aol.com>
----- Transcript of session follows -----
... while talking to air-xm01.mail.aol.com.:
>>> DATA
<<< 554 TRANSACTION FAILED - Unrepairable Virus Detected. Your mail has not been
sent.
554 <sweetlouisianne1@aol.com>... Service unavailable
Number 5.....
The original message was received at Sun, 26 Oct 2003 11:45:19 -0500 (EST)
from rwcrmhc12.comcast.net [216.148.227.85]
----- The following addresses had permanent fatal errors -----
<vwautohaus@aol.com>
----- Transcript of session follows -----
... while talking to air-xl03.mail.aol.com.:
>>> DATA
<<< 554 TRANSACTION FAILED - Unrepairable Virus Detected. Your mail has not been
sent.
554 <vwautohaus@aol.com>... Service unavailable
Yall check you stuff...someone we know is infected...be careful.
Latest Virus Threats
Happy surfing,
|
|
 IP Logged |
Click The Flag
|
|
|
ClusterChuck
CH.com Alumnus
New Board Hall of Famer
The BEAST rises again, and again, and again, and .
Gender:
Posts: 3181
|
|
Re: Trojan Report
« Reply #1 on: Oct 27th, 2003, 1:51am » |
Quote Modify
|
Something like this happened to me on my old AOL account. When I contacted AOL, they told me that someone is using my name, and then sending out garbage mail in my name. I even got some nasty emails back from some people that were demanding that I never send that crap to them again!
I was told to change my password, and ignore it. I did, and it has not happened again.
Chuck
|
|
IP Logged |
"No man can be happy without a friend, nor be sure of his friend till he is unhappy."
Thomas Fuller
|
|
|
Opus
New Board Hall of Famer
(Insert witty comment here)
  
Gender:
Posts: 2509
|
|
Re: Trojan Report
« Reply #2 on: Oct 27th, 2003, 2:24am » |
Quote Modify
|
hmmm.....
If you are recieving the rejection notices and your address isn't the spoofed sender then what is the deamon going off of? Check the properties and see what the IP is of the mail and see if the configuration matches your own, if it does then you know what....
Opus/Paul
|
|
IP Logged |
Zed-Zed-nine plural-Zed alpha,
There is no place like home.
|
|
|
Mark C
CH.com Alumnus
New Board Hall of Famer
Onward through the fog.
Gender:
Posts: 2660
|
|
Re: Trojan Report
« Reply #3 on: Oct 27th, 2003, 2:32am » |
Quote Modify
|
Thanks guys,
Paul I received a couple of these last week and just blew them off. I have a better header tracer proggie at the house and I will delve a little deeper into this. I am almost certain it is not coming from my home machine, it's so secure I can't even use it! 
See ya,
Mark
|
|
IP Logged |
Click The Flag
|
|
|
The mad viking
CH.com Alumnus
New Board Hall of Famer
Always Look on The Bright Side of Life
Gender:
Posts: 3135
|
|
Re: Trojan Report
« Reply #4 on: Oct 27th, 2003, 5:10am » |
Quote Modify
|
Well folks,JUST HOPE YOU ALL KNOW WHAT TO DO NOW,
that means : DO NOT OPEN ANY ATTACHEMENT
UPDATE ANY AV&FW AND TROJAN-SNIFFERS YOU MIGHT USE
Svenn
|
| « Last Edit: Oct 27th, 2003, 5:11am by The mad viking » |
IP Logged |
Always Look on The Bright Side of Life
|
|
|
Kirk
CH.com Alumnus
New Board Hall of Famer
VINIMUS, VIDIMUS, DOLAVIMUS
  
Gender:
Posts: 1914
|
|
Re: Trojan Report
« Reply #5 on: Oct 27th, 2003, 5:14am » |
Quote Modify
|
Gettig the mail server name from the headers would bea good Idea.
TTFN
Kirk
PS I didn't do it.
|
|
IP Logged |
|
|
|
nancyc
New Board Old Timer
Friends don't let friends post drunk on mbs......
Gender: 
Posts: 384
|
|
Re: Trojan Report
« Reply #6 on: Oct 27th, 2003, 11:25am » |
Quote Modify
|
I had this happen to me too about a few months ago..AOL shut me down for several hours...AOL said someone at my house had gone in a site they were not suppose to and got a virus and a bunch of emails were sent out from my computer...I just had my computer wiped clean...Now, I have a firewall, spyware and the whole internet security system.  nancyc
|
| « Last Edit: Oct 27th, 2003, 11:26am by nancyc » |
IP Logged |
|
|
|
Mark C
CH.com Alumnus
New Board Hall of Famer
Onward through the fog.
Gender:
Posts: 2660
|
|
Re: Trojan Report
« Reply #7 on: Oct 27th, 2003, 10:35pm » |
Quote Modify
|
The saga continues...I ran the orgin URL (at least I think it's the origin URL) through a traceoute and came up with the attached from each url. Do you think they are genunine and should I report this to their abuse department. I doubt they care or already know....anyway here is what I came up with.
204.127.202.64
204.127.202.55
204.127.198.35
204.127.198.39
216.148.227.85
The reports are kinda lenghty but if you guys get a chance take a look and tell me what you think.
PFDAN's
|
|
IP Logged |
Click The Flag
|
|
|
brain_cramps
New Board Hall of Famer
Gender:
Posts: 2103
|
|
Re: Trojan Report
« Reply #8 on: Oct 27th, 2003, 11:43pm » |
Quote Modify
|
While we're at it, here's another one...
<<
SOBER WORM PRETENDS TO BE VIRUS FIX
SearchSecurity.com
A new mass-mailing worm is in the wild, spreading via some old techniques. Sober-A does have a couple of new twists, including a flair for German.
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci9 33663,00.html?track=NL-102
http://tinyurl.com/smyo
>>
|
| « Last Edit: Oct 27th, 2003, 11:49pm by brain_cramps » |
IP Logged |
|
|
|
Opus
New Board Hall of Famer
(Insert witty comment here)
Gender:
Posts: 2509
|
|
Re: Trojan Report
« Reply #9 on: Oct 28th, 2003, 8:04am » |
Quote Modify
|
Mark,
If it were me I would send them 1 original email as an attachment or send the properties of one email and tell them there are more. It looks like someone is using your IP #to send spam ( some antispam/virus programs see them as the same thing and send them back to the sender) but in actuality you are just getting the returned mail you never sent. There shouldn't be any harm in sending it and if the e-mails have stopped the spammers probably have moved on to another address. To see how URL's can be spoofed check this out.
http://www.pc-help.org/obscure.htm
Of course this is just my opinion,
Opus/Paul
|
|
IP Logged |
Zed-Zed-nine plural-Zed alpha,
There is no place like home.
|
|
|
|
|
|
Home
Help
Search
Members
Member Map
Login
Register
Reply
Notify of replies
Send Topic
Print
test rss