Zombie computer

Dave Neve · Aug 23, 2009

Hello

I have Windows XP with Windows Office 2003

This morning, I received some returned mail from a server as the letter
boxes were full

The problem is that I didn't send these emails which apparently were sent by
'Crazy Vente' followed by my email address in brackets (vente = 'sales' in
French and I live in France)

The message came back and it is for a site that sells on line
pharmaceuticals.

I'm running a scan now.

What do u think?

Thanks in advance

1PW · Aug 23, 2009

Dave Neve wrote:
> Hello
>
> I have Windows XP with Windows Office 2003

It's much more important for us to know the exact and *complete*
detailed version of the system's OS - not just "XP". At this point,
knowing you run Windows Office 2003 is probably unimportant.

> This morning, I received some returned mail from a server as the letter
> boxes were full
>
> The problem is that I didn't send these emails which apparently were sent by
> 'Crazy Vente' followed by my email address in brackets (vente = 'sales' in
> French and I live in France)
>
> The message came back and it is for a site that sells on line
> pharmaceuticals.
>
> I'm running a scan now.

It's unfortunate you didn't say what precisely you're scanning with...

Avast! ???

What is your next step if your scan shows nothing?

> What do u think?

I think all of us would know much more if you reported all of what is
in the headers of the bounced email.

> Thanks in advance

Hello Dave:

Please relate a very exact, detailed, and complete rundown on all of
your system's antimalware applications.

It would also be prudent to believe that a spammer has discovered your
email address from other sources. It's also possible that your system
could be harboring a spambot. Not enough clues yet Dave.

The devil is in the details Dave.

Research the above questions carefully and post a complete reply.

Regards.

--
1PW

Dave Neve · Aug 23, 2009

Hi again

Windows Pro with service pack 3

The virus test was with avast and it gave no results. Nor did a Rootkit
detector.

No more suspect emails have come back either from the server
"1PW" <1PW@INVALID.com> a écrit dans le message de news:
h6rb8h$lgp$1@news.eternal-september.org...
> Dave Neve wrote:
>> Hello
>>
>> I have Windows XP with Windows Office 2003
>
> It's much more important for us to know the exact and *complete*
> detailed version of the system's OS - not just "XP". At this point,
> knowing you run Windows Office 2003 is probably unimportant.
>
>> This morning, I received some returned mail from a server as the letter
>> boxes were full
>>
>> The problem is that I didn't send these emails which apparently were sent
>> by
>> 'Crazy Vente' followed by my email address in brackets (vente = 'sales'
>> in
>> French and I live in France)
>>
>> The message came back and it is for a site that sells on line
>> pharmaceuticals.
>>
>> I'm running a scan now.
>
> It's unfortunate you didn't say what precisely you're scanning with...
>
> Avast! ???
>
> What is your next step if your scan shows nothing?
>
>> What do u think?
>
> I think all of us would know much more if you reported all of what is
> in the headers of the bounced email.
>
>> Thanks in advance
>
> Hello Dave:
>
> Please relate a very exact, detailed, and complete rundown on all of
> your system's antimalware applications.
>
> It would also be prudent to believe that a spammer has discovered your
> email address from other sources. It's also possible that your system
> could be harboring a spambot. Not enough clues yet Dave.
>
> The devil is in the details Dave.
>
> Research the above questions carefully and post a complete reply.
>
> Regards.
>
> --
> 1PW

Virus Guy · Aug 23, 2009

Dave Neve wrote:

> This morning, I received some returned mail from a server as
> the letter boxes were full
>
> The problem is that I didn't send these emails
> What do u think?

Your e-mail address was used as the return address for a spam campaign.
This is sometimes known as a "joe job".

There is probably nothing wrong with your computer (ie virus or
trojan). Even if you did have a trojan responsible for generating these
e-mails, it's highly unlikely it would have used your e-mail address as
the return address for them.

There are several theories about joe-jobs. One is that your address was
chosen specifically as the return address fot a spam campaign because
someone has a personal grudge against you or your domain, or wanted to
cause a DoS against your e-mail server by causing a flood of return
messages. A second reason is more likely - legit addresses are
frequently chosen as the return address for spam simply because a legit
return or reply-to address will help e-mail get through spam filters.

In the future, it's a good idea to compose your subject line to better
reflect the question you pose in the body of your message. For example,
you could have said:

"Getting returned email that I didn't send - is my computer a zombie?"

as your message subject.

Geoff · Aug 23, 2009

On Sun, 23 Aug 2009 09:40:33 +0200, "Dave Neve" <neve.dave@neuf.fr>
wrote:

>Hello
>
>I have Windows XP with Windows Office 2003
>
>This morning, I received some returned mail from a server as the letter
>boxes were full
>
>The problem is that I didn't send these emails which apparently were sent by
>'Crazy Vente' followed by my email address in brackets (vente = 'sales' in
>French and I live in France)
>
>The message came back and it is for a site that sells on line
>pharmaceuticals.
>
>I'm running a scan now.
>
>What do u think?
>
>Thanks in advance
>

Your computer is probably not a zombie but it's good to run a full
scan periodically.

As Virus Guy described, it's not unusual for a legitimate email
address to be used as a return address for spam. Spammers will often
use your own email address as their return address to make it harder
for you to filter it.

You can determine if your computer sent the emails by closely checking
the headers of the bounced email to see what IP originated the email.
If it wasn't an IP address that your computer is/was assigned then you
can be pretty sure it wasn't your computer that sent them.

Dave Neve · Aug 23, 2009

Thanks everyone

As my IP address is dynamic, I don't quite see how I can check if it was my
address as I haven't kept a record of all my connections and the IP address
each time.

As for the 'joe job', I thought that someone could only use my address if
they connect using it and to do that, they need the password etc.

Finally, I won't even go into the grudges thing cos that would take at least
a week (I'm a Trade Union official!!!)

Thanks
"Geoff" <geoff@invalid.invalid> a écrit dans le message de news:
esh295121rs8ojfptictl66bsgk77nuj6n@4ax.com...
> On Sun, 23 Aug 2009 09:40:33 +0200, "Dave Neve" <neve.dave@neuf.fr>
> wrote:
>
>>Hello
>>
>>I have Windows XP with Windows Office 2003
>>
>>This morning, I received some returned mail from a server as the letter
>>boxes were full
>>
>>The problem is that I didn't send these emails which apparently were sent
>>by
>>'Crazy Vente' followed by my email address in brackets (vente = 'sales' in
>>French and I live in France)
>>
>>The message came back and it is for a site that sells on line
>>pharmaceuticals.
>>
>>I'm running a scan now.
>>
>>What do u think?
>>
>>Thanks in advance
>>
>
> Your computer is probably not a zombie but it's good to run a full
> scan periodically.
>
> As Virus Guy described, it's not unusual for a legitimate email
> address to be used as a return address for spam. Spammers will often
> use your own email address as their return address to make it harder
> for you to filter it.
>
> You can determine if your computer sent the emails by closely checking
> the headers of the bounced email to see what IP originated the email.
> If it wasn't an IP address that your computer is/was assigned then you
> can be pretty sure it wasn't your computer that sent them.

FromTheRafters · Aug 23, 2009

"Dave Neve" <neve.dave@neuf.fr> wrote in message
news:O4BTEU8IKHA.4232@TK2MSFTNGP02.phx.gbl...
> Hello
>
> I have Windows XP with Windows Office 2003

Are you using the possibly affected computer to make this post - is
Outlook Express still your e-mail client?

> This morning, I received some returned mail from a server as the
> letter boxes were full

Your computer could be a zombie, or your webmail (pick one) account
could be hijacked, or some spammer may be using your address as a return
address. The likelihood is in the reverse order (last being most
likely).

> The problem is that I didn't send these emails which apparently were
> sent by 'Crazy Vente' followed by my email address in brackets (vente
> = 'sales' in French and I live in France)

Sounds even more like it is spam related, but what malware isn't these
days.

> The message came back and it is for a site that sells on line
> pharmaceuticals.

> I'm running a scan now.

What online pharmaceutical scanner are you using?
(okay, just kidding with that one)

What scanner(s) are you using?

> What do u think?

The headers of the returned e-mails could provide clues, but take care
not to expose actual e-mail addresses here unless they are disposable.
This is one place that spammers have been known to "harvest" e-mail
addresses from.

FromTheRafters · Aug 23, 2009

There is an important distinction between someone using your e-mail
address and someone using your e-mail account.

"Dave Neve" <neve.dave@neuf.fr> wrote in message
news:OGpYQ0BJKHA.1252@TK2MSFTNGP04.phx.gbl...
> Thanks everyone
>
> As my IP address is dynamic, I don't quite see how I can check if it
> was my address as I haven't kept a record of all my connections and
> the IP address each time.
>
> As for the 'joe job', I thought that someone could only use my address
> if they connect using it and to do that, they need the password etc.
>
> Finally, I won't even go into the grudges thing cos that would take at
> least a week (I'm a Trade Union official!!!)
>
> Thanks
> "Geoff" <geoff@invalid.invalid> a écrit dans le message de news:
> esh295121rs8ojfptictl66bsgk77nuj6n@4ax.com...
>> On Sun, 23 Aug 2009 09:40:33 +0200, "Dave Neve" <neve.dave@neuf.fr>
>> wrote:
>>
>>>Hello
>>>
>>>I have Windows XP with Windows Office 2003
>>>
>>>This morning, I received some returned mail from a server as the
>>>letter
>>>boxes were full
>>>
>>>The problem is that I didn't send these emails which apparently were
>>>sent by
>>>'Crazy Vente' followed by my email address in brackets (vente =
>>>'sales' in
>>>French and I live in France)
>>>
>>>The message came back and it is for a site that sells on line
>>>pharmaceuticals.
>>>
>>>I'm running a scan now.
>>>
>>>What do u think?
>>>
>>>Thanks in advance
>>>
>>
>> Your computer is probably not a zombie but it's good to run a full
>> scan periodically.
>>
>> As Virus Guy described, it's not unusual for a legitimate email
>> address to be used as a return address for spam. Spammers will often
>> use your own email address as their return address to make it harder
>> for you to filter it.
>>
>> You can determine if your computer sent the emails by closely
>> checking
>> the headers of the bounced email to see what IP originated the email.
>> If it wasn't an IP address that your computer is/was assigned then
>> you
>> can be pretty sure it wasn't your computer that sent them.
>
>

John · Aug 24, 2009

"Dave Neve" <neve.dave@neuf.fr> wrote in message
news:OGpYQ0BJKHA.1252@TK2MSFTNGP04.phx.gbl...
> As for the 'joe job', I thought that someone could only use my address if
> they connect using it and to do that, they need the password etc.

Anyone can use your email address especially if you post it in a public
discussion group like this one.

Leythos · Aug 24, 2009

In article <uZC3IYNJKHA.1376@TK2MSFTNGP02.phx.gbl>, "John" says...
>
> "Dave Neve" <neve.dave@neuf.fr> wrote in message
> news:OGpYQ0BJKHA.1252@TK2MSFTNGP04.phx.gbl...
> > As for the 'joe job', I thought that someone could only use my address if
> > they connect using it and to do that, they need the password etc.
>
> Anyone can use your email address especially if you post it in a public
> discussion group like this one. 

Most providers have a clause about using another person's email
addresses in postings - it can actually get your account terminated.

If you create a non-routable email address you are fine, use one that
actually belongs to another person and you could be in trouble.

--
You can't trust your best friends, your five senses, only the little
voice inside you that most civilians don't even hear -- Listen to that.
Trust yourself.
spam999free@rrohio.com (remove 999 for proper email address)

Jordon · Aug 24, 2009

Dave Neve wrote:

>> As Virus Guy described, it's not unusual for a legitimate email
>> address to be used as a return address for spam. Spammers will often
>> use your own email address as their return address to make it harder
>> for you to filter it.

> As for the 'joe job', I thought that someone could only use
> my address if they connect using it and to do that, they
> need the password etc.

Just about anything in the headers can be forged. I routinely
get emails from my coworkers telling me where I can find cheap
Viagra.

--
Jordon

Virus Guy · Aug 24, 2009

Leythos wrote:

> Most providers have a clause about using another person's
> email addresses in postings - it can actually get your
> account terminated.

Most providers give a rats ass what you do with your internet
connection. They don't care, and they don't want to know. They just
want you to keep paying them money once a month.

It's a joke to think that they'd terminate anyone's account for anything
so trivial as that.

Peter Foldes · Aug 24, 2009

Yes they will terminate and I have seen it numerous times

--
Peter

Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.

"Virus Guy" <Virus@Guy.com> wrote in message news:4A931707.744E08E@Guy.com...
> Leythos wrote:
> 
>> Most providers have a clause about using another person's
>> email addresses in postings - it can actually get your
>> account terminated.
>
> Most providers give a rats ass what you do with your internet
> connection. They don't care, and they don't want to know. They just
> want you to keep paying them money once a month.
>
> It's a joke to think that they'd terminate anyone's account for anything
> so trivial as that.

Leythos · Aug 25, 2009

In article <4A931707.744E08E@Guy.com>, Virus@Guy.com says...
>
> Leythos wrote:
> 
> > Most providers have a clause about using another person's
> > email addresses in postings - it can actually get your
> > account terminated.
>
> Most providers give a rats ass what you do with your internet
> connection. They don't care, and they don't want to know. They just
> want you to keep paying them money once a month.
>
> It's a joke to think that they'd terminate anyone's account for anything
> so trivial as that.

It may be a Joke to you, but with just a few complaint to most
providers, they will terminate an account after just 1 warning.

--
You can't trust your best friends, your five senses, only the little
voice inside you that most civilians don't even hear -- Listen to that.
Trust yourself.
spam999free@rrohio.com (remove 999 for proper email address)

Virus Guy · Aug 26, 2009

Leythos wrote:

> Unlike you, I appear to have experience with a LOT more providers
> than you do - you might take it as a learning lesson.

Unless you can point to objective material available on-line that
documents cases of ISP termination, then all you've posted so far is hot
air.

Leythos · Aug 27, 2009

In article <4A95D9E3.ADCBBA4B@Guy.com>, Virus@Guy.com says...
>
> Leythos wrote:
> 
> > Unlike you, I appear to have experience with a LOT more providers
> > than you do - you might take it as a learning lesson.
>
> Unless you can point to objective material available on-line that
> documents cases of ISP termination, then all you've posted so far is hot
> air.

LOL - Unless you can point to objective material available on-line that
disputes the TOS/AUP of the providers, all you're posting is hot air.

--
You can't trust your best friends, your five senses, only the little
voice inside you that most civilians don't even hear -- Listen to that.
Trust yourself.
spam999free@rrohio.com (remove 999 for proper email address)

Virus Guy · Aug 27, 2009

Leythos wrote:

> > Unless you can point to objective material available on-line that
> > documents cases of ISP termination, then all you've posted so
> > far is hot air.
>
> LOL - Unless you can point to objective material available on-line
> that disputes the TOS/AUP of the providers, all you're posting is
> hot air.

The onus is on you to show that ISP's do carry through on the
enforcement of their TOS/AUP. You seem reluctant, or unable, to do
that.

Leythos · Aug 27, 2009

In article <4A9681C7.5197D1F8@Guy.com>, Virus@Guy.com says...
>
> Leythos wrote:
> 
> > > Unless you can point to objective material available on-line that
> > > documents cases of ISP termination, then all you've posted so
> > > far is hot air.
> >
> > LOL - Unless you can point to objective material available on-line
> > that disputes the TOS/AUP of the providers, all you're posting is
> > hot air.
>
> The onus is on you to show that ISP's do carry through on the
> enforcement of their TOS/AUP. You seem reluctant, or unable, to do
> that.

LOL, sorry, you're wrong AGAIN Troll - the fact that almost every
PROVIDER, Usenet, ISP, etc... has a cause concerning faking email
addresses, well, that's more than enough proof for rational people.

--
You can't trust your best friends, your five senses, only the little
voice inside you that most civilians don't even hear -- Listen to that.
Trust yourself.
spam999free@rrohio.com (remove 999 for proper email address)

David H. Lipman · Aug 27, 2009

From: "Virus Guy" <Virus@Guy.com>

| Leythos wrote:

>> > Unless you can point to objective material available on-line that
>> > documents cases of ISP termination, then all you've posted so
>> > far is hot air.

>> LOL - Unless you can point to objective material available on-line
>> that disputes the TOS/AUP of the providers, all you're posting is
>> hot air.

| The onus is on you to show that ISP's do carry through on the
| enforcement of their TOS/AUP. You seem reluctant, or unable, to do
| that.

You are aguing again ! I can't believe you get into arguments like you do.

There is lots of anecdotal information that some ISPs/NSPs cancel accounts for using
someone else's email address. Not all do but some do. However you will NOT find direct
evindence to that. The lack of direct evidence does not change the fact that a given ISP
or NSP will summarily cancel an account for using another person's email address.

--
Dave

Multi-AV -

Leythos · Aug 28, 2009

In article <e1Ybwj1JKHA.1252@TK2MSFTNGP04.phx.gbl>,
DLipman~nospam~@Verizon.Net says...
>
> From: "Virus Guy" <Virus@Guy.com>
>
> | Leythos wrote:
> 
> >> > Unless you can point to objective material available on-line that
> >> > documents cases of ISP termination, then all you've posted so
> >> > far is hot air.
> 
> >> LOL - Unless you can point to objective material available on-line
> >> that disputes the TOS/AUP of the providers, all you're posting is
> >> hot air.
>
> | The onus is on you to show that ISP's do carry through on the
> | enforcement of their TOS/AUP. You seem reluctant, or unable, to do
> | that.
>
> You are aguing again ! I can't believe you get into arguments like you do.
>
> There is lots of anecdotal information that some ISPs/NSPs cancel accounts for using
> someone else's email address. Not all do but some do. However you will NOT find direct
> evindence to that. The lack of direct evidence does not change the fact that a given ISP
> or NSP will summarily cancel an account for using another person's email address.

Actually, PCBUTTS1 purchased an account from my Usenet provider and
started forging post as me, using my email address - I submitted the
headers and his account was terminated in hours of my complaint. Butts
was even stupid enough to blog about it, exposing himself and that his
account was terminated.

--
You can't trust your best friends, your five senses, only the little
voice inside you that most civilians don't even hear -- Listen to that.
Trust yourself.
spam999free@rrohio.com (remove 999 for proper email address)

Log in or Sign up

Zombie computer

Dave Neve Guest

1PW Guest

Dave Neve Guest

Virus Guy Guest

Geoff Guest

Dave Neve Guest

FromTheRafters Guest

FromTheRafters Guest

John Guest

Leythos Guest

Jordon Guest

Virus Guy Guest

Peter Foldes Guest

Leythos Guest

Virus Guy Guest

Leythos Guest

Virus Guy Guest

Leythos Guest

David H. Lipman Guest

Leythos Guest

Share This Page

Log in or Sign up

Zombie computer

Dave Neve Guest

1PW Guest

Dave Neve Guest

Virus Guy Guest

Geoff Guest

Dave Neve Guest

FromTheRafters Guest

FromTheRafters Guest

John Guest

Leythos Guest

Jordon Guest

Virus Guy Guest

Peter Foldes Guest

Leythos Guest

Virus Guy Guest

Leythos Guest

Virus Guy Guest

Leythos Guest

David H. Lipman Guest

Leythos Guest

Share This Page

Useful Searches