Email Worm Spoofing not stopped by mbam

[tommy]

http://www.hoax-slayer.com/email-worm-spoofing.html

I had gotten some spoofs [ infectee ] before and after running updated mbam
quick scans
I have checked the security panel of windows [vista] to make sure the
antivirus and firewalls were active

anybody think of anything else I could have forgotten?
It was a hotmail address they used

 

[tommy]

http://www.hoax-slayer.com/email-worm-spoofing.html

I had gotten some spoofs [ infectee ] before and after running
updated mbam quick scans
I have checked the security panel of windows [vista] to make sure
the antivirus and firewalls were active

anybody think of anything else I could have forgotten?
It was a hotmail address they used

What are you asking ?

If it is using your email address, there is nothing you can do. Once
your email address is harvested it can/may be used as a sender of
email, spoofing or impersonating you. The proof it didn't come from
you would be in the headers.

how did you know that was the answer i was looking for?

 

[tommy]

From: "tommy" <[email protected]>

http://www.hoax-slayer.com/email-worm-spoofing.html

I had gotten some spoofs [ infectee ] before and after running
updated mbam quick scans
I have checked the security panel of windows [vista] to make
sure the antivirus and firewalls were active

anybody think of anything else I could have forgotten?
It was a hotmail address they used

What are you asking ?

If it is using your email address, there is nothing you can do.
Once your email address is harvested it can/may be used as a
sender of email, spoofing or impersonating you. The proof it
didn't come from you would be in the headers.

how did you know that was the answer i was looking for?

Huh ?
I had trouble finding the question ;-)

just looking for suggestions.
apparently the pc must be doing it because it didn't do anything while I was
working on it.
thought mbam would be strong emough, will scan again full scan
may try a restore,

 

[tommy]

From: "tommy" <[email protected]>

David H. Lipman wrote:
From: "tommy" <[email protected]>

http://www.hoax-slayer.com/email-worm-spoofing.html

I had gotten some spoofs [ infectee ] before and after
running updated mbam quick scans
I have checked the security panel of windows [vista] to make
sure the antivirus and firewalls were active

anybody think of anything else I could have forgotten?
It was a hotmail address they used

What are you asking ?

If it is using your email address, there is nothing you can
do.
Once your email address is harvested it can/may be used as a
sender of email, spoofing or impersonating you. The proof it
didn't come from you would be in the headers.

how did you know that was the answer i was looking for?

Huh ?
I had trouble finding the question ;-)

just looking for suggestions.
apparently the pc must be doing it because it didn't do anything
while I was working on it.
thought mbam would be strong emough, will scan again full scan
may try a restore,

Don't assume thaty beacuse your email address is found to be used in
spam or malicious email.

It could be a harvested emails address just pretending to eb you or
it could be a case of a compromised webmail account. Neither of
which stem from your PC having to be in fected.

Let's get to the REAL problem that prompted your posting. Please
provide all the facts.

more details? ok, sorry I wasn't giving you enough info.
my neighbors email address [hotmail] seems to be sending me an email [
without subject ] which has been blocked by my avast
I got these yesterday in the morning.
here is the only content [of one] http://machine9.nQWERTYet/stuff/loade.html
[remove in caps]
here is the other one
http://paratrooperdigZXCVBNital.com/manage/wp-content/themes/ptd1/images/loade.html

I asked her to bring the pcs over and I scanned them with MBAM [updated] [
it found 27 items ]
I gave it back to her last evening about 8 pm
this morning at 5:20am I got 2 more emails [ with no subject ] with links
http://toothefairie.POIUYTcom/loade.html
and
http://paintthetownread.info/wp-cMNBVContent/plugins/extended-comment-options/loade.html
in the other one

So, I assume that it was on the machine [ lousy assumption I agree, but
logical]

one machine is dell with vista the other is an acer with win 7
I am trying to remember how to use SpamCop to report these . I have used it
before [ not in years ]

 

[David H. Lipman]

more details? ok, sorry I wasn't giving you enough info.
my neighbors email address [hotmail] seems to be sending me an email [
without subject ] which has been blocked by my avast
I got these yesterday in the morning.
here is the only content [of one] [remove in caps]
here is the other one

I asked her to bring the pcs over and I scanned them with MBAM [updated] [
it found 27 items ]
I gave it back to her last evening about 8 pm
this morning at 5:20am I got 2 more emails [ with no subject ] with links
and> in the other one

So, I assume that it was on the machine [ lousy assumption I agree, but
logical]

one machine is dell with vista the other is an acer with win 7
I am trying to remember how to use SpamCop to report these . I have used it
before [ not in years ]

Chances are your neighbour's HotMail accout was compromised. Malware does not have to be
on her computer for this to have happened.

What needs to be done is have her change her password to a strong password ASAP.
http://en.wikipedia.org/wiki/Password_strength

Honestly, the URLs in the email don't mean anything. What *IS* needed is the full headers
of the spammed email. I'll lay a bet that it shows that the spam eminated from from the
HotMail webmail system but will also show a source IP outside the US such as Brazil.

For example here is a header from a Jobe Froaud email using a compromised Optimum Online
account....

++++++++++++++++++

Return-path: <#######@optonline.net>
Received: from mta3.srv.hcvlny.cv.net ([unknown] [167.206.4.198])
by vms169127.mailsrvcs.net
(Sun Java(tm) System Messaging Server 7u2-7.02 32bit (built Apr 16 2009))
with ESMTP id <[email protected]> for
(e-mail address removed); Thu, 16 Feb 2012 12:11:08 -0600 (CST)
Received: from apsede.sede.ffb ([189.22.125.210]) by mta3.srv.hcvlny.cv.net
(Sun Java System Messaging Server 6.2-8.04 (built Feb 28 2007))
with ESMTPA id <[email protected]> for
(e-mail address removed); Thu, 16 Feb 2012 13:11:00 -0500 (EST)
Date: Thu, 16 Feb 2012 15:08:19 -0300
From: #######@optonline.net
Subject: Employment opening.
X-Originating-IP: [167.206.4.198]
To: David Lipman <DLipman<at>Verizon.Net>
Reply-to: (e-mail address removed)
Message-id: <[email protected]>
MIME-version: 1.0
X-Mailer: Mutt 1.0.1i
Content-type: text/html; charset=iso-8859-1
Content-transfer-encoding: quoted-printable
X-Priority: 3 (Normal)
Original-recipient: rfc822;DLipman<at>Verizon.Net
X-PMFLAGS: 35144320 0 16711681 PVKRTJ87.CNM

++++++++++++++++++


Note the above line; Received: from apsede.sede.ffb ([189.22.125.210])

inetnum: 189.22.125.208/28
aut-num: AS4230
abuse-c: GSE6
owner: CELI PRAIA HOTEL
ownerid: 004.046.208/0001-00
responsible: Francisco Franco Barreto
country: BR
owner-c: FRFBA2
tech-c: FRFBA2
created: 20101008
changed: 20101008
inetnum-up: 189.22/15

So this is a case of a Brazillian IP being used to access the Optimum Online webmail
interface to send a Job Fraud email