PLEASE HELP - Mailer undetected by NAV

  • Thread starter Thread starter Alex
  • Start date Start date
A

Alex

I'd be grateful for any help anyone may be able to provide to a relative
novice.

I have run NAV for the past 3 years, but am now getting messages in my
e-mail inbox where the aol postmaster hasn't recognized addresses. I guess
this must be a mailer trojan as the meaages aren't min (I don't sell penis
extensions..) but no matter what I do NAV doesn't detect anything.

Has anyone else experienced this, and can they help in the search and
destroy for the programme in question?
 
I'd be grateful for any help anyone may be able to provide to a relative
novice.

I have run NAV for the past 3 years, but am now getting messages in my
e-mail inbox where the aol postmaster hasn't recognized addresses. I
guess this must be a mailer trojan as the meaages aren't min (I don't sell
penis extensions..) but no matter what I do NAV doesn't detect anything.

Has anyone else experienced this, and can they help in the search and
destroy for the programme in question?
Click to expand...
You are probably NOT infected at all. Many of today's viruses and trojans
put in a false address in the "from:" line, they use an address they have
found, somewhere, on the infected machine. In other words, there is at
least one infected computer out there that has your email address either
stored in an email message or part of an address book on that infected
computer, and the virus is using your email address.

Sounds a lot like the SWEN virus. If so, you have another problem. SWEN
will harvert email addresses directly from usenet (news) postings. Since
your email address does not appear to be munged, you are vunerable to this
virus everytime you post in a newsgroup. Take precautions and munge your
email address for your news postings.
 
from the wonderful said:
I'd be grateful for any help anyone may be able to provide to a relative
novice.

I have run NAV for the past 3 years, but am now getting messages in my
e-mail inbox where the aol postmaster hasn't recognized addresses. I guess
this must be a mailer trojan as the meaages aren't min (I don't sell penis
extensions..) but no matter what I do NAV doesn't detect anything.

Has anyone else experienced this, and can they help in the search and
destroy for the programme in question?
Click to expand...

A common problem - spammer has faked your address as the 'from' on the
messages, and AOL has (stupidly) bounced them back to you. if you look
at the full headers (assuming AOL sent them back) it is fairly easy to
see where they really originated. pounds-to-pennies it wasn't your
machine, or even your ISP.
 
GSV Three Minds in a Can said:
A common problem - spammer has faked your address as the 'from' on the
messages, and AOL has (stupidly) bounced them back to you. if you look
at the full headers (assuming AOL sent them back) it is fairly easy to
see where they really originated. pounds-to-pennies it wasn't your
machine, or even your ISP.
Click to expand...

I agree with GSV's assessment of the situation you have described. The
tactic of (deliberately) choosing someone else's real address as the
From: address for spam is known as a joe-job. It recently happened to
my address (though I suspect from the small volume of bounces I received
that my address was not deliberately chosen -- just one of the many
harvested from somewhere (possibly the spam relay victim machine) and
used for a few minutes worth of spamming before another address was
selected.

What GSV did not point out is that not only the message From: header,
but the SMTP envelope FROM can just as easily be forged and if this has
happened with your address then yours is the "correct" address for an
SMTP server to send bounces and non-delivery notifications (NDNs). In
the case of my address being used recently, it was used for both the
message From: header and the SMTP envelope FROM as some of the bounces
came back with full headers (including the initial "Return-Path:"/
"From "/etc).
 
Back
Top