site to scan suspicious email?

[name]

Hello.

Lately I've been receiving some suspicious emails and I was wondering
if there is any place online where I can forward those emails to check
them for security hazards.
I've examined the contents of these mails and they only appeared to
contain a picture, but I'm a bit wary that they might contain some
hidden content that might harm my computer.

So does anyone know a website where I could get some sort of analysis
of the contents of these emails that might reveal any potential
security threats?
Or perhaps someone knows a method that allows me to save those emails
to disk so I can simply use an online scanner to check them in a
folder on my pc.
The mail was received at my free hotmail account and I use AVG.

Kind regards and thanks in advance, Niek

 

[C J.]

Hello.

Lately I've been receiving some suspicious emails and I was wondering
if there is any place online where I can forward those emails to check
them for security hazards.
I've examined the contents of these mails and they only appeared to
contain a picture, but I'm a bit wary that they might contain some
hidden content that might harm my computer.

So does anyone know a website where I could get some sort of analysis
of the contents of these emails that might reveal any potential
security threats?
Or perhaps someone knows a method that allows me to save those emails
to disk so I can simply use an online scanner to check them in a
folder on my pc.
The mail was received at my free hotmail account and I use AVG.

Kind regards and thanks in advance, Niek

This was taken from Hotmail's online help:

"When you open a message attachment, it is automatically checked for
viruses. In some cases, MSN Hotmail blocks certain types of files sent as
attachments to help protect your account from viruses. You will be notified
if a potentially unsafe attachment has been blocked. "

This is provided you are viewing your mail from Hotmail online.

Hope this sets your mind at ease somewhat.

 

[Mr. Arnold]

Hello.

Lately I've been receiving some suspicious emails and I was wondering
if there is any place online where I can forward those emails to check
them for security hazards.

So why go any further with it? You should get rid of them. If you don't know
where they came from and they are suspicious to you, then why even mess
around with them?

I've examined the contents of these mails and they only appeared to
contain a picture, but I'm a bit wary that they might contain some
hidden content that might harm my computer.

Then you don't mess around with them. You don't download the emails to your
machine.

So does anyone know a website where I could get some sort of analysis
of the contents of these emails that might reveal any potential
security threats?

Again, if you don't know where the emails came from, like a trusted source,
then why play any games.

Or perhaps someone knows a method that allows me to save those emails
to disk so I can simply use an online scanner to check them in a
folder on my pc.

You shouldn't be saving unknown emails to your computer, period. You should
be using a proxy email client such as Mailwasher (free) or others the will
allow you to view an email at the ISP's email server without downloading the
email to your machine, and it also gives you the ability to delete the email
without pulling the email to the machine.

The mail was received at my free hotmail account and I use AVG.

Kind regards and thanks in advance, Niek

The only clicking with the happy fingers you should be doing is deleting any
unknown or untrusted emails not letting them come to your machine.

The only emails I let reach my machine are those from a known and trusted
source like my car insurance carrier (time to pay the bill) or I made
contact with someone over the phone and in our conversation, an email was
being sent to me.

Other than that, if I don't know where the email came from or it's not a
trusted source, then it's being deleted with the proxy email client program
at the ISP email server, and it's never reaching my machine.

Although the link talks about Web users, it would be curious to see the
results of the email user with the happy fingers that *click*.

http://www.eweek.com/article2/0,1895,2132447,00.asp

The buck stops with you. It doesn't stop anywhere else.

 

[name]

So why go any further with it? You should get rid of them. If you don't know
where they came from and they are suspicious to you, then why even mess
around with them?

Because I want to find out where they are coming from. If I just
delete them, I will keep receiving them and I hate spam, so I want to
find out where the spam is coming from and try to contact the ISP of
the user that is sending the spam.
Also, I already opened them and hotmail did say the mail might be
potentially unsafe, but I opened it anyway. Ok, perhaps stupid, but I
already did this, so now I want to find out if the mails are actually
harmful.

Then you don't mess around with them. You don't download the emails to your
machine.




Again, if you don't know where the emails came from, like a trusted source,
then why play any games.

Again, to figure out how to block the spam.

You shouldn't be saving unknown emails to your computer, period. You should
be using a proxy email client such as Mailwasher (free) or others the will
allow you to view an email at the ISP's email server without downloading the
email to your machine, and it also gives you the ability to delete the email
without pulling the email to the machine.



The only clicking with the happy fingers you should be doing is deleting any
unknown or untrusted emails not letting them come to your machine.

The only emails I let reach my machine are those from a known and trusted
source like my car insurance carrier (time to pay the bill) or I made
contact with someone over the phone and in our conversation, an email was
being sent to me.

Other than that, if I don't know where the email came from or it's not a
trusted source, then it's being deleted with the proxy email client program
at the ISP email server, and it's never reaching my machine.

Well, the thing is, I block all email at my hotmail account from
people that are not on my contact list, but this spam somehow manages
to evade this spam filter, by putting my own address in the senders
address, so hotmail thinks I'm mailing these spam mails to myself, but
I'm not.

 

[name]

This was taken from Hotmail's online help:

"When you open a message attachment, it is automatically checked for
viruses. In some cases, MSN Hotmail blocks certain types of files sent as
attachments to help protect your account from viruses. You will be notified
if a potentially unsafe attachment has been blocked. "

This is provided you are viewing your mail from Hotmail online.

Hope this sets your mind at ease somewhat.- Tekst uit oorspronkelijk bericht niet weergeven -

- Tekst uit oorspronkelijk bericht weergeven -

I know... but hotmail did actually say the content of the mail was not
being shown because it might be potentially harmful. But I opened it
anyway. Perhaps that was a stupid mistake on my part, ok, but I
already did it. So now I want to know whether this might have any
consequences. I still have those emails in my inbox.

 

[name]

I know... but hotmail did actually say the content of the mail was not
being shown because it might be potentially harmful. But I opened it
anyway. Perhaps that was a stupid mistake on my part, ok, but I
already did it. So now I want to know whether this might have any
consequences. I still have those emails in my inbox.- Tekst uit oorspronkelijk bericht niet weergeven -

- Tekst uit oorspronkelijk bericht weergeven -

Oh, and by the way, the mail didn't have any attachment, but it did
have a picture inside.

 

[Beauregard T. Shagnasty]

Because I want to find out where they are coming from. If I just
delete them, I will keep receiving them and I hate spam, so I want to
find out where the spam is coming from and try to contact the ISP of
the user that is sending the spam.

There is no point in doing that. Spammers do not send from their own
accounts. They relay it through the compromised, zombied computers of
clueless home Windows users, and hackable web forms. It would be
doubtful that you would ever receive more than one spam from the same
bot-netted PC.

You will keep receiving them no matter what you do. The spammers have
your email address. If you don't want any more, get a new address,
something that can't possibly be guessed [alphanumeric, dots, dashes],
and hope and pray that none of your friends get their computers
compromised and they find your new one in that friend's address book.

Also, I already opened them and hotmail did say the mail might be
potentially unsafe, but I opened it anyway. Ok, perhaps stupid, but I
already did this, so now I want to find out if the mails are actually
harmful.

Just delete them. Nearly all spam is recognizable by the Subject line
alone. No need to ever open them.

Or feed them all to Spamcop; allow an hour of your time each day.

Well, the thing is, I block all email at my hotmail account from
people that are not on my contact list, but this spam somehow manages
to evade this spam filter, by putting my own address in the senders
address, so hotmail thinks I'm mailing these spam mails to myself,
but I'm not.

The spammers know that a lot of ISPs (and web services like hotmail)
allow you to send mail to yourself, so they don't filter it - by
address. So the spammers use the same in both the FROM and the TO.

 

[Mr. Arnold]

Because I want to find out where they are coming from. If I just
delete them, I will keep receiving them and I hate spam, so I want to
find out where the spam is coming from and try to contact the ISP of
the user that is sending the spam.

You should forget about this. It's not going to pay off for you. You should
change your email address and move one.

Also, I already opened them and hotmail did say the mail might be
potentially unsafe, but I opened it anyway. Ok, perhaps stupid, but I
already did this, so now I want to find out if the mails are actually
harmful.

Well if you did such a thing, then what can be said about it. You already
opened the door. It's over.

Again, to figure out how to block the spam.

You put a viable proxy program into play and delete them, no questions or
curiosity period.

Well, the thing is, I block all email at my hotmail account from
people that are not on my contact list, but this spam somehow manages
to evade this spam filter, by putting my own address in the senders
address, so hotmail thinks I'm mailing these spam mails to myself, but
I'm not.

Your other contacts/friends and their machines are infected and they got
your address. You can't account for other users that have your email address
in their address book. If you put yourself out there like that, you're going
to get hit.

 

[name]

Because I want to find out where they are coming from. If I just
delete them, I will keep receiving them and I hate spam, so I want to
find out where the spam is coming from and try to contact the ISP of
the user that is sending the spam.

There is no point in doing that. Spammers do not send from their own
accounts. They relay it through the compromised, zombied computers of
clueless home Windows users, and hackable web forms. It would be
doubtful that you would ever receive more than one spam from the same
bot-netted PC.

You will keep receiving them no matter what you do. The spammers have
your email address. If you don't want any more, get a new address,
something that can't possibly be guessed [alphanumeric, dots, dashes],
and hope and pray that none of your friends get their computers
compromised and they find your new one in that friend's address book.

Ok, you're probably right and trying to figure out where the spam is
coming
from is probably futile.

Just delete them.

Ok, next time I won't open them and simply get rid of them. But I
already
opened these two mails, so just for my peace of mind I will keep those
two mails
until I figure out whether or not opening them has possibly harmed my
computer.
As long as I still have those mails, I might still be able to figure
out later on whether or
not they might have harmed my computer.
I think it's better to know about it if it actually did happen than
just deleting the mails
and hoping for the best. Suppose the mails actually did contain
harmful code and
I would just delete them and try to forget about them, then the
security of my computer
might be compromised in the future and I wouldn't even know about it.
I think that's
like sticking your head in the sand and simply ignoring issues hoping
that will make
them go away.

Nearly all spam is recognizable by the Subject line alone. No need to ever open them.

Not in my experience. Spam gets increasingly hard to distinguish from
genuine emails.
On my free yahoo account I often see genuine emails ending up in my
spam bin and
it's very tricky to recognize them among the dozens of actual spam
mails I receive on a daily basis.
If an email has a subject like 'add 2 inches to your penis length',
ok, that's pretty clear,
but often spam will have a subject like 'about your email' or 're:
question' which might be a response
to an actual email I send previously.

 

[Beauregard T. Shagnasty]

Ok, next time I won't open them and simply get rid of them. But I
already opened these two mails, so just for my peace of mind I will
keep those two mails until I figure out whether or not opening them
has possibly harmed my computer. As long as I still have those mails,
I might still be able to figure out later on whether or not they
might have harmed my computer. I think it's better to know about it
if it actually did happen than just deleting the mails and hoping for
the best. Suppose the mails actually did contain harmful code and I
would just delete them and try to forget about them, then the
security of my computer might be compromised in the future and I
wouldn't even know about it. I think that's like sticking your head
in the sand and simply ignoring issues hoping that will make them go
away.

Opening (to read) a spam will not harm your computer, unless you have an
extremely insecure mail program. Outhouse Express comes to mind. Reading
mail at hotmail should have no effect.

Spam (real spam, not some other interpretation of the slang term)
doesn't contain payloads. If there are web sites, and you are
inexperienced with browser security, don't visit them.

Or, if there is an executable attachment, and you run it. But then it
wouldn't be "spam", it would be a "virus".

Not in my experience. Spam gets increasingly hard to distinguish from
genuine emails. On my free yahoo account I often see genuine emails
ending up in my spam bin and it's very tricky to recognize them among

Your ISP's spam filter may be incompetent. Mine hasn't put a legitimate
email in the junk folder in years.

the dozens of actual spam mails I receive on a daily basis. If an
email has a subject like 'add 2 inches to your penis length', ok,
that's pretty clear, but often spam will have a subject like 'about
your email' or 're: question' which might be a response to an actual
email I send previously.

So then look beyond the Subject, to the FROM field. Recognize the name?
No? Delete it.

If it says "about your email" as a Subject line... do your friends
change the text in the Subject when they reply?

Looking at my junk folder just now. Subjects all like these:

Be what nesquehoning
Which as kingsland
by hermaiville herself blossburg
Get out of the obese crowd
Buy OEM software
May Statement Tue, 29 May 2007 09:28:41 -0300
on mine glenecho
Buy OEM software (again)
Re: Why look anywhere else? I found it here
Don't be the "little guy" in the club
No worries
It really improves erection...
Don't be the "little guy" in the club (again)
Can you imagine that you are healthy
Re: Medication for US residents

The only possible real mail in there might be the "May Statement",
except I don't have any online accounts that title their email like
this. For this exercise, I decided to open it.

"We spoke a few days ago and I'd like to confirm everything now.
Please go over the information below and let me know if you have any
questions."

...followed by an URL to a web site. It was one of the mortgage scam
forms to fill out. This form was also one of the 'common templates' that
dozens of the spammers use, 'cause they ain't smart enough to write a
web page themselves. You could choose to fill it out, using completely
bogus data if you want to annoy them, as they did you.

 

[C J.]

You should forget about this. It's not going to pay off for you. You
should change your email address and move one.


Well if you did such a thing, then what can be said about it. You already
opened the door. It's over.


You put a viable proxy program into play and delete them, no questions or
curiosity period.



Your other contacts/friends and their machines are infected and they got
your address. You can't account for other users that have your email
address in their address book. If you put yourself out there like that,
you're going to get hit.

Name . . .

I've always had a few simple common sense rules about using any http://
based e-mail services such as my own ISP, yahoo! or MSN Hotmail.

3 of the most important ones are below:

1. If the From and Subject lines are in unreadable alternate characters...
and it contains an attachment, there is a good to high probability its
infected so its deleted.

2. If the To: line contains someone elses physical email address(es) and
the CC or BC lines contains my email address only, and it contains an
attachment - its infected so its Deleted.

and last but not least important is ...

3. If I recognize the sender, but sircumstances as to why I'm recieveing a
message on this account, from this party (whose neither on my MSN Messenger
contact list, or has been given this address as an alternate one to use to
contact me.) Its examined in Outlook express as plain text, then the header
and routing info is also examined and investigated, and then its deleted.

A great illustration for #3, would be telling you about what happened a few
months ago. One night I noticed I recieved this legitimate looking email,
that was apparently from my bank - on my hotmail account.

The official looking body of the email informed me that because of several
failed attempts to log in to my account ending in XXXXX within the previous
24 hours, my account was being frozen to internet access - and would remain
so until I went to a link at the bottom of the message - to reset my
username and password.

I'm no fool. I've never given out this hotmail address to my bank.
Additionally, because the username is permanent, only the password can be
changed. The bank wouldn't ask me to reset both. So I pointed my browser to
my banks web site log in, and was able to access my account normally.

Now, I was hella curious... if not scared because the XXXXX number listed in
the email was for a legitimate account.

I have Outlook Express set up to handle hotmail, so I went ahead and
downloaded the entire inbox and bulk folder, and allowed my antivirus to
scan everything as it arrived. After getting rid of all the obvious crap
and deleting it - I highlighted that bank message to have a look at it in
plain text mode. The body was in HTML

The href:// link for resetting my username/password in the email body
certainly wasn't going to any secure servers the bank would have used. Next
the message header and routing info was inspected, and some whois
backtracking was done on the From address, and again on the embedded link
address. This info along with the email were sent as a zipped file
attachment to my banks internet fraud divison.

Hope some of what has been said on this thread helps.
Good luck.

 

[Beauregard T. Shagnasty]

2. If the To: line contains someone elses physical email address(es)
and the CC or BC lines contains my email address only, and it contains an
attachment - its infected so its Deleted.

Attachments to spam are frequently what is known as "image spam", where
the entire spammer's real message is text-in-an-image. Sometimes they
include a bunch of random text to get by filters, pretending to be
unique messages. These kinds of spams are not "infected", just annoying.
<g>

If you (the collective you) need to execute/open whatever the attachment
is, be sure to save it to the hard drive first, and scan it with your
up-to-date anti-virus program. But naturally the best answer is to just
delete it.

 

[Mr. Arnold]

A great illustration for #3, would be telling you about what happened a
few months ago. One night I noticed I recieved this legitimate looking
email, that was apparently from my bank - on my hotmail account.

The official looking body of the email informed me that because of several
failed attempts to log in to my account ending in XXXXX within the
previous 24 hours, my account was being frozen to internet access - and
would remain so until I went to a link at the bottom of the message - to
reset my username and password.

I'm no fool. I've never given out this hotmail address to my bank.
Additionally, because the username is permanent, only the password can be
changed. The bank wouldn't ask me to reset both. So I pointed my browser
to my banks web site log in, and was able to access my account normally.

Now, I was hella curious... if not scared because the XXXXX number listed
in the email was for a legitimate account.

Banks are not going to ever, ever, ever, ever and again NOT ever be in
correspondence with their customers like that.

And the fact that you say part of the number was to an account you have
tells me that at some point in time you clicked on something that was
dubious in nature that lead to it, whether that be visiting a Web site or
coming in an email. It doesn't happen by itself.

I have Outlook Express set up to handle hotmail, so I went ahead and
downloaded the entire inbox and bulk folder, and allowed my antivirus to
scan everything as it arrived. After getting rid of all the obvious crap
and deleting it - I highlighted that bank message to have a look at it in
plain text mode. The body was in HTML

AV's can be circumvented and defeated. One doesn't lean on them like a
crutch, like they are some kind of stops all and ends all solution. They are
not that.

I used OE and I am using OE's brother Windows Mail on Vista. In either case,
they were taken out of their automatic download of email settings with a
proxy sitting in front of them controlling what's happening at the ISP.

The bottom line is one doesn't try to play Sherlock Holmes with those
solutions. One simply puts into practice common sense.

If one doesn't know where an email came from, the email makes no sense in
what it's asking, even if it looks official, it's too good to be true or one
hasn't had a condition setup to have an email sent to he or she from a
legit souce, then the email should be flat-out deleted at the ISP.

There is no, oh one is curious, what if it's that and one needs to play
Holmes etc, etc.

The href:// link for resetting my username/password in the email body
certainly wasn't going to any secure servers the bank would have used.
Next the message header and routing info was inspected, and some whois
backtracking was done on the From address, and again on the embedded link
address. This info along with the email were sent as a zipped file
attachment to my banks internet fraud division.

Nice try, it's doesn't mean a whole lot. It's too much of it happening.
Again, the buck stops with you. It doesn't stop anywhere else.

 

[name]

Attachments to spam are frequently what is known as "image spam", where
the entire spammer's real message is text-in-an-image. Sometimes they
include a bunch of random text to get by filters, pretending to be
unique messages. These kinds of spams are not "infected", just annoying.
<g>

Hmmm, with hotmail, I'm able to view the sourcecode of an email and
indeed the two emails I was referring to in this thread turned out to
have just a random bunch of text with a picture somewhere inside
(actually just an url referring to an online jpg) that contained the
actual advertisement. What kind of scared me was that the first one
seemed to contain some kind of code, but the second mail had just some
random text from a website (I was able to find the actual website
where the text had been copied from). So it seems everything is ok and
I've deleted the emails.

 

[Beauregard T. Shagnasty]

What kind of scared me was that the first one seemed to contain some
kind of code,

HTML? CSS? It looks like code, but it isn't.

Most spam is in HTML, which is why a lot of people automatically delete
HTML emails. If you want to be sure your mail reaches others, send it in
plain text only.

 

[C J.]

HTML? CSS? It looks like code, but it isn't.

Most spam is in HTML, which is why a lot of people automatically delete
HTML emails. If you want to be sure your mail reaches others, send it in
plain text only.

Even if I use Outhouse Express (smirks at that, is a good name for it,) mine
is set to read all emails as plain text I've never viewed anything in HTML.
Nothing in the way of embedded code can run then - once its opened.

 

[name]

HTML? CSS? It looks like code, but it isn't.

Dunno, prolly something like that.. can't look anymore because I
already threw them away, but l guess I'll receive a similar one soon,
so I might be able to provide a snippet of that stuff.

 

[Bob]

Check with your ISP. I found that my ISP has a Spam Filter with four
different settings for my email that I didn't know about. They are 1. Tag
Spam, 2. Discard Spam, and 3. Quarantine Spam. This is all done at my ISP.
The fourth setting which I don't use is called No Filtering. Maybe your ISP
has this filter also.