Worrying Spam Message,Evaded My Spam Filter.

[MAJIC]

Had what looks like normal spam,and I wouldn't have given it a second thought,except this one had the email address of a very trusted friend,I emailed my friend to see if she had sent it and she hadn't.

So my question is how the hell did they know I would open the email,because it had my friends Yahoo email address at the top of the message?

and this is why it evaded the Spam filter.

Subject:A surprise chance for you.

A surprise chance for you.

i just got my favourite iphone from here

:<e 2007.com7

best quality and fast ship

i like it very much

come and see.

(as written and received)

[manarak]

I get a lot of spams that supposedly come from friends - I guess their browser has been compromised and when they logon to hotmail or yahoo, the browser sends the spam, or it forks off a copy of the logon data to the spammers who then send the spams.

[lopburi3]

And it could have been a third party computer list that was compromised and combinations being used of emails found on that list.

[Gary A]

I had a similar experience. I was surprised that I would get such an email from that sender. I emailed back to her and she said she had not sent that email. Shortly after that I got emails from several friends asking me about emails that I sent to them. I didn't send them.

Apparently the email I received from the lady also infected my computer. I ended up changing my email passwords and that seems to have fixed the problem. I thoroughly scanned my computer for any virus and none showed up.

[frodo77]

I also had a similar experience 3 days ago. I suspected a virus, but my anti-virus failed to pick anything up. I even ran a couple of virus removal programs and nothing was found. Fortunately Spybot Search and Destroy caught it. It was a worm, and could not remove it within Spybot's window, so had to delete the folder it was in. I changed my password as a precaution, and seems ok now.

[MAJIC]

I also had a similar experience 3 days ago. I suspected a virus, but my anti-virus failed to pick anything up. I even ran a couple of virus removal programs and nothing was found. Fortunately Spybot Search and Destroy caught it. It was a worm, and could not remove it within Spybot's window, so had to delete the folder it was in. I changed my password as a precaution, and seems ok now.

Thanks very much to all of you,for your help,I will change my hotmail password.and try some other Anti Virus Programs.

although mine is a minor problem,it's scary how these scammers and phishing Con merchants can mess up peoples lives and businesses.

Its long past the time,when Jail Sentences should be handed out!for this kind of anti social practices. Lets say start out with 5 year sentences for online major theft, and start coming down for less major offences.

Maybe have a computer Tax/Levy,to build some more Prisons for this type of criminal trash.

[Valentine]

I am getting heaps of "mail undeliverable" messages showing all sorts of subjects, including porn, that have supposedly been sent from me. I ran Malwarebytes which did not come up with anything & MSE which found one malicious file but I still have the problem. My email account is with Loxinfo & the best they could come up with is to re format my PC &/or change my user name. I have not done either yet hoping I can find a programme to remove the offending file. However, I am guessing the spammers who are now using my address can still continue to do so. It is worrying what friends & acquaintances will think. BTW I also get occasional spam mails from my daughter's old hotmail address.

[ChaiLor]

About 2 years ago everyone in my hotmail address book received a spam email from my address, it also happened twice this year, it's really annoying as it's a little embarrassing if people receiving the email don't understand what's actually happening - these are called spoof emails, it doesn't mean anyone necessarily knows your password but I think it's recommended to change it every month anyway, from what I found out when I googled it, some spamsters will somehow get email addresses by randomised selection and somehow send spam from them (using a software program of some sort I guess) apparently they are generally found and blocked after using an email address once or twice by the likes of hotmail et al, then it's all repeated with again with other email addresses. I think MS hotmail, gmail etc really need to dedicate more resource to put a stop to this, I'm sure if they really really wanted to they could!

[transam]

Phished, get your friend to change their pass word.

[sawadeeken]

I had my email address book hacked several months ago. It sent emails to many of 'my contacts' as if they were coming from me. A friend told me to change my password - quick. I did. The thing is that I had my own email address in there and I got the same thing that was sent to all my friends, and I could see their contact addresses, so I immediately sent out a warning to all of them to keep them from opening anything from me. I noticed that there was never a 'subject' indicated on any of the 'vicious' emails, too

[MAJIC]

About 2 years ago everyone in my hotmail address book received a spam email from my address, it also happened twice this year, it's really annoying as it's a little embarrassing if people receiving the email don't understand what's actually happening - these are called spoof emails, it doesn't mean anyone necessarily knows your password but I think it's recommended to change it every month anyway, from what I found out when I googled it, some spamsters will somehow get email addresses by randomised selection and somehow send spam from them (using a software program of some sort I guess) apparently they are generally found and blocked after using an email address once or twice by the likes of hotmail et al, then it's all repeated with again with other email addresses. I think MS hotmail, gmail etc really need to dedicate more resource to put a stop to this, I'm sure if they really really wanted to they could!

Highly agree with your last statement,surely these major companies,are not allowing themselves to be beaten by these small time misfits,crooks, and hackers? where is their professionalism? or do they not care,as long as the money keeps rolling in?

The answer to me seems to be something like: Allocate completely new Email User Accounts VERIFIED by Address,Bank Account Details, Passport Number,and any other details necessary to beat the Bastards,and create traceability.

And not forgetting a security locked site,the same as online Bank Accounts and PAYPAL! stopping them at the initial user stage,is all important.

OK Computer Experts, Boffins,and Programmers,tell me why it can't be done???

[manarak]

About 2 years ago everyone in my hotmail address book received a spam email from my address, it also happened twice this year, it's really annoying as it's a little embarrassing if people receiving the email don't understand what's actually happening - these are called spoof emails, it doesn't mean anyone necessarily knows your password but I think it's recommended to change it every month anyway, from what I found out when I googled it, some spamsters will somehow get email addresses by randomised selection and somehow send spam from them (using a software program of some sort I guess) apparently they are generally found and blocked after using an email address once or twice by the likes of hotmail et al, then it's all repeated with again with other email addresses. I think MS hotmail, gmail etc really need to dedicate more resource to put a stop to this, I'm sure if they really really wanted to they could!

Highly agree with your last statement,surely these major companies,are not allowing themselves to be beaten by these small time misfits,crooks, and hackers? where is their professionalism? or do they not care,as long as the money keeps rolling in?

The answer to me seems to be something like: Allocate completely new Email User Accounts VERIFIED by Address,Bank Account Details, Passport Number,and any other details necessary to beat the Bastards,and create traceability.

And not forgetting a security locked site,the same as online Bank Accounts and PAYPAL! stopping them at the initial user stage,is all important.

OK Computer Experts, Boffins,and Programmers,tell me why it can't be done???

the answer is the following:

it's not gmail yahoo and hotmail who get beaten by smalltime misfits, crooks and hackers... it's misfit computer users who are beaten.

If your browser gets hacked, if a troyan finds its way onto your computer or if you enter your password on a phishing site, it's game over, the hacker wins.

Verified accounts will not make users more clever, they will still install software from unsafe sources and type their password on phishing sites. Verified accounts with bank data, passport number, etc. are also very frightening, because of the amount of info that can be hacked! Identity theft galore!

Securing accounts with a PIN-generating dongle or with a TAN list costs money, so don't expect that type of validation for free services.

Edited December 25, 2011 by manarak

[MAJIC]

About 2 years ago everyone in my hotmail address book received a spam email from my address, it also happened twice this year, it's really annoying as it's a little embarrassing if people receiving the email don't understand what's actually happening - these are called spoof emails, it doesn't mean anyone necessarily knows your password but I think it's recommended to change it every month anyway, from what I found out when I googled it, some spamsters will somehow get email addresses by randomised selection and somehow send spam from them (using a software program of some sort I guess) apparently they are generally found and blocked after using an email address once or twice by the likes of hotmail et al, then it's all repeated with again with other email addresses. I think MS hotmail, gmail etc really need to dedicate more resource to put a stop to this, I'm sure if they really really wanted to they could!

Highly agree with your last statement,surely these major companies,are not allowing themselves to be beaten by these small time misfits,crooks, and hackers? where is their professionalism? or do they not care,as long as the money keeps rolling in?

The answer to me seems to be something like: Allocate completely new Email User Accounts VERIFIED by Address,Bank Account Details, Passport Number,and any other details necessary to beat the Bastards,and create traceability.

And not forgetting a security locked site,the same as online Bank Accounts and PAYPAL! stopping them at the initial user stage,is all important.

OK Computer Experts, Boffins,and Programmers,tell me why it can't be done???

the answer is the following:

it's not gmail yahoo and hotmail who get beaten by smalltime misfits, crooks and hackers... it's misfit computer users who are beaten.

If your browser gets hacked, if a troyan finds its way onto your computer or if you enter your password on a phishing site, it's game over, the hacker wins.

Verified accounts will not make users more clever, they will still install software from unsafe sources and type their password on phishing sites. Verified accounts with bank data, passport number, etc. are also very frightening, because of the amount of info that can be hacked! Identity theft galore!

Securing accounts with a PIN-generating dongle or with a TAN list costs money, so don't expect that type of validation for free services.

I understand your remarks about careless online users,that give out their personal Data to Phishing sites,I have several online Bank Accounts,which are secure (locked),plus PAYPAL & EBAY, none of them have ever been Hacked or compromised in any way,and that's in more than a Decade of use. And so do many Tens of Millions of other people have online Banking.

Using the same Security Software features as the Financial Institutions do,would certainly make simple Email Accounts a lot more secure,and would make it more difficult across the board,to thieve and Scam,a much needed addition to the security package.

If Internet Banking was so risky,and costly, the Banks would no doubt have reverted back to the high street Banking,of yesteryear by now.

Giving your Bank details,such as Account number to pay for items is one thing,the stupid ones,who would give out their Credit or Debit Card PIN number Online are Brainless!and should stick to High street Banking.

Also using Visa cards Online often needs to be VERIFIED at another website, before the transaction can be completed (only the owner of the card knows the security questions)

I know Dongles used to protect software copying,and used to be expensive for a company to protect copyright issues,of their company drawings and products,but no doubt produced in millions for a set purpose,would bring the price down considerably.

And it may be in the Banks or other Instutions,interests to issue a free one the same as they do with Security Software Disks.

Edited December 25, 2011 by MAJIC

[jybkk]

Guys... the most probable explanation about all this is NOT hacking.

it's simply those stupid chain emails and other hoaxes that get forwarded by everyone.

Ever wondered why people would start an hoax? When it's not to damage a company's reputation, it is simply to help them collect email address.

How? Deadly simple: most of people will forward those stupid emails to all of their address book, leaving all the address in clear. Then the next moron will do the same, and the whole list of previous recipient will end up at the bottom of the forwarded mail... and so on, until several hundred addresses are on this email and thei end up being sent to a spammer's email, which then collects all of those and start spamming them.

This is why it will look like it was sent to your address book. Either because you did forward yourself a chain email to your address book and it ended up in the wrong hands, or, more annoyingly, because someone close who shares a lot of contacts with you did that and you end up unwillingly in the whole batch.

We don't really need a new authentication for emails. I'm happy it remains relatively anonymous. We just need people to be a bit more educated about how all this works.

[manarak]

Guys... the most probable explanation about all this is NOT hacking.

it's simply those stupid chain emails and other hoaxes that get forwarded by everyone.

Ever wondered why people would start an hoax? When it's not to damage a company's reputation, it is simply to help them collect email address.

How? Deadly simple: most of people will forward those stupid emails to all of their address book, leaving all the address in clear. Then the next moron will do the same, and the whole list of previous recipient will end up at the bottom of the forwarded mail... and so on, until several hundred addresses are on this email and thei end up being sent to a spammer's email, which then collects all of those and start spamming them.

This is why it will look like it was sent to your address book. Either because you did forward yourself a chain email to your address book and it ended up in the wrong hands, or, more annoyingly, because someone close who shares a lot of contacts with you did that and you end up unwillingly in the whole batch.

We don't really need a new authentication for emails. I'm happy it remains relatively anonymous. We just need people to be a bit more educated about how all this works.

You didn't get the most important point: the email seems to originate from your friend, he appears to be the sender of the email.

It is difficult to fake a sender's address.

[jybkk]

You didn't get the most important point: the email seems to originate from your friend, he appears to be the sender of the email.

It is difficult to fake a sender's address.

On the contrary. It is extremely easy to fake a sender's address.

Mail protocol doesn't account for sender's address authenticity. The "from" field attached to an email is purely informative. Exactly like the "from" address you'd put on an envelope before posting it. After all, you're free to put anything on there, nobody will check. The only thing is that the recipient won't be able to reply as it is not your address.

Nowadays, most of mail servers are configured so as they don't allow "relay" (you can't use your work mail server to send emails with a "from" not within the list of employees), but the spammers simply setup their own mail servers. Send the spam. The mail server will be quickly listed as spammy, but then they just start another one somewhere else.

It takes a few minutes to setup a mail server, and then you can send emails in the name of anyone. I did send as a joke a few emails that looked like coming from celebrities or cartoon characters.

[manarak]

You didn't get the most important point: the email seems to originate from your friend, he appears to be the sender of the email.

It is difficult to fake a sender's address.

On the contrary. It is extremely easy to fake a sender's address.

Mail protocol doesn't account for sender's address authenticity. The "from" field attached to an email is purely informative. Exactly like the "from" address you'd put on an envelope before posting it. After all, you're free to put anything on there, nobody will check. The only thing is that the recipient won't be able to reply as it is not your address.

Nowadays, most of mail servers are configured so as they don't allow "relay" (you can't use your work mail server to send emails with a "from" not within the list of employees), but the spammers simply setup their own mail servers. Send the spam. The mail server will be quickly listed as spammy, but then they just start another one somewhere else.

It takes a few minutes to setup a mail server, and then you can send emails in the name of anyone. I did send as a joke a few emails that looked like coming from celebrities or cartoon characters.

I didn't mean the from or reply-to addresses!

I meant that modern inbox servers use at least SPF to check if the email comes from a server authorized to originate emails for that email domain.