Thread: A Hack or what ?

Originally Posted by wheelinround

Strange e-mail arrived at daughters work yesterday she rings me

Daughter
Dad did you send me an e-mail this morning ?

Me
Nope haven't been on since 8.30am and everything is off line !

Daughter
I got an e-mail with an old work addy from 7 yrs ago with an admin bounce back that the e-mail no longer exists. I know it doesn't as ex boyfreind head tech guy made it redundant when I left. Now is it possible you still have the e-mail addy in your address book. ?

Me
Nope !

The Tech guys at her work are also confused, although I have my suspicions.

Now I do still have the e-mail addy from her old work not in present address book, its archived with no direct links to it an old address book from 2000/2001 well hidden.

Now for it to be used and then sent via my daughters present e-mail addy and bounced back via the old work admin to her present work adress thats got to be a good one.

Its possible but a long shot.

I ran Microsofts rootkit reveler it and SAPHOS nothing showed up

http://www.microsoft.com/technet/sys...tRevealer.mspx

http://www.sophos.com/products/free-...i-rootkit.html

This could occur via *anyone* that still has THAT old email address listed in *their* email addresses. That person's computer may have been *compromised* by any one of the thousands of viruses etc. The email address has then been retrieved/extracted from that list of address and been used in a spam mailout.

The *anyone* concerned could very well BE anyone with whom your daugther has corresponded via email.

The chances of finding out who or isolating that compromised computer is non-existent. Now that the address has been used for spam email it could very well be reused. For the *bounce* to get back to your daughter means that there is STILL a reference or link from the OLD address to the current email address. The link would have been put in to serve the same purpose as a snail mail forwarding address. This link or forwarding reference needs to be removed.


HTH

Originally Posted by MrFixIt

This could occur via *anyone* that still has THAT old email address listed in *their* email addresses. That person's computer may have been *compromised* by any one of the thousands of viruses etc. The email address has then been retrieved/extracted from that list of address and been used in a spam mailout.

The *anyone* concerned could very well BE anyone with whom your daugther has corresponded via email.

The chances of finding out who or isolating that compromised computer is non-existent. Now that the address has been used for spam email it could very well be reused. For the *bounce* to get back to your daughter means that there is STILL a reference or link from the OLD address to the current email address. The link would have been put in to serve the same purpose as a snail mail forwarding address. This link or forwarding reference needs to be removed.


HTH

Thanks Peter

Had that theory too Peter and the only link that has been used of late is a wrongly sent e-mail using her old home IHUG/now iiNet account. Defunct for 3 years by myself 3 days ago by mistake but that e-mail addy isn't showing up in my now address book so I can't delete something thats not there.

But as you state it could BE ANYONE but no one we can think of has both e-mails as they are both work addy's of concern and daughter doesn't give them out to easily even to me.

Originally Posted by MrFixIt

.... For the *bounce* to get back to your daughter means that there is STILL a reference or link from the OLD address to the current email address. The link would have been put in to serve the same purpose as a snail mail forwarding address. This link or forwarding reference needs to be removed.

Yeah, that is the queer bit....

I administer my own domain name & mail server at work & I also have a couple of other e-mail addresses on different domains that I use from home.

I have never had an e-mail with one of my addresses bounce to another address in a different domain, that is very odd.

I get lots of crap e-mails going to all sorts of names at the domain IE domain name is madeupname.com.au so I get mail addressed to [email protected] .... info@.... guest@.... test@.... sales@.... service@..... Cliff, Bruce, Peter, Wally, wheelbarrow, whatever, etc.
Some of it gets through, the rest goes in the spam box.

Hi

Originally Posted by wheelinround

But as you state it could BE ANYONE but no one we can think of has both e-mails as they are both work addy's of concern and daughter doesn't give them out to easily even to me.

But even IF anyone has both addresses that would not cause the bounce because there would *normally* be no association between their addresses on a "recipients" pc.

The link that would enable the bounce will be at IInet, please check with them to ensure they remove all references to the old address. They may also need to check the current address to make sure there is no link to the old address.

Originally Posted by MrFixIt

Hi


But even IF anyone has both addresses that would not cause the bounce because there would *normally* be no association between their addresses on a "recipients" pc.

The link that would enable the bounce will be at IInet, please check with them to ensure they remove all references to the old address. They may also need to check the current address to make sure there is no link to the old address.

Yep that's logical unless it was the techies at her work who were doing the hacking

top suggestion will do

only one flaw here is that the IHUG/iiNet has no association with the new work e-mail address or my present one or her home one.

It's not very clear from what you say.

Was the original email sender address yours, or was it hers? Usually the only way you will get an admin bounce is if you are the sender. What were the contents of the rejected email? Why did she think it was you who sent it?

I occasionally receive bounces which are spam emails sent using my address to a third party. It's easy to send an email which appears to come from someone else, I do it all the time with a couple of my web sites. You can also set the Reply To address separately to the Sender address. The only way to really work out what has happened is to look at the headers, but if the mail server that sent the bounce to her didn't forward the original email, there's not much you can do.

Originally Posted by silentC

It's not very clear from what you say.

Was the original email sender address yours, or was it hers? Usually the only way you will get an admin bounce is if you are the sender. What were the contents of the rejected email? Why did she think it was you who sent it?

I occasionally receive bounces which are spam emails sent using my address to a third party. It's easy to send an email which appears to come from someone else, I do it all the time with a couple of my web sites. You can also set the Reply To address separately to the Sender address. The only way to really work out what has happened is to look at the headers, but if the mail server that sent the bounce to her didn't forward the original email, there's not much you can do.

SC

I wrote

Now for it to be used and then sent via my daughters present e-mail addy and bounced back via the old work admin to her present work adress thats got to be a good one.

so I did make it clear

what is the strange part it wasn't sent by either of us.

No sorry but that doesn't make any sense to me. You can't send an email to one address via another. Email is a communication between two addresses - the sender and the recipient. If the email is CC'ed, it's treated as a separate message to each CC recipient, it isn't sent 'via' someone else.

I suspect it was a spam email. For the rejection notice to come back to her current address, the sender field in the header would have to have been her current address, it's the only way it can happen.

It's possible that both addresses are on a spammer's mailing list. A trick they often use is to substitute an address at random from the list for the sender to avoid blacklists. As I said, I sometimes get rejection notifications for messages that I never sent. Whenever the original email has been forwarded to me as part of the rejection, it has always been spam.

I don't think we have enough information to solve your problem. I doubt it's a hacker.

Originally Posted by silentC

....It's possible that both addresses are on a spammer's mailing list. A trick they often use is to substitute an address at random from the list for the sender to avoid blacklists. As I said, I sometimes get rejection notifications for messages that I never sent. Whenever the original email has been forwarded to me as part of the rejection, it has always been spam.......

I'll agree with that, I have received bounces of spam that have supposed to have come from somebody at my domain who doesn't even exist.

Agree with you SC and Cliff
Although I believe anything is possible
What a fluke though eh

A strange spammer eh one of her old employers work e-mails addy's from 7 years ago long deleted out of any of our present address books to return to her now present work place.

Thanks for all your input guys

Oh Mrfixit rang iiNet/Ihug explained situation etc they still have copies of e-mail address we had but not accessible to any attack .