Problem with someone taking over my computer and sending outgoing mail in Eudora program - Eudora

On 4 Apr 2007 11:34:35 -0700, "Robert Fleming"
<BettyB.Fleming@verizon.net> wrote:

>I have a problem with emails going out out from my computer, many of
>which are returned as undeliverable (as many as hundreds a day!). I
>have installed Ad-Aware and have found no spyware. I also installed
>AVG Mal-Ware. Neither has worked. I would appreciate any advice to
>solve this problem, with thanks!

It's more likely that the spammers are simply faking your E-mail
address rather than taking over your computer.

To prove this to yourself, turn off your PC for a week, then turn it
back on. Note the dates of the E-mails claimed as "you sent".

...Jim Thompson
--
| James E.Thompson, P.E. | mens |
| ****og Innovations, Inc. | et |
| ****og/Mixed-Signal ASIC's and Discrete Systems | manus |
| Phoenix, Arizona Voice480)460-2350 | |
| E-mail Address at Website Fax480)460-2142 | Brass Rat |
| http://www.****og-innovations.com | 1962 |

America: Land of the Free, Because of the Brave

On Apr 4, 2:59 pm, Jim Thompson <To-Email-Use-The-Envelope-I...@My-Web-
Site.com> wrote:
> On 4 Apr 2007 11:34:35 -0700, "Robert Fleming"
>
> <BettyB.Flem...@verizon.net> wrote:
> >I have a problem with emails going out out from my computer, many of
> >which are returned as undeliverable (as many as hundreds a day!). I
> >have installed Ad-Aware and have found no spyware. I also installed
> >AVG Mal-Ware. Neither has worked. I would appreciate any advice to
> >solve this problem, with thanks!
>
> It's more likely that the spammers are simply faking your E-mail
> address rather than taking over your computer.
>
> To prove this to yourself, turn off your PC for a week, then turn it
> back on. Note the dates of the E-mails claimed as "you sent".
>
> ...Jim Thompson
> --
> | James E.Thompson, P.E. | mens |
> | ****og Innovations, Inc. | et |
> | ****og/Mixed-Signal ASIC's and Discrete Systems | manus |
> | Phoenix, Arizona Voice480)460-2350 | |
> | E-mail Address at Website Fax480)460-2142 | Brass Rat |
> | http://www.****og-innovations.com | 1962 |
>
> America: Land of the Free, Because of the Brave

Thank you for an interesting possibility . . . one I never would have
thought of.

We do turn off our computer at night, and will try to catch the hours
they were sent in the returned messages.

Best, Robert B. Fleming

On Wed, 04 Apr 2007 14:17:41 -0500, Robert Fleming wrote:

> I have a problem with emails going out out from my computer,
> many of which are returned as undeliverable
> (as many as hundreds a day!)

> We do turn off our computer at night, and will try to catch
> the hours they were sent in the returned messages.

****ysis of "full headers" and other info in "bounce" messages
can also provide indications of true message origin, e.g.:
http://techbase.msu.edu/viewpathfinder.asp?id=2045

Insertion of false "From:" addresses
by computers located elsewhere is the most common cause,
although there are other possibilities as well, such as
http://postini.com/news_events/pr/pr031407.php [bot-nets]

-[ ]-

By the way, Robert Fleming,
do you have any "autoreply" set up,
either in Eudora or in your ISP email account?

If your autoreply answers every spam and you get lots of spam,
this too will set off a chain of "undeliverable" messages,
because many of your autoreplies (replying to spam)
will be sent back to non-existent "From:" addresses,
which may once again come back to you.

A look at the actual content of the "returned" emails
may help you to determine what is generating the traffic
(but don't post it all here

-[ ]-

On Wed, 04 Apr 2007 16:27:53 -0500, "John H Meyers"
<jhmeyers@nomail.invalid> wrote:

>****ysis of "full headers" and other info in "bounce" messages
>can also provide indications of true message origin

Yes, that's a good point. A couple of months ago I got dozens of
bounced messages back, sent with one of my addresses as the sender, but
using The Bat! as email program. Yeah... right
--

Ajo Wissink

--
Posted via a free Usenet account from http://www.teranews.com

On Apr 4, 7:03 pm, Ajo Wissink <a...@notrealaddress.invalid> wrote:
> On Wed, 04 Apr 2007 16:27:53 -0500, "John H Meyers"
>
> <jhmey...@nomail.invalid> wrote:
> >****ysis of "full headers" and other info in "bounce" messages
> >can also provide indications of true message origin
>
> Yes, that's a good point. A couple of months ago I got dozens of
> bounced messages back, sent with one of my addresses as the sender, but
> using The Bat! as email program. Yeah... right
> --
>
> Ajo Wissink
>
> --
> Posted via a free Usenet account fromhttp://www.teranews.com

......................
Thanks for these interesting possibilities. However, they don't appear
to relate to our problem. The messages that are going out under my
email address are "sales pitches", notifications of site changes, and
"I've got new pictures for you from your friend, so be sure to check
this website". Also, a romance enticement. These in no way seem
associated with spam that I have received. Further, these don't seem
associated with any website I visit (very few), or any personal
interest I have. It just looks like someone who has seized my email
address for their own personal advantage. Thanks for all efforts to
assist me. Robert B. Fleming

someone wrote in news:1175734977.961872.48840@d57g2000hsg.googlegroups.com:

> Robert B. Fleming

Posting to usenet with an email address mentioned in plain English is
asking for someone to abuse that email address (sorry!).

Goodle for "munge" as in munging your email address. See the sig also.

--
Best regards
Han
email address is invalid

On Wed, 04 Apr 2007 20:02:58 -0500, Robert Fleming wrote:

> The messages that are going out under my email address
> are "sales pitches", notifications of site changes, and
> "I've got new pictures for you from your friend, so be sure to check
> this website". Also, a romance enticement. These in no way seem
> associated with spam that I have received. Further, these don't seem
> associated with any website I visit (very few), or any personal
> interest I have. It just looks like someone who has seized my email
> address for their own personal advantage.

Have you yet displayed the "full headers" (especially "Received:")
and looked to see from where they actually originate?
(post just the complete headers from one message if you'd like comments)

When posted addresses are "harvested" by robots, it seems to me
that the most common use to which they are put
is on mailing lists destined to *receive* spam (To: you),
rather than as forged "From:" addresses on mass mailings
to entirely unrelated domains, which seems to me
to end up being less productive than using
purely imaginary "From:" addresses (which are less likely
to inspire vigorous pursuit and prosecution).

A secondary popular usage of such addresses is that in a set
of malware messages to one domain, messages to "bob@some.domain"
are often forged with another known "alice@some.domain"
in apparent attempt to make the recipient think that
it comes from a colleague, making it more likely
that the recipient will "see the attachment" (and get infected);
this is also commonplace in messages sent by computers
that are infected with "worms" that use addresses
found in the infected computer itself.

The third most popular disguise that I see all the time
is a message "To: me@my.domain" with "From: Shirley <me@my.domain>";
this trick often makes the message appear as just "From: Shirley"
in mail clients other than Eudora, and also sneaks past many
spam traps whose users mistakenly "whitelist" their own addresses
(a check for an "approved sender" only compares "me@my.domain"
and completely ignores the "Shirley" part).

If I experienced the phenomenon which you are experiencing,
I would certainly look at those complete headers,
just to make sure that my computer didn't get possessed
by any "slave" robot that remote spammers use
to send mailings which they provide.

These "bot-nets" are what the "Postini" article referred to;
it's like having a "tapeworm" which feeds off your computer's
idle time and connection bandwidth, and if my computer did
swallow such a creature, I'd want to de-worm it ASAP,
before my ISP discovered it and disconnected me.

-[ ]-

On Apr 4, 9:52 pm, "John H Meyers" <jhmey...@nomail.invalid> wrote:
> On Wed, 04 Apr 2007 20:02:58 -0500, Robert Fleming wrote:
> > The messages that are going out under my email address
> > are "sales pitches", notifications of site changes, and
> > "I've got new pictures for you from your friend, so be sure to check
> > this website". Also, a romance enticement. These in no way seem
> > associated with spam that I have received. Further, these don't seem
> > associated with any website I visit (very few), or any personal
> > interest I have. It just looks like someone who has seized my email
> > address for their own personal advantage.
>
> Have you yet displayed the "full headers" (especially "Received:")
> and looked to see from where they actually originate?
> (post just the complete headers from one message if you'd like comments)
>
> When posted addresses are "harvested" by robots, it seems to me
> that the most common use to which they are put
> is on mailing lists destined to *receive* spam (To: you),
> rather than as forged "From:" addresses on mass mailings
> to entirely unrelated domains, which seems to me
> to end up being less productive than using
> purely imaginary "From:" addresses (which are less likely
> to inspire vigorous pursuit and prosecution).
>
> A secondary popular usage of such addresses is that in a set
> of malware messages to one domain, messages to "b...@some.domain"
> are often forged with another known "a...@some.domain"
> in apparent attempt to make the recipient think that
> it comes from a colleague, making it more likely
> that the recipient will "see the attachment" (and get infected);
> this is also commonplace in messages sent by computers
> that are infected with "worms" that use addresses
> found in the infected computer itself.
>
> The third most popular disguise that I see all the time
> is a message "To: m...@my.domain" with "From: Shirley <m...@my.domain>";
> this trick often makes the message appear as just "From: Shirley"
> in mail clients other than Eudora, and also sneaks past many
> spam traps whose users mistakenly "whitelist" their own addresses
> (a check for an "approved sender" only compares "m...@my.domain"
> and completely ignores the "Shirley" part).
>
> If I experienced the phenomenon which you are experiencing,
> I would certainly look at those complete headers,
> just to make sure that my computer didn't get possessed
> by any "slave" robot that remote spammers use
> to send mailings which they provide.
>
> These "bot-nets" are what the "Postini" article referred to;
> it's like having a "tapeworm" which feeds off your computer's
> idle time and connection bandwidth, and if my computer did
> swallow such a creature, I'd want to de-worm it ASAP,
> before my ISP discovered it and disconnected me.
>
> -[ ]-

Yes, of course we want to de-worm it, but HOW? We have installed two
of the most reliable spyware packages, and they did not eliminate it.