Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 374
  • Last Modified:

I need to determine if my computer is sending spam and why I receive messages indicating that it is.

Some of the spam I received results in a message that reads (I use Norton Antispam): "The e-mail address "my-email address here is shown here" already exists in your allowed list.  In the from address of the e-mail it will give a random name such a "Timothy Cameron [my-email address is shown here]"  I get a few of these everyday and at first I thought that my computer had been contaminated with something that was sending out spam without my knowing; sometimes I will also get a reply from someone else saying that the message I sent (always a typical spam message) was rejected.

My thought has always been that my computer is secretly sending out spam but I don't know how this could be happening?  I do have a cable connection and my computer is always on but I also have a secure firewall, use AdAware, PestPatrol, Norton Anti-Virus, have looked up to see that everything in my start-up are programs that should be there, etc.  Backweb, Backweb Lite, SpyGame Arcade are the only things I ignore and don't delete (although I have 3 Kontiki DLL files which say they will delete on next boot but don't).  I've also run other security software and still have come up with nothing to explain this.

Why am I receiving both occasional spam e-mails to myself (sent to me) with an alias and my own return e-mail address as well as occasional spam e-mails rejection messages from others which appear as if my computer has been sending spam?  Why can't I find any clues to this behavior and lastly, why when I look in my e-mail sent folder (by the way I use Outlook), don't I see any "sent" messages that should have resulted in these messages that seem to be going out?
2 Solutions

some hints to prevent your computer from being used as a SPAM relay:

1) If you're PC is connected to the Internet use a personal firewall (e.g. ISS Black ICE)
    or (even better) use a firewall box (e.g. Safe@Office from Check Point).

    Remark: I consider a seperate firewall to be better because it makes it harder for
    MalWare to disable it. If you want not to invest money, use at least a free personal
    firewall like Kerio or ZoneAlarm. From the personal firewalls i like BlackICE most
    because it contains an intrusion detection system and keeps an MD5 hash on all
    files, but it is difficult to configure.

2) Configure the firewall that it blocks all outgoing SMTP traffic (TCP Port 25) to
    all destinations exscept the mail server (of your provider) that you're using.

3) Configure the firewall to block all incoming connections.

4) Use Antivirus-Software and AntiSpyware and update them regularly.
    As far as i can see, you're already on top of this problem.

You can find more information about how to do it, using following links:

- http://www.maths.usyd.edu.au:8000/u/psz/securepc.html
- http://www.microsoft.com/athome/security/protect/default.aspx
- http://www.uic.edu/depts/accc/security/os/

Links for personal firewalls:

- http://www.zonelabs.com/store/content/home.jsp
- http://www.kerio.com/kerio.html
- http://www.digitalriver.com/dr/v2/ec_dynamic.main?SP=1&PN=10&sid=26412

In your case it seems more someone else is using your email address to send out
SPAM. Unluckily this happens quite often and it can ruin your day if you get 5.000
mails a day saying "Your mail was not delivered". Happened to me some times.

All you can do is keep your email address from being used on web sites or in
newsgroups. On a long shot try to convince the administrator of your email
domain to use a system like SPF (http://spf.pobox.com/).

I hope this helps,

Could you please send me one of the emails causing you trouble?

Ahh yes it looks as though this is a mail virus, it looks in your contacts and others peoples contacts and generates mail from a randon name, it also has its own built in smtp server relay.  As soon as you downloaded the file it will have moved in on your contacts.  Or you are actually on the receiving side of this virus, but these emails that it sends out all also contain the virus.  I may be this one but there are others that do the same thing http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.m@mm.html

You need to do a full scan on your PC, if you already have AV then run full updates and do a full scan of your machine. By the way if you have received this virus in the past then people who are in your contacts will get a mail from random people at random places made up from your contacts to try and infect them also.  Likewise when they get it, they all send back to you without even knowing about it, unless the have AV protecting the perimeter.

I have witnessed this type of virus at first hand at least twice in the last few months!  mister-fixit i wouldn't give your email out on here its against the rules, besides if this question goes to PAQ you will be receiving emails from every tom dick and harry for years to come, not to mention he could infect your machine with the virus too!

Ok anyway i wish you the best of luck with it, its not too difficule toi get rid if.  Ooooh if you don't have Anti Virus then go to http://housecall.trendmicro.com/ for a free online virus scanner.  Atually use that one aswell as your own AV scanner if you have one.


Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

byeringtonAuthor Commented:
Answer from pjcrooks did not result in anything.  My Norton updates and runs weekly and the "housecall.trendmicro.com" AV found nothing.  I use Sygate now; a month or 2 prior I used ZoneAlarm Pro; the problems exists the same with both.  I have yet to try to and see if I can configure Sygate as martinseeger instructs; I will play with this answer later.

Now, I don't get massive non-deliverable messages and the ones I receive that appear to be sent to myself only show up randomly.  Some days none, some days a couple.  Again, I use cable and e-mail is up and running at least half of each day and computer is always on.  I am just baffled by this since no utility software can find anything and my sent box never gives a clue that I am sending anything out.  It is not as much of a huge problem as it is a mystery that I would like to solve.  And if I didn't mention before, my operating system is XP Home Edition.

Thanks, Brian
Now then Brian,

Just because you personally don't have a virus that does what I was saying above does not mean that someone with your name in their inbox does not have the virus.  

The virus sends spoof messages like the ones your explaining trying to spread the virus in this manner, on the link i sent you http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.m@mm.html look at the email subject areas.  They claim to have not delivered mail, failed mail messages etc etc .....

Read from section 8 onwards and see if it sounds familiar.  You could be receiving email from someone who does not knwo they have this virus and eveytime they open up their outlook it sends more viruses out, do you get what I mean?, you will just have to be careful and look out for any email attachements with an scr extension.  Deleted all these messages straight away if you get them.  They may still get onto you PC because they are so random in their nature.  


Tim HolmanCommented:
I don't think you have a virus either.  It's common for viruses to try and spread, or SPAM to initiate using the destination email address as a source address.
A quick check of the source headers will verify this.  Your machine probably wasn't even turned on when the mails are timestamped !  ;)
I get a few of these now and again - nothing major to worry about.
Heh.. well i hope not :)

Featured Post

The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now