Solved

I need to determine if my computer is sending spam and why I receive messages indicating that it is.

Posted on 2004-09-06
9
357 Views
Last Modified: 2013-11-16
Some of the spam I received results in a message that reads (I use Norton Antispam): "The e-mail address "my-email address here is shown here" already exists in your allowed list.  In the from address of the e-mail it will give a random name such a "Timothy Cameron [my-email address is shown here]"  I get a few of these everyday and at first I thought that my computer had been contaminated with something that was sending out spam without my knowing; sometimes I will also get a reply from someone else saying that the message I sent (always a typical spam message) was rejected.

My thought has always been that my computer is secretly sending out spam but I don't know how this could be happening?  I do have a cable connection and my computer is always on but I also have a secure firewall, use AdAware, PestPatrol, Norton Anti-Virus, have looked up to see that everything in my start-up are programs that should be there, etc.  Backweb, Backweb Lite, SpyGame Arcade are the only things I ignore and don't delete (although I have 3 Kontiki DLL files which say they will delete on next boot but don't).  I've also run other security software and still have come up with nothing to explain this.

Why am I receiving both occasional spam e-mails to myself (sent to me) with an alias and my own return e-mail address as well as occasional spam e-mails rejection messages from others which appear as if my computer has been sending spam?  Why can't I find any clues to this behavior and lastly, why when I look in my e-mail sent folder (by the way I use Outlook), don't I see any "sent" messages that should have resulted in these messages that seem to be going out?
0
Comment
Question by:byerington
9 Comments
 

Expert Comment

by:martinseeger
ID: 11991142
Hi,

some hints to prevent your computer from being used as a SPAM relay:

1) If you're PC is connected to the Internet use a personal firewall (e.g. ISS Black ICE)
    or (even better) use a firewall box (e.g. Safe@Office from Check Point).

    Remark: I consider a seperate firewall to be better because it makes it harder for
    MalWare to disable it. If you want not to invest money, use at least a free personal
    firewall like Kerio or ZoneAlarm. From the personal firewalls i like BlackICE most
    because it contains an intrusion detection system and keeps an MD5 hash on all
    files, but it is difficult to configure.

2) Configure the firewall that it blocks all outgoing SMTP traffic (TCP Port 25) to
    all destinations exscept the mail server (of your provider) that you're using.

3) Configure the firewall to block all incoming connections.

4) Use Antivirus-Software and AntiSpyware and update them regularly.
    As far as i can see, you're already on top of this problem.

You can find more information about how to do it, using following links:

- http://www.maths.usyd.edu.au:8000/u/psz/securepc.html
- http://www.microsoft.com/athome/security/protect/default.aspx
- http://www.uic.edu/depts/accc/security/os/

Links for personal firewalls:

- http://www.zonelabs.com/store/content/home.jsp
- http://www.kerio.com/kerio.html
- http://www.digitalriver.com/dr/v2/ec_dynamic.main?SP=1&PN=10&sid=26412

In your case it seems more someone else is using your email address to send out
SPAM. Unluckily this happens quite often and it can ruin your day if you get 5.000
mails a day saying "Your mail was not delivered". Happened to me some times.

All you can do is keep your email address from being used on web sites or in
newsgroups. On a long shot try to convince the administrator of your email
domain to use a system like SPF (http://spf.pobox.com/).

I hope this helps,

   Martin
0
 

Expert Comment

by:Mister-Fixit
ID: 11991266
Could you please send me one of the emails causing you trouble?

mister-fixit@netspace.net.au
0
 
LVL 8

Expert Comment

by:pjcrooks2000
ID: 11993217
Ahh yes it looks as though this is a mail virus, it looks in your contacts and others peoples contacts and generates mail from a randon name, it also has its own built in smtp server relay.  As soon as you downloaded the file it will have moved in on your contacts.  Or you are actually on the receiving side of this virus, but these emails that it sends out all also contain the virus.  I may be this one but there are others that do the same thing http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.m@mm.html

You need to do a full scan on your PC, if you already have AV then run full updates and do a full scan of your machine. By the way if you have received this virus in the past then people who are in your contacts will get a mail from random people at random places made up from your contacts to try and infect them also.  Likewise when they get it, they all send back to you without even knowing about it, unless the have AV protecting the perimeter.

I have witnessed this type of virus at first hand at least twice in the last few months!  mister-fixit i wouldn't give your email out on here its against the rules, besides if this question goes to PAQ you will be receiving emails from every tom dick and harry for years to come, not to mention he could infect your machine with the virus too!

Ok anyway i wish you the best of luck with it, its not too difficule toi get rid if.  Ooooh if you don't have Anti Virus then go to http://housecall.trendmicro.com/ for a free online virus scanner.  Atually use that one aswell as your own AV scanner if you have one.

Cheers

pjcrooks2000
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:byerington
ID: 11994439
Answer from pjcrooks did not result in anything.  My Norton updates and runs weekly and the "housecall.trendmicro.com" AV found nothing.  I use Sygate now; a month or 2 prior I used ZoneAlarm Pro; the problems exists the same with both.  I have yet to try to and see if I can configure Sygate as martinseeger instructs; I will play with this answer later.

Now, I don't get massive non-deliverable messages and the ones I receive that appear to be sent to myself only show up randomly.  Some days none, some days a couple.  Again, I use cable and e-mail is up and running at least half of each day and computer is always on.  I am just baffled by this since no utility software can find anything and my sent box never gives a clue that I am sending anything out.  It is not as much of a huge problem as it is a mystery that I would like to solve.  And if I didn't mention before, my operating system is XP Home Edition.

Thanks, Brian
0
 
LVL 8

Accepted Solution

by:
pjcrooks2000 earned 250 total points
ID: 11994785
Now then Brian,

Just because you personally don't have a virus that does what I was saying above does not mean that someone with your name in their inbox does not have the virus.  

The virus sends spoof messages like the ones your explaining trying to spread the virus in this manner, on the link i sent you http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.m@mm.html look at the email subject areas.  They claim to have not delivered mail, failed mail messages etc etc .....

Read from section 8 onwards and see if it sounds familiar.  You could be receiving email from someone who does not knwo they have this virus and eveytime they open up their outlook it sends more viruses out, do you get what I mean?, you will just have to be careful and look out for any email attachements with an scr extension.  Deleted all these messages straight away if you get them.  They may still get onto you PC because they are so random in their nature.  

Cheers

pjcrooks2000
0
 
LVL 23

Assisted Solution

by:Tim Holman
Tim Holman earned 250 total points
ID: 11996428
I don't think you have a virus either.  It's common for viruses to try and spread, or SPAM to initiate using the destination email address as a source address.
A quick check of the source headers will verify this.  Your machine probably wasn't even turned on when the mails are timestamped !  ;)
I get a few of these now and again - nothing major to worry about.
0
 
LVL 8

Expert Comment

by:pjcrooks2000
ID: 11999469
Heh.. well i hope not :)
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
The viewer will learn how to successfully download and install the SARDU utility on Windows 8, without downloading adware.
An overview on how to enroll an hourly employee into the employee database and how to give them access into the clock in terminal.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now