• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 379
  • Last Modified:

I need to determine if my computer is sending spam and why I receive messages indicating that it is.

Some of the spam I received results in a message that reads (I use Norton Antispam): "The e-mail address "my-email address here is shown here" already exists in your allowed list.  In the from address of the e-mail it will give a random name such a "Timothy Cameron [my-email address is shown here]"  I get a few of these everyday and at first I thought that my computer had been contaminated with something that was sending out spam without my knowing; sometimes I will also get a reply from someone else saying that the message I sent (always a typical spam message) was rejected.

My thought has always been that my computer is secretly sending out spam but I don't know how this could be happening?  I do have a cable connection and my computer is always on but I also have a secure firewall, use AdAware, PestPatrol, Norton Anti-Virus, have looked up to see that everything in my start-up are programs that should be there, etc.  Backweb, Backweb Lite, SpyGame Arcade are the only things I ignore and don't delete (although I have 3 Kontiki DLL files which say they will delete on next boot but don't).  I've also run other security software and still have come up with nothing to explain this.

Why am I receiving both occasional spam e-mails to myself (sent to me) with an alias and my own return e-mail address as well as occasional spam e-mails rejection messages from others which appear as if my computer has been sending spam?  Why can't I find any clues to this behavior and lastly, why when I look in my e-mail sent folder (by the way I use Outlook), don't I see any "sent" messages that should have resulted in these messages that seem to be going out?
2 Solutions

some hints to prevent your computer from being used as a SPAM relay:

1) If you're PC is connected to the Internet use a personal firewall (e.g. ISS Black ICE)
    or (even better) use a firewall box (e.g. Safe@Office from Check Point).

    Remark: I consider a seperate firewall to be better because it makes it harder for
    MalWare to disable it. If you want not to invest money, use at least a free personal
    firewall like Kerio or ZoneAlarm. From the personal firewalls i like BlackICE most
    because it contains an intrusion detection system and keeps an MD5 hash on all
    files, but it is difficult to configure.

2) Configure the firewall that it blocks all outgoing SMTP traffic (TCP Port 25) to
    all destinations exscept the mail server (of your provider) that you're using.

3) Configure the firewall to block all incoming connections.

4) Use Antivirus-Software and AntiSpyware and update them regularly.
    As far as i can see, you're already on top of this problem.

You can find more information about how to do it, using following links:

- http://www.maths.usyd.edu.au:8000/u/psz/securepc.html
- http://www.microsoft.com/athome/security/protect/default.aspx
- http://www.uic.edu/depts/accc/security/os/

Links for personal firewalls:

- http://www.zonelabs.com/store/content/home.jsp
- http://www.kerio.com/kerio.html
- http://www.digitalriver.com/dr/v2/ec_dynamic.main?SP=1&PN=10&sid=26412

In your case it seems more someone else is using your email address to send out
SPAM. Unluckily this happens quite often and it can ruin your day if you get 5.000
mails a day saying "Your mail was not delivered". Happened to me some times.

All you can do is keep your email address from being used on web sites or in
newsgroups. On a long shot try to convince the administrator of your email
domain to use a system like SPF (http://spf.pobox.com/).

I hope this helps,

Could you please send me one of the emails causing you trouble?

Ahh yes it looks as though this is a mail virus, it looks in your contacts and others peoples contacts and generates mail from a randon name, it also has its own built in smtp server relay.  As soon as you downloaded the file it will have moved in on your contacts.  Or you are actually on the receiving side of this virus, but these emails that it sends out all also contain the virus.  I may be this one but there are others that do the same thing http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.m@mm.html

You need to do a full scan on your PC, if you already have AV then run full updates and do a full scan of your machine. By the way if you have received this virus in the past then people who are in your contacts will get a mail from random people at random places made up from your contacts to try and infect them also.  Likewise when they get it, they all send back to you without even knowing about it, unless the have AV protecting the perimeter.

I have witnessed this type of virus at first hand at least twice in the last few months!  mister-fixit i wouldn't give your email out on here its against the rules, besides if this question goes to PAQ you will be receiving emails from every tom dick and harry for years to come, not to mention he could infect your machine with the virus too!

Ok anyway i wish you the best of luck with it, its not too difficule toi get rid if.  Ooooh if you don't have Anti Virus then go to http://housecall.trendmicro.com/ for a free online virus scanner.  Atually use that one aswell as your own AV scanner if you have one.


Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

byeringtonAuthor Commented:
Answer from pjcrooks did not result in anything.  My Norton updates and runs weekly and the "housecall.trendmicro.com" AV found nothing.  I use Sygate now; a month or 2 prior I used ZoneAlarm Pro; the problems exists the same with both.  I have yet to try to and see if I can configure Sygate as martinseeger instructs; I will play with this answer later.

Now, I don't get massive non-deliverable messages and the ones I receive that appear to be sent to myself only show up randomly.  Some days none, some days a couple.  Again, I use cable and e-mail is up and running at least half of each day and computer is always on.  I am just baffled by this since no utility software can find anything and my sent box never gives a clue that I am sending anything out.  It is not as much of a huge problem as it is a mystery that I would like to solve.  And if I didn't mention before, my operating system is XP Home Edition.

Thanks, Brian
Now then Brian,

Just because you personally don't have a virus that does what I was saying above does not mean that someone with your name in their inbox does not have the virus.  

The virus sends spoof messages like the ones your explaining trying to spread the virus in this manner, on the link i sent you http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.m@mm.html look at the email subject areas.  They claim to have not delivered mail, failed mail messages etc etc .....

Read from section 8 onwards and see if it sounds familiar.  You could be receiving email from someone who does not knwo they have this virus and eveytime they open up their outlook it sends more viruses out, do you get what I mean?, you will just have to be careful and look out for any email attachements with an scr extension.  Deleted all these messages straight away if you get them.  They may still get onto you PC because they are so random in their nature.  


Tim HolmanCommented:
I don't think you have a virus either.  It's common for viruses to try and spread, or SPAM to initiate using the destination email address as a source address.
A quick check of the source headers will verify this.  Your machine probably wasn't even turned on when the mails are timestamped !  ;)
I get a few of these now and again - nothing major to worry about.
Heh.. well i hope not :)
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now