yipperoo
asked on
Fake Emails with Attachments
For the past two days I've been getting some really weird emails. They're "from" all different email addresses but the content is always the same. There's three different emails I get:
1. The subject line is either "Re:" or "FwD:" (with the 'D' capitalized) or "FwD: Re:" and this is the body text:
--------------------------
ok ok ok,,,,, here is it
*** Server-AntiVirus: No Virus (Clean)
*** "YAHOO" Anti-Virus
*** http://www.yahoo.com
--------------------------
There is also an attachment on everyone of these emails that's called "our_secret.zip" and it's 52k
2. The second type of email I get says something to the affect that my email was blocked in the subject line. Sometimes it'll say "MAILER-DAEMON: Delivery Failure," "Your email was blocked" or just "mailing error." This is the body text:
--------------------------
This is an automatically generated E-Mail Delivery Status Notification.
Mail-Header, Mail-Body and Error Description are attached
*** AntiVirus: No Virus found
*** "YAHOO" Anti-Virus
*** http://www.yahoo.com
--------------------------
There's a file attached to this one called "error_mail_info.zip" (52k).
3. The third kind of weird email I get says something like "Your Password" or "Registration Confirmation" in the subject line and the body text always has a link in it but to a different website each time. Here's the body text:
--------------------------
Account and Password Information are attached!
Visit: http://www.advanta.com
*** Attachment-Scanner: Status OK
*** "YAHOO" Anti-Virus
*** http://www.yahoo.com
--------------------------
And there's a file attached to this one called "account_info_text.zip".
Can you tell me what the heck is going on with my email? It's so weird that I get these three specific types of emails. They're ALWAYS the same. The only things that change are the addresses they are apparently from and the link in the "Registration Confirmation" email.
I have a Yahoo email account and these emails ended up in my Bulk Folder. At least Yahoo filtered them out for me. And if that didn't work, I have Norton Anti-Spam also hooked up to this account and I'm sure that would have nabbed 'em. But I still want to know what's going on. Why all of a sudden am I getting attacked like this? I set up three filters to block each email based on the text in the body. And since I set up those filters it has detected every one of these emails because one of these lines is ALWAYS present in the email:
1. “ok ok ok,,,,, here is it”
2. “Account and Password Information are attached”
3. “Mail-Header, Mail-Body and Error Description are attached”
The worst part of this whole ordeal is .... some of the email addresses that these emails come from are the personal email addresses of people I actually know! I thought that maybe someone hacked my AddressBook in Yahoo! But I don't even have these persons addresses saved in my address book! How then am I getting fake emails from people I know? Is someone else hacking THEIR email accounts?
It’s not such a big deal ‘cause all my Spam filtering is weeding this stuff out, but I just want to know why this is happening. And how. I tried looking up these emails on Google but nothing came up. Am I the only person with the SPECIFIC problem? Is this some new scam? Is there any information posted on the internet where I can find out more info on this? To whom can I send these emails for investigation? I can decipher some things myself by looking at the full headers but I can’t tell much. I’m sure an expert could. Where is one so I can pick his brain?
David
1. The subject line is either "Re:" or "FwD:" (with the 'D' capitalized) or "FwD: Re:" and this is the body text:
--------------------------
ok ok ok,,,,, here is it
*** Server-AntiVirus: No Virus (Clean)
*** "YAHOO" Anti-Virus
*** http://www.yahoo.com
--------------------------
There is also an attachment on everyone of these emails that's called "our_secret.zip" and it's 52k
2. The second type of email I get says something to the affect that my email was blocked in the subject line. Sometimes it'll say "MAILER-DAEMON: Delivery Failure," "Your email was blocked" or just "mailing error." This is the body text:
--------------------------
This is an automatically generated E-Mail Delivery Status Notification.
Mail-Header, Mail-Body and Error Description are attached
*** AntiVirus: No Virus found
*** "YAHOO" Anti-Virus
*** http://www.yahoo.com
--------------------------
There's a file attached to this one called "error_mail_info.zip" (52k).
3. The third kind of weird email I get says something like "Your Password" or "Registration Confirmation" in the subject line and the body text always has a link in it but to a different website each time. Here's the body text:
--------------------------
Account and Password Information are attached!
Visit: http://www.advanta.com
*** Attachment-Scanner: Status OK
*** "YAHOO" Anti-Virus
*** http://www.yahoo.com
--------------------------
And there's a file attached to this one called "account_info_text.zip".
Can you tell me what the heck is going on with my email? It's so weird that I get these three specific types of emails. They're ALWAYS the same. The only things that change are the addresses they are apparently from and the link in the "Registration Confirmation" email.
I have a Yahoo email account and these emails ended up in my Bulk Folder. At least Yahoo filtered them out for me. And if that didn't work, I have Norton Anti-Spam also hooked up to this account and I'm sure that would have nabbed 'em. But I still want to know what's going on. Why all of a sudden am I getting attacked like this? I set up three filters to block each email based on the text in the body. And since I set up those filters it has detected every one of these emails because one of these lines is ALWAYS present in the email:
1. “ok ok ok,,,,, here is it”
2. “Account and Password Information are attached”
3. “Mail-Header, Mail-Body and Error Description are attached”
The worst part of this whole ordeal is .... some of the email addresses that these emails come from are the personal email addresses of people I actually know! I thought that maybe someone hacked my AddressBook in Yahoo! But I don't even have these persons addresses saved in my address book! How then am I getting fake emails from people I know? Is someone else hacking THEIR email accounts?
It’s not such a big deal ‘cause all my Spam filtering is weeding this stuff out, but I just want to know why this is happening. And how. I tried looking up these emails on Google but nothing came up. Am I the only person with the SPECIFIC problem? Is this some new scam? Is there any information posted on the internet where I can find out more info on this? To whom can I send these emails for investigation? I can decipher some things myself by looking at the full headers but I can’t tell much. I’m sure an expert could. Where is one so I can pick his brain?
David
As you guessed and leew posted, those emails contain virus attachments and any good AV scanner would have deleted them on arrival.
Try Avast Home Edition (free):
http://www.avast.com/eng/programs.html
Regarding the "known" email addresses that is called spoofing and is explained here with good detail:
http://www.cert.org/tech_tips/email_spoofing.html
Anyway, you know the rules on email attacchments...
;-)
Zee
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Sorry guys,
the above posting was meant for another question
apologise for the incovenience.
Regards,
Einy
the above posting was meant for another question
apologise for the incovenience.
Regards,
Einy
Quote.
Sorry guys,
the above posting was meant for another question
apologise for the incovenience.
Unquote.
Must be a joke.
Zee
Sorry guys,
the above posting was meant for another question
apologise for the incovenience.
Unquote.
Must be a joke.
Zee
http://vil.nai.com/vil/content/v_133409.htm