Solved

disappearing email?

Posted on 2006-11-11
10
310 Views
Last Modified: 2010-04-11
One day a person sent me an email( I have a firewall and antivirus) it contained a picture in it.  I was just going to forward the email to another email address so that I could triple scan it with an antivirus. As I tried to forward the email it popped open in the preview pane.  The next time I got onto yahoo messenger everything I said, where I was , what room I was in , everything was being seen by this person. When I went back into my mail to see the persons address again the email itself was gone. I swear it was there because I was able to forward it to the other address, I have the forwarded email the contains the orginal e-mail in the second email address but the very one this person sent me disappeared how is this possible?

After that I noticed some very strange things happening on my computer.  When I scan for a virus ( its clean ) spyware ( its clean ) My firewall never detected anything...


Am I crazy?
0
Comment
Question by:Smcf4
10 Comments
 

Expert Comment

by:titch98
ID: 17922989
Are you crazy? Probably not.........!

Firstly, what email client are you using? Outlook, Outlook Express, Incredimail.....?

Due to certain security issues with email transactions and Government Agencies using email records as evidence against people (i.e. FBI versus Microsoft....!!), there has been a call for new methods of handling mail messages. One way that this call has been answered, is the SELF DESTRUCTING EMAIL. There are two main programs in circulation at present that can form Self Destructing Emails - Disappearing Email for Outlook Express and SafeMessage from AbsoluteFuture.com. To give you some idea, Disappearing Email is a 350K downloadable Microsoft Outlook plug-in that lets you send encrypted, self-destructing messages to almost any e-mail system or client.

Not too good for people like yourself who has possibly been sent a Self Destruction email, with an attachment, that has contained some kind of malicious script and although you have firewall and antivirus on your system, what you have explained points to this - also the fact that "strange things" have been happening to your computer since.

Do not put too much faith in Firewalls or Anti-Virus. A friend of mine has just spent 2 days clearing viruses off his system and he has Norton installed...........

All I can suggest for now, without delving any deeper, is use system restore to set your system to a configuration BEFORE you recieved the email. Also, try using a different Anti-Virus proggy to see if it detects anything on your system. Online virus checkers are also good for double checking your system.

If you still have problems, repost here and we will look deeper into things.
0
 
LVL 8

Expert Comment

by:jako
ID: 17925040
There's a feature within most e-mail clients that cleans up the view of the e-mails listed that have been expired. X-Expire: is the header for that in the e-mails, IIRC.
If you happen to have MS Outlook, you can see the option from the View-Options dialog when you're in the e-mail composing window -- there's a "Expires after" check box with subsequently activated date and time controls. Try sending yourself one to see if it behaves accordingly.
Expired e-mails however are probably not deleted but only hidden.
0
 
LVL 23

Expert Comment

by:Admin3k
ID: 17962180
alright , I am assuming you are using outlook express or microsoft outlook as this seems to be a specially crafted email intended to exploit a known vulnerability in OE,MS Outlook and even internet explorer , make sure to disable auto-preview feature for Outlook , also make sure your Internet zone security is set to HIGH .

as for your case , kindly share a hijack this log with us , although Antivirus and antispyware products on your system fail to detect any malware , the system was most likely compromised , however the HT LOG (generated in safe mode) will show traces of the infection if any , I would also advise NOT to physically delete any files we might uncover physically from your hard drive , there might be a case of NEW/Unknown variant of Malware that AV companies should take a look at .

 awaiting your response , Best regards .
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 

Author Comment

by:Smcf4
ID: 17971709
I was using Gmail.  I sent this person my gmail account because I did not want them having my yahoo accounts ( since yahoo email shows your main account ) or my isp account)  I will run a hijack this log as soon as possible. Which will probably later today and will post the results you are asking for.  Would u know of a way to turn off the preview pane in gmail?
0
 

Author Comment

by:Smcf4
ID: 17971742
I do have another question, suppose this person did send something in this email some type of keylogger of sorts to see what I am typing in yahoo messenger.  I have several computers if they are all running on the same modem and isp ( I actually have two different isp's  )  two computers are hooked to one and two to the other,  if I were to log into some of the accounts on the compromised computers on the clean computers will they too be compromised?
0
 
LVL 8

Accepted Solution

by:
jako earned 500 total points
ID: 17978183
GMail is AJAX interface on a bunch of webservers, AFAIK. In such cases HTML e-mail content goes through a complex sanitation and it would be tricky to write a script that cleans up its traces (only) when propagated through the GMail.
With you demonstrating your disability to interact with the interface (preview pane question) I am fairly confident that this is a case of applied filtering on a view of e-mail list and not self deleting e-mail.
0
 
LVL 8

Expert Comment

by:jako
ID: 17978316
Most overflow holes for various image manipulation components within Windows are patched already (it is quite another thing if you have applied the patches). Let's assume, that a new unknown vulnerability was exploited (your clean AV report) and you are a victim of a keylogging program. Even then your firewall should have interfered with the outbound packets from the keylogger and your GMail account passwd should have never gotten out. Ok. You suspect that it happened and you are desperate to take action:
Migrate all data and reinstall and update the OS to get rid of the possible rootkitted_keylogger_and_whatnot, tighten the firewall rules, change all passwords etc etc.

And most of all - drop the assumptions that popular communication methods are secure and private. they are NOT. Yahoo messenger is not using encrypted channels to forward your chat to other parties - everything is being sent as clear text and as such assume that anything that you type in yahoo messenger, can be read by everybody.

0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now