Malware Issue; email message is being sent to multiple recipients from my email account, probably to China.
What is going on here? I have inserted a portion of a returned email message sent from my email account:
__________________________
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
13106081@163.com
SMTP error from remote mail server after RCPT TO:<13106081@163.com>:
host 163mx01.mxmail.netease.com
550 User not found: 13106081@163.com
------ This is a copy of the message, including all the headers. ------
------ The body of the message is 118455 characters long; only the first
------ 106496 or so are included here.
Return-path: <tjvetter@pipeline.com>
Received: from [182.108.150.194] (helo=ynxy.net)
by elasmtp-junco.atl.sa.earth
(envelope-from <tjvetter@pipeline.com>)
id 1bHvwl-0006ri-7g; Tue, 28 Jun 2016 12:33:15 -0400
Message-ID:<20160629003248
From:"" <tjvetter@pipeline.com>
To:""<13106044444@163.com>
<13106081@163.com>,
<13106789696@163.com>,
<13107004151@163.com>,
<13107162430@163.com>,
<13107433452@163.com>,
<1310743703g@163.com>,
<13107579464@163.com>,
<13108280081@163.com>,
<13108502340@163.com>,
<13108578368@163.com>,
<13108893247@163.com>,
<13109038741@163.com>,
<13109049729@163.com>,
<13109230210@163.com>
Subject: 黎昕似乎看注意,查看护士护师改分包过
Date:Wed, 29 Jun 2016 00:32:48 +0800
Mime-Version: 1.0
Content-Type: multipart/alternative;
boundary="=7da54d1cac5519f
This is a multi-part message in MIME format.
--=7da54d1cac5519ff2cd1aba
Content-Type: text/html;
charset="utf-8"
Content-Transfer-Encoding:
PFA+c1llUXdNaFhjQmJVZE1kQW
Zm9ydGggZXhjZXB0aW9uIGhhbm
REVSLVJJR0hUOiAjYjlkM2VlID
aWQ7IE1BUkdJTi1UT1A6IDE1cH
Q0tHUk9VTkQ6IHVybChkYXRhOm
QUI0QUFELzRRQVdSWGhwWmdBQV
__________________________
I did not sent this and the MIME code looks like it is thousands of lines long (this is only the beginning few lines). I run Malwarebytes every night automatically. And I have McAffee anti-virus.
__________________________
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
13106081@163.com
SMTP error from remote mail server after RCPT TO:<13106081@163.com>:
host 163mx01.mxmail.netease.com
550 User not found: 13106081@163.com
------ This is a copy of the message, including all the headers. ------
------ The body of the message is 118455 characters long; only the first
------ 106496 or so are included here.
Return-path: <tjvetter@pipeline.com>
Received: from [182.108.150.194] (helo=ynxy.net)
by elasmtp-junco.atl.sa.earth
(envelope-from <tjvetter@pipeline.com>)
id 1bHvwl-0006ri-7g; Tue, 28 Jun 2016 12:33:15 -0400
Message-ID:<20160629003248
From:"" <tjvetter@pipeline.com>
To:""<13106044444@163.com>
<13106081@163.com>,
<13106789696@163.com>,
<13107004151@163.com>,
<13107162430@163.com>,
<13107433452@163.com>,
<1310743703g@163.com>,
<13107579464@163.com>,
<13108280081@163.com>,
<13108502340@163.com>,
<13108578368@163.com>,
<13108893247@163.com>,
<13109038741@163.com>,
<13109049729@163.com>,
<13109230210@163.com>
Subject: 黎昕似乎看注意,查看护士护师改分包过
Date:Wed, 29 Jun 2016 00:32:48 +0800
Mime-Version: 1.0
Content-Type: multipart/alternative;
boundary="=7da54d1cac5519f
This is a multi-part message in MIME format.
--=7da54d1cac5519ff2cd1aba
Content-Type: text/html;
charset="utf-8"
Content-Transfer-Encoding:
PFA+c1llUXdNaFhjQmJVZE1kQW
Zm9ydGggZXhjZXB0aW9uIGhhbm
REVSLVJJR0hUOiAjYjlkM2VlID
aWQ7IE1BUkdJTi1UT1A6IDE1cH
Q0tHUk9VTkQ6IHVybChkYXRhOm
QUI0QUFELzRRQVdSWGhwWmdBQV
__________________________
I did not sent this and the MIME code looks like it is thousands of lines long (this is only the beginning few lines). I run Malwarebytes every night automatically. And I have McAffee anti-virus.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
John
The email came from here: Message-ID:<20160629003248
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you all. This allegedly outgoing mail did not appear in my Sent Items folder (Outlook). So, I don't think I can find anything else in the alleged headers.
Does John's comment mean that the email did not originate from my email server?
Does John's comment mean that the email did not originate from my email server?
If your machine originated the email, it was spoofed. When I go after Spam with email vendors, I always hand them the message ID
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Here is another one, it is on my Outlook at my regular computer (the other copy was from the online site for my email). This one has a bunch of hyperlinks that do not show here:
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
13106081@163.com
SMTP error from remote mail server after RCPT TO:<13106081@163.com>:
host 163mx01.mxmail.netease.com
550 User not found: 13106081@163.com
------ This is a copy of the message, including all the headers. ------
------ The body of the message is 118455 characters long; only the first
------ 106496 or so are included here.
Return-path: <tjvetter@pipeline.com>
Received: from [182.108.150.194] (helo=ynxy.net)
by elasmtp-junco.atl.sa.earth
(envelope-from <tjvetter@pipeline.com>)
id 1bHvwl-0006ri-7g; Tue, 28 Jun 2016 12:33:15 -0400
Message-ID:<20160629003248
From:"" <tjvetter@pipeline.com>
To:""<13106044444@163.com>
<13106081@163.com>,
<13106789696@163.com>,
<13107004151@163.com>,
<13107162430@163.com>,
<13107433452@163.com>,
<1310743703g@163.com>,
<13107579464@163.com>,
<13108280081@163.com>,
<13108502340@163.com>,
<13108578368@163.com>,
<13108893247@163.com>,
<13109038741@163.com>,
<13109049729@163.com>,
<13109230210@163.com>
Subject: =?utf-8?B?6buO5piV5Ly85LmO
Date:Wed, 29 Jun 2016 00:32:48 +0800
Mime-Version: 1.0
Content-Type: multipart/alternative;
boundary="=7da54d1cac5519f
This is a multi-part message in MIME format.
--=7da54d1cac5519ff2cd1aba
Content-Type: text/html;
charset="utf-8"
Content-Transfer-Encoding:
PFA+c1llUXdNaFhjQmJVZE1kQW
Zm9ydGggZXhjZXB0aW9uIGhhbm
REVSLVJJR0hUOiAjYjlkM2VlID
aWQ7IE1BUkdJTi1UT1A6IDE1cH
Q0tHUk9VTkQ6IHVybChkYXRhOm
QUI0QUFELzRRQVdSWGhwWmdBQV
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
13106081@163.com
SMTP error from remote mail server after RCPT TO:<13106081@163.com>:
host 163mx01.mxmail.netease.com
550 User not found: 13106081@163.com
------ This is a copy of the message, including all the headers. ------
------ The body of the message is 118455 characters long; only the first
------ 106496 or so are included here.
Return-path: <tjvetter@pipeline.com>
Received: from [182.108.150.194] (helo=ynxy.net)
by elasmtp-junco.atl.sa.earth
(envelope-from <tjvetter@pipeline.com>)
id 1bHvwl-0006ri-7g; Tue, 28 Jun 2016 12:33:15 -0400
Message-ID:<20160629003248
From:"" <tjvetter@pipeline.com>
To:""<13106044444@163.com>
<13106081@163.com>,
<13106789696@163.com>,
<13107004151@163.com>,
<13107162430@163.com>,
<13107433452@163.com>,
<1310743703g@163.com>,
<13107579464@163.com>,
<13108280081@163.com>,
<13108502340@163.com>,
<13108578368@163.com>,
<13108893247@163.com>,
<13109038741@163.com>,
<13109049729@163.com>,
<13109230210@163.com>
Subject: =?utf-8?B?6buO5piV5Ly85LmO
Date:Wed, 29 Jun 2016 00:32:48 +0800
Mime-Version: 1.0
Content-Type: multipart/alternative;
boundary="=7da54d1cac5519f
This is a multi-part message in MIME format.
--=7da54d1cac5519ff2cd1aba
Content-Type: text/html;
charset="utf-8"
Content-Transfer-Encoding:
PFA+c1llUXdNaFhjQmJVZE1kQW
Zm9ydGggZXhjZXB0aW9uIGhhbm
REVSLVJJR0hUOiAjYjlkM2VlID
aWQ7IE1BUkdJTi1UT1A6IDE1cH
Q0tHUk9VTkQ6IHVybChkYXRhOm
QUI0QUFELzRRQVdSWGhwWmdBQV
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks!