POV-Ray : Newsgroups : povray.general : Ian H. Server Time
1 Nov 2024 21:21:38 EDT (-0400)
  Ian H. (Message 1 to 6 of 6)  
From: GrimDude
Subject: Ian H.
Date: 14 Jul 2004 01:27:45
Message: <40f4c451@news.povray.org>
Has your system been hijacked? I started getting junk mail from your box and
I don't think you would do that.

Grim


Post a reply to this message

From: Thorsten Froehlich
Subject: Re: Ian H.
Date: 14 Jul 2004 02:58:09
Message: <40f4d981@news.povray.org>
In article <40f4c451@news.povray.org> , "GrimDude" <gri### [at] bellsouthnet>
wrote:

> Has your system been hijacked? I started getting junk mail from your box and
> I don't think you would do that.

Today spam bots will use real email addresses they find and specify them as
sender.  They just misuse the persons email address, not the person's email
account or system, just the *address*.  Email is no different from paper
mail, you can put any address as sender on it.

    Thorsten

____________________________________________________
Thorsten Froehlich, Duisburg, Germany
e-mail: tho### [at] trfde

Visit POV-Ray on the web: http://mac.povray.org


Post a reply to this message

From: Alain
Subject: Re: Ian H.
Date: 14 Jul 2004 08:57:28
Message: <40f52db8$1@news.povray.org>
GrimDude nous apporta ses lumieres ainsi en ce 14/07/2004 01:27... :

>Has your system been hijacked? I started getting junk mail from your box and
>I don't think you would do that.
>
>Grim
>  
>
Look at the header, Ian H. use Microsoft Outlook Express Macintosh 
Edition - 4.5 (0410)
If it's not the same, it's somebody else that got hijacked.

Alain


Post a reply to this message

From: Mike Williams
Subject: Re: Ian H.
Date: 14 Jul 2004 19:23:25
Message: <BNUcdDAZ9b9AFwCi@econym.demon.co.uk>
Wasn't it Alain who wrote:
>GrimDude nous apporta ses lumieres ainsi en ce 14/07/2004 01:27... :
>
>>Has your system been hijacked? I started getting junk mail from your box and
>>I don't think you would do that.
>>
>>Grim
>>  
>>
>Look at the header, Ian H. use Microsoft Outlook Express Macintosh 
>Edition - 4.5 (0410)
>If it's not the same, it's somebody else that got hijacked.

That doesn't follow at all.

There's no reason to suppose that the email headers faked by malware
running on an infected system would pretend to use the same version of
mail software as used by the owner of that system.

-- 
Mike Williams
Gentleman of Leisure


Post a reply to this message

From: GrimDude
Subject: Re: Ian H.
Date: 14 Jul 2004 19:28:38
Message: <40f5c1a6$1@news.povray.org>
Seems awfully funny that I just happen to know Ian from the boards here, and
then begin to get spammed (alledgedly) by him.

Grim

"Mike Williams" <nos### [at] econymdemoncouk> wrote in message
news:BNU### [at] econymdemoncouk...
> Wasn't it Alain who wrote:
> >GrimDude nous apporta ses lumieres ainsi en ce 14/07/2004 01:27... :
> >
> >>Has your system been hijacked? I started getting junk mail from your box
and
> >>I don't think you would do that.
> >>
> >>Grim
> >>
> >>
> >Look at the header, Ian H. use Microsoft Outlook Express Macintosh
> >Edition - 4.5 (0410)
> >If it's not the same, it's somebody else that got hijacked.
>
> That doesn't follow at all.
>
> There's no reason to suppose that the email headers faked by malware
> running on an infected system would pretend to use the same version of
> mail software as used by the owner of that system.
>
> -- 
> Mike Williams
> Gentleman of Leisure


Post a reply to this message

From: Mike Williams
Subject: Re: Ian H.
Date: 14 Jul 2004 19:59:28
Message: <h6UkQPAaec9AFwVp@econym.demon.co.uk>
Wasn't it GrimDude who wrote:
>Seems awfully funny that I just happen to know Ian from the boards here, and
>then begin to get spammed (alledgedly) by him.

It may just mean that there's an infected system somewhere that has both
of your addresses in a file that the worm has access to. Several recent
worms scan news and mail systems for addresses and send to one of those
addresses while using another in the faked From line. This helps the
worm spread because it may appear come from someone you know.

The only way to be sure is to track backwards through the "Received"
header lines. Each system adds a Received line when it receives the
message. The first Received header line should show your ISP's mail
server giving the message to your mail client. The last Received header
line should show the originator's system sending it to its ISP's mail
server. There should be a continuity of mail servers from bottom to top,
if there's a discontinuity it may mean that the lower Received lines are
faked. The malware can insert fake Received lines to a message, but it
can't stop real ones being added by each system that it passes through.

-- 
Mike Williams
Gentleman of Leisure


Post a reply to this message

Copyright 2003-2023 Persistence of Vision Raytracer Pty. Ltd.