MEMBER ITEMS FOR SALE
Custom Knives | Other Knives | General Items
-------------------------------------------
New Posts | New PhotosAll Photos



Go Back   The Knife Network Forums : Knife Making Discussions > Knife Network : Support & Services > Feature & Member Support

Feature & Member Support Questions about how to use the features on the Knife Network web site? Problems logging in? Post them in here.

Reply
 
Thread Tools Display Modes
  #1  
Old 09-04-2006, 09:48 AM
Bob Warner's Avatar
Bob Warner Bob Warner is offline
Living Legend
 
Join Date: Jun 2002
Location: Royse City, Texas
Posts: 1,820
My son got a spam email -- FROM ME

Hello all,

This is freaky and I don't know what to do to stop it.

Here is the email I got this morning from my son Christopher.




From: chris@----------------
Subject: Dad, look at this Spam Message, it says it's from you....

------------


Subject:
body fat going for a spin
From:
"bob@warnerknives.com" CarolThornhillczjild@simpleconnect.net

Date:
Sat, 02 Sep 2006 02:29:49 -0500 [GMT]

**Do you want the following?*

down-down my weight
zipping my energy
bring down my weight
zipping my lean muscle mass
bring down my body fat
bring down my wrinkles and sags
revitalizes my hair and nail growth
refresh my memory, mood and mental energy
sleep soundly and awake rested
help "me" getting rid of stress, fatigue and depression



More Info Here <ttp://Asher008.hghforyouth.com">


My first assumption is that the other person that sent the email is also a "Victim" of email identity theft but they are named in the return path and I am not so I am not sure if they are spamming or being used.

Second, I went to WHOIS and searched the web domain: hghforyouth.com


Bulk Domain Registration
175 Montreal Road #304
Ottawa, Ontario K1L 6E4
CA

Domain Name: HGHFORYOUTH.COM

Administrative Contact::
Paul Gregoire: paulgreg@smxbox.com
Bulk Domain Registration
175 Montreal Road #304
Ottawa, Ontario K1L 6E4
CA
Phone:: 1-613-482-5333
Fax::
Technical Contact::
Paul Gregoire: paulgreg@smxbox.com
Bulk Domain Registration
175 Montreal Road #304
Ottawa, Ontario K1L 6E4
CA
Phone:: 1-613-482-5333
Fax::
Billing Contact::
Paul Gregoire: paulgreg@smxbox.com
Bulk Domain Registration
175 Montreal Road #304
Ottawa, Ontario K1L 6E4
CA
Phone:: 1-613-482-5333
Fax::

Record updated date on: 2006-08-30 21:15:14
Record created date on: 2006-08-30
Record will be expiring on date: 2007-08-30
Database last updated on: 2006-09-04 09:32:09 EST

Domain servers in listed order:

NS1.DNSDOMAINOK.COM 125.208.6.60
NS2.DNSDOMAINOK.COM 60.200.228.41

TransferGuard LOCK Status => ENABLED

The previous information has been obtained either directly from the registrant or a registrar of the domain name other than Network Solutions. Network Solutions, therefore, does not guarantee its accuracy or completeness.

The contact email is from the domain smxbox.com
I searched them as well but there is no person to contact.


Domain Name: SMXBOX.COM
Registrar: REGISTERFLY.COM, INC.
Whois Server: whois.registerfly.com
Referral URL: http://www.registerfly.com
Name Server: DNS2.REGISTERFLY.COM
Name Server: DNS1.REGISTERFLY.COM
Name Server: NS1.CALPOP.COM
Name Server: NS2.ZONEEDIT.COM
Name Server: NS14.ZONEEDIT.COM
Status: ACTIVE
EPP Status: ok
Updated Date: 22-Aug-2006
Creation Date: 30-Mar-2006
Expiration Date: 30-Mar-2007

Here is the information found when I "View Source"

Content-Type: message/rfc822;
name="body fat going for a spin"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="body fat going for a spin"

X-Account-Key: account2
Return-Path: <CarolThornhillczjild@simpleconnect.net>
Delivery-Date: Sat, 02 Sep 2006 02:30:12 -0400
Received-SPF: none (mxus11: 59.92.125.179 is neither permitted nor denied by domain of simpleconnect.net) client-ip=59.92.125.179; envelope-from=CarolThornhillczjild@simpleconnect.net; helo=2A5E820;
Received: from [59.92.125.179] (helo=2A5E820)
by mx.perfora.net (node=mxus11) with ESMTP (Nemesis),
id 0MKqNT-1GJP0p0SAI-0001wU ; Sat, 02 Sep 2006 02:30:11 -0400
Received: from qhfy4.tn.sunnyfl.net (192.168.781.904) by tsmtp0.tin.it (7.2.071.2) id 8R76E9VI244483VP; Sat, 02 Sep 2006 02:29:49 -0500
Message-ID: <vdnj9301436.Asher@sunnyfl.net>
Date: Sat, 02 Sep 2006 02:29:49 -0500 [GMT]
From: "bob@warnerknives.com" <CarolThornhillczjild@simpleconnect.net>
Reply-to: <CarolThornhillczjild@simpleconnect.net>
Subject: body fat going for a spin
Mime-Version: 1.0
Content-Type: text/html;charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Originating-IP: 59.92.125.179
Envelope-To: chris@-----------
X-SpamScore: 0.042
tests= INVALID_DATE

<html>
<head>
<meta http-equiv="Content-Language" content="en-us">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>Davalos Asher</title>
</head>
<body>

Anyone have suggestions on what to do? My first inclination os to call the contact number for the web page but I'm sure I will get some story about they know nothing about it. I could try to find out their web host and complain to them I guess but don't know how to find their host. Then I could contact the internet BBB and ask their help.

What should I do? I don't want my name being used to promote SPAM.

I will forward this email to anyone that needs to see it if they want to try to help me decide what to do.


__________________



Tumbling down the road at 35 MPH is no fun, TRUST ME!
Reply With Quote
  #2  
Old 09-04-2006, 11:56 AM
cwp's Avatar
cwp cwp is offline
Guru
 
Join Date: Nov 2002
Location: Emmett, Idaho
Posts: 1,178
Have you had a virus lately Bob? Common for them to grab an address book and then spoof the spam from a hijacked account using your name so it will get through the spam blocks of your contacts.

Make sure he is running a good anti-virus that scans e-mails, since one of the tricks is to embedd a virus with the spam to pull more info from the recipients and use the lists in the same way.

I don't know how to stop them, once it is started however.

--Carl


__________________
--Carl
N-T Porkin' Pig Price

?? KN Auctions to help a member in need and score a GREAT deal! ??
Reply With Quote
  #3  
Old 09-04-2006, 01:04 PM
Bob Warner's Avatar
Bob Warner Bob Warner is offline
Living Legend
 
Join Date: Jun 2002
Location: Royse City, Texas
Posts: 1,820
I have Nortun System Works. I schedule it to run EVERY night at 3am. It is on live update and updates all by itself.

I never get a virus warning. Both kids computers are set up the same way. If it is a virus, it is not being caught by Norton.


__________________



Tumbling down the road at 35 MPH is no fun, TRUST ME!
Reply With Quote
  #4  
Old 09-04-2006, 05:38 PM
smird smird is offline
Member
 
Join Date: Jan 2006
Posts: 20
Bob is your son's email address on your website some where? Spam bots will cruise a site and pickup all the address from a site the send spam to all of them from one hopefully avoiding any spam filters.

as for the virus thing this gets more complicated. Most newer virus spoof the email address of the sender. Example lets say I'm your brother i get a virus. The virus scans my computer looks for all the email address. chooses yours to send as the return and sends to every one else. This way It's really hard to contact the infected person to get it fixed. If there was no virus attached it was not likely a virus.

I would not worry about it much. I see this kind of thing at work where we have about 40 email addresses under one domain.

If your want change your email passwords. Call your hosted company to see If there's any large amounts of email activity

Brad
Reply With Quote
  #5  
Old 09-04-2006, 06:42 PM
Bob Warner's Avatar
Bob Warner Bob Warner is offline
Living Legend
 
Join Date: Jun 2002
Location: Royse City, Texas
Posts: 1,820
Thanks.

I will contact the hosting company and see what they tell me.

I will also change passwords.


__________________



Tumbling down the road at 35 MPH is no fun, TRUST ME!
Reply With Quote
  #6  
Old 09-04-2006, 07:55 PM
smird smird is offline
Member
 
Join Date: Jan 2006
Posts: 20
I looked a little further the originating IP address is 59.92.125.179 belongs to Asia Pacific Network Information Centre.

Unless your server is somewhere in Asia I seriously doubt your account was hacked.

Brad
Reply With Quote
  #7  
Old 09-05-2006, 09:56 AM
TexasJack's Avatar
TexasJack TexasJack is offline
Super Moderator
 
Join Date: Apr 2004
Location: Southeast Texas
Posts: 2,919
I had something similar happen years ago. I started receiving all sorts of vicious hate mail telling me to stop sending spam. Turned out that one of the spam places was rotating through email addresses that they picked up on the web, making it look like it came from other people. They couldn't hide the real info and the provider managed to get that shut down. Shortly after that, one of the big spam places got sued for millions by a flower shop. Their internet business was shut down by complaint email caused by the spammer. The flower shop won the case.

I also found out the hard way that Norton doesn't always catch viruses!! I had to take my machine to the local geek shop to get it cleaned up and they found 17 viruses. They suggested I change to AVG (www.grisoft.com) and use Housecall (housecall.trendmicro.com) to scan the machine from time to time.
Both are free.


__________________
God bless Texas! Now let's secede!!
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 01:36 AM.




KNIFENETWORK.COM
Copyright © 2000
? CKK Industries, Inc. ? All Rights Reserved
Powered by ...

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
The Knife Network : All Rights Reserved