|
|
Feature & Member Support Questions about how to use the features on the Knife Network web site? Problems logging in? Post them in here. |
|
Thread Tools | Display Modes |
#1
|
||||
|
||||
My son got a spam email -- FROM ME
Hello all,
This is freaky and I don't know what to do to stop it. Here is the email I got this morning from my son Christopher. From: chris@---------------- Subject: Dad, look at this Spam Message, it says it's from you.... ------------ Subject: body fat going for a spin From: "bob@warnerknives.com" CarolThornhillczjild@simpleconnect.net Date: Sat, 02 Sep 2006 02:29:49 -0500 [GMT] **Do you want the following?* down-down my weight zipping my energy bring down my weight zipping my lean muscle mass bring down my body fat bring down my wrinkles and sags revitalizes my hair and nail growth refresh my memory, mood and mental energy sleep soundly and awake rested help "me" getting rid of stress, fatigue and depression More Info Here <ttp://Asher008.hghforyouth.com"> My first assumption is that the other person that sent the email is also a "Victim" of email identity theft but they are named in the return path and I am not so I am not sure if they are spamming or being used. Second, I went to WHOIS and searched the web domain: hghforyouth.com Bulk Domain Registration 175 Montreal Road #304 Ottawa, Ontario K1L 6E4 CA Domain Name: HGHFORYOUTH.COM Administrative Contact:: Paul Gregoire: paulgreg@smxbox.com Bulk Domain Registration 175 Montreal Road #304 Ottawa, Ontario K1L 6E4 CA Phone:: 1-613-482-5333 Fax:: Technical Contact:: Paul Gregoire: paulgreg@smxbox.com Bulk Domain Registration 175 Montreal Road #304 Ottawa, Ontario K1L 6E4 CA Phone:: 1-613-482-5333 Fax:: Billing Contact:: Paul Gregoire: paulgreg@smxbox.com Bulk Domain Registration 175 Montreal Road #304 Ottawa, Ontario K1L 6E4 CA Phone:: 1-613-482-5333 Fax:: Record updated date on: 2006-08-30 21:15:14 Record created date on: 2006-08-30 Record will be expiring on date: 2007-08-30 Database last updated on: 2006-09-04 09:32:09 EST Domain servers in listed order: NS1.DNSDOMAINOK.COM 125.208.6.60 NS2.DNSDOMAINOK.COM 60.200.228.41 TransferGuard LOCK Status => ENABLED The previous information has been obtained either directly from the registrant or a registrar of the domain name other than Network Solutions. Network Solutions, therefore, does not guarantee its accuracy or completeness. The contact email is from the domain smxbox.com I searched them as well but there is no person to contact. Domain Name: SMXBOX.COM Registrar: REGISTERFLY.COM, INC. Whois Server: whois.registerfly.com Referral URL: http://www.registerfly.com Name Server: DNS2.REGISTERFLY.COM Name Server: DNS1.REGISTERFLY.COM Name Server: NS1.CALPOP.COM Name Server: NS2.ZONEEDIT.COM Name Server: NS14.ZONEEDIT.COM Status: ACTIVE EPP Status: ok Updated Date: 22-Aug-2006 Creation Date: 30-Mar-2006 Expiration Date: 30-Mar-2007 Here is the information found when I "View Source" Content-Type: message/rfc822; name="body fat going for a spin" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="body fat going for a spin" X-Account-Key: account2 Return-Path: <CarolThornhillczjild@simpleconnect.net> Delivery-Date: Sat, 02 Sep 2006 02:30:12 -0400 Received-SPF: none (mxus11: 59.92.125.179 is neither permitted nor denied by domain of simpleconnect.net) client-ip=59.92.125.179; envelope-from=CarolThornhillczjild@simpleconnect.net; helo=2A5E820; Received: from [59.92.125.179] (helo=2A5E820) by mx.perfora.net (node=mxus11) with ESMTP (Nemesis), id 0MKqNT-1GJP0p0SAI-0001wU ; Sat, 02 Sep 2006 02:30:11 -0400 Received: from qhfy4.tn.sunnyfl.net (192.168.781.904) by tsmtp0.tin.it (7.2.071.2) id 8R76E9VI244483VP; Sat, 02 Sep 2006 02:29:49 -0500 Message-ID: <vdnj9301436.Asher@sunnyfl.net> Date: Sat, 02 Sep 2006 02:29:49 -0500 [GMT] From: "bob@warnerknives.com" <CarolThornhillczjild@simpleconnect.net> Reply-to: <CarolThornhillczjild@simpleconnect.net> Subject: body fat going for a spin Mime-Version: 1.0 Content-Type: text/html;charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Originating-IP: 59.92.125.179 Envelope-To: chris@----------- X-SpamScore: 0.042 tests= INVALID_DATE <html> <head> <meta http-equiv="Content-Language" content="en-us"> <meta http-equiv="Content-Type" content="text/html; charset=windows-1252"> <title>Davalos Asher</title> </head> <body> Anyone have suggestions on what to do? My first inclination os to call the contact number for the web page but I'm sure I will get some story about they know nothing about it. I could try to find out their web host and complain to them I guess but don't know how to find their host. Then I could contact the internet BBB and ask their help. What should I do? I don't want my name being used to promote SPAM. I will forward this email to anyone that needs to see it if they want to try to help me decide what to do. |
#2
|
||||
|
||||
Have you had a virus lately Bob? Common for them to grab an address book and then spoof the spam from a hijacked account using your name so it will get through the spam blocks of your contacts.
Make sure he is running a good anti-virus that scans e-mails, since one of the tricks is to embedd a virus with the spam to pull more info from the recipients and use the lists in the same way. I don't know how to stop them, once it is started however. --Carl __________________ --Carl N-T Porkin' Pig Price ?? KN Auctions to help a member in need and score a GREAT deal! ?? |
#3
|
||||
|
||||
I have Nortun System Works. I schedule it to run EVERY night at 3am. It is on live update and updates all by itself.
I never get a virus warning. Both kids computers are set up the same way. If it is a virus, it is not being caught by Norton. |
#4
|
|||
|
|||
Bob is your son's email address on your website some where? Spam bots will cruise a site and pickup all the address from a site the send spam to all of them from one hopefully avoiding any spam filters.
as for the virus thing this gets more complicated. Most newer virus spoof the email address of the sender. Example lets say I'm your brother i get a virus. The virus scans my computer looks for all the email address. chooses yours to send as the return and sends to every one else. This way It's really hard to contact the infected person to get it fixed. If there was no virus attached it was not likely a virus. I would not worry about it much. I see this kind of thing at work where we have about 40 email addresses under one domain. If your want change your email passwords. Call your hosted company to see If there's any large amounts of email activity Brad |
#5
|
||||
|
||||
Thanks.
I will contact the hosting company and see what they tell me. I will also change passwords. |
#6
|
|||
|
|||
I looked a little further the originating IP address is 59.92.125.179 belongs to Asia Pacific Network Information Centre.
Unless your server is somewhere in Asia I seriously doubt your account was hacked. Brad |
#7
|
||||
|
||||
I had something similar happen years ago. I started receiving all sorts of vicious hate mail telling me to stop sending spam. Turned out that one of the spam places was rotating through email addresses that they picked up on the web, making it look like it came from other people. They couldn't hide the real info and the provider managed to get that shut down. Shortly after that, one of the big spam places got sued for millions by a flower shop. Their internet business was shut down by complaint email caused by the spammer. The flower shop won the case.
I also found out the hard way that Norton doesn't always catch viruses!! I had to take my machine to the local geek shop to get it cleaned up and they found 17 viruses. They suggested I change to AVG (www.grisoft.com) and use Housecall (housecall.trendmicro.com) to scan the machine from time to time. Both are free. __________________ God bless Texas! Now let's secede!! |
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
|
|