Results 1 to 15 of 15

Thread: Tons of Emails!

  1. #1
    Join Date
    Jul 2003
    Posts
    75

  2. #2
    Join Date
    Oct 2004
    Posts
    133
    Sounds phishy
    Is there a link in the e-mail or any other clue ?

  3. #3
    Join Date
    May 2001
    Location
    Houston, TX
    Posts
    195
    More than likely they're just forging the email addresses. Do you have access to the mail logs to find out?

  4. #4
    Join Date
    Jul 2003
    Posts
    75
    My site is lyricshead. Here is the e-mail message:

    Dear Lyricshead Member,

    Your e-mail account was used to send a huge amount of unsolicited spam messages during the recent week. If you could please take 5-10 minutes out of your online experience and confirm the attached document so you will not run into any future problems with the online service.

    If you choose to ignore our request, you leave us no choice but to cancel your membership.

    Virtually yours,
    The Lyricshead Support Team

    +++ Attachment: No Virus found
    +++ Lyricshead Antivirus - www.lyricshead.com


    I do not get it because my site does NOT offer member mail, so they are sending to no one.

  5. #5
    Join Date
    Sep 2000
    Location
    Alberta, Canada
    Posts
    3,109
    Is there a link in this eMail, that people would use to update their info?

    That's usually how these phishing scams work. Any Domain name can be spoofed, as in, used as a return eMail address, as it lends creditability to the eMail.

    If you look at the eMail headers (or post them here), the actual Server being used to send these eMails will be found. They can then be reported the DC where that Server is located. That may or may not help but will provide you with documentation; to verify to your Clients and anyone else that asks, that something was to done to stop the bogus eMails.
    PotentProducts.com - for all your Hosting needs
    Helping people Host, Create and Maintain their Web Site
    ServerAdmin Services also available

  6. #6
    Join Date
    Jul 2003
    Posts
    75
    No, there is an attached file that is an executable though... How do I look at all the headers in outlook?

  7. #7
    Join Date
    Oct 2004
    Location
    San Francisco, CA
    Posts
    2,454
    Originally posted by MarcRubeus
    No, there is an attached file that is an executable though... How do I look at all the headers in outlook?
    That is probably a virus do not open the attachment. Never open them unless you know who the sender is, and you are expecting it.
    Tyler Cole
    Eeek, a Blog

  8. #8
    This is obviously either a phishing scam or a virus. Do not open it.

    The original headers will tell you exactly what's going on.

  9. #9
    Join Date
    Sep 2000
    Location
    Alberta, Canada
    Posts
    3,109
    Originally posted by MarcRubeus
    No, there is an attached file that is an executable though... How do I look at all the headers in outlook?
    Right-click on the eMail header (where Outlook shows Date received) then choose; Properties > Display.
    PotentProducts.com - for all your Hosting needs
    Helping people Host, Create and Maintain their Web Site
    ServerAdmin Services also available

  10. #10
    Join Date
    Jul 2003
    Posts
    75
    Here are the headers:

    Return-Path: <[email protected]>
    Delivered-To: [email protected]
    Received: (qmail 59523 invoked by uid 0); 25 Jun 2005 14:21:50 -0000
    Received: from unknown (HELO mpls-cmx-08.inet.qwest.net) (63.226.138.8)
    by mpls-mailin-01.inet.qwest.net with SMTP; 25 Jun 2005 14:21:50 -0000
    Received: (qmail 81874 invoked by uid 0); 25 Jun 2005 14:21:50 -0000
    Received: from 178.67-18-156.reverse.theplanet.com (HELO server1.parahost.com) (67.18.156.178)
    by mpls-cmx-08.inet.qwest.net with SMTP; 25 Jun 2005 14:21:50 -0000
    Received: from [68.174.40.121] (helo=lyricshead.com)
    by server1.parahost.com with esmtp (Exim 4.43)
    id 1DmBXV-0006D3-4S
    for [email protected]; Sat, 25 Jun 2005 14:21:46 +0000
    Date: Sat, 25 Jun 2005 10:24:23 -0400
    From: [email protected]
    To: [email protected]
    Subject: nsbczhyzaiylysr
    MIME-Version: 1.0
    Status: U
    X-UIDL: 1119709311.59529.53704.mpls-mailin-01.inet.qwest.net
    Content-Type: multipart/mixed;
    boundary="----=_NextPart_000_0000_D6554FD4.99ABAA57"
    X-Priority: 3
    X-MSMail-Priority: Normal
    X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
    X-AntiAbuse: Primary Hostname - server1.parahost.com
    X-AntiAbuse: Original Domain - lyricshead.com
    X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
    X-AntiAbuse: Sender Address Domain - lyricshead.com
    X-Source:
    X-Source-Args:
    X-Source-Dir:



    I added "ADDED" so bots in here would not spider the e-mail addresses... Maybe I do not know how to read headers, but it looks like it is coming from my server?

  11. #11
    You can check the logfile (var/log/exim_mainlog), and get the mail header , since it is an exim server you can find the sender informations with the command
    #exim - Mvh <header> - replace the header with the one you got from the log.
    and
    #exim - Mvb <header>
    Choose the right option ... The world is open for You..

  12. #12
    Join Date
    Dec 2003
    Location
    Pakistan
    Posts
    343
    This is the Mytob-BU worm. Find details about it from the below url
    http://www.sophos.com.au/virusinfo/a...32mytobbu.html
    Muhammad Waseem
    Inspedium Corporation (Pvt) Ltd.
    InsPanel - Hosting Control Panel for Windows 2000/2003

  13. #13
    Join Date
    Nov 2003
    Location
    India
    Posts
    152
    Originally posted by mwaseem
    This is the Mytob-BU worm. Find details about it from the below url
    http://www.sophos.com.au/virusinfo/a...32mytobbu.html
    The above url does not seems to work, atleast not for me.


    REgards

  14. #14
    Join Date
    Jul 2003
    Posts
    75
    Yeah, that URL does not work for me either.

  15. #15
    Join Date
    Jul 2003
    Posts
    75
    Oh no, I do not think that is it.... These are not sent by my address... They are sent by random addresses at lyricshead.com to random addresses at lyricshead.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •