E-mail sent from and to same person.. but person not here

Danith

2[H]4U
Joined
Oct 13, 2004
Messages
2,618
User got emails sent to herself.. from herself.. when she wasn't here..

I know some people have permissions to send as other people.. but I don't think that is what happend. One of the emails subject line is: 557, and the contents are "969" ...
The other email subject line is: 57657, with contents being: 5556..

Both of the messages headers show it came from IP 213.184.232.163
Heres a snippet
Code:
X-Originating-IP: [213.184.232.163]
X-SpamReason: No, hits=4.9 required=7.0 tests=HTML_80_90,HTML_MESSAGE,
  HTML_SHORT_LENGTH,MIME_HTML_ONLY,MSGID_SPAM_LETTERS
Received: (qmail 20268 invoked from network); 6 Jun 2006 08:17:23 -0000
Received: from vpn-232-163.aichyna.com (HELO Secretar.org) (213.184.232.163)
  by <removed> with SMTP; 6 Jun 2006 08:17:23 -0000
Date: Tue, 06 Jun 2006 11:18:40 +0200

Now I really don't think it's a company site.. and if you go to the IP directly.. it asks you to log in to 'Viking'.. if you tracert it, it lokos lke it comes from x.aichyna.com .. which is in like.. a different language..

Should the user be worried? I suppose I should have her change her password to be safe..?
 
yeah, she's safe.
it's address spoofing, really common for spammers.
it's meant to confuse you more than anything.
 
Danith said:
I know some people have permissions to send as other people.. but I don't think that is what happend. One of the emails subject line is: 557, and the contents are "969" ...
The other email subject line is: 57657, with contents being: 5556..

Had this happen yesterday to my work account as well.
Numbers appear to be random. It's mostly spoofed headers:
from Myish.org (cpe-65-28-232-72.woh.res.rr.com [65.28.232.72])

Because last I checked - I didn't work for rr.com :)

Most likely a bunch of rooted Windows boxes on fast connections.
 
mobiux said:
yeah, she's safe.
it's address spoofing, really common for spammers.
it's meant to confuse you more than anything.
Agreed. All they've done is sent an email and told your server that it's from her. They've probably obtained her email address somehow, added it to their database, then mass mailed everyone on their list in the same way. Thus if you were on that same list you would have gotten an email from you to you in the same manner.
 
Yar, just got a '969' from my comcast spamtrash-bin account. Glad I read this thread first. ;)
 
A number of Gmail accounts got hammered with this yesterday (my wifes included).
 
We had one leak through at work, but it looks like gmail got hit pretty hard. Sasser worm used to spread the same way, didn't it?
 
Milenko said:
new virus that's out - don't worry about it
I don't recall seeing an attachment or anything...it just appeared in my Inbox and I shift+deleted the guy after looking it over and connecting it to this thread I read earlier. /me does a virus scan/update def just to be sure
 
Err... one of my people here at work just got one of these. Just to clarify, is any action at all needed? This was just because a spammer had her email address, and not the result of any infestation on the part of the recipient, right?
 
Back
Top