|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: MS hotmail Email Spam
From: Forrester, Mike (mforrester
HSACORP.NET)Date: Wed Jun 14 2000 - 12:18:13 CDT
- Next message: Forrester, Mike: "Re: Secuirty-Log Event-ID 528"
- Previous message: Alony: "Multiple login with the same user name."
- Maybe in reply to: Rob Beneson: "MS hotmail Email Spam"
- Next in thread: Thomas Novin: "Re: MS hotmail Email Spam"
- Maybe reply: Forrester, Mike: "Re: MS hotmail Email Spam"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Paul brings up a good point. When tracing email headers do not reply upon
the from or reply-to address as the source. Trace the email to the source
using the headers, but pay more attention to the IP address's than the
server and usernames. Forging of email addresses are a COMMON trick used by
spammers to attempt to point the blame somewhere else. Always report SPAM
to the owner of the source IP ADDRESS of the SPAM. A good way to look up
the owner of an IP address is this web page:
http://www.arin.net/whois/index.html
Anyone who sends SPAM from one of our IP's is cancelled immediately.
Mike Forrester - Systems Security Engineer
High Speed Access Corp. - Denver, CO USA
mforresterhsacorp.net - +1 303 256 2134
> -----Original Message-----
> From: Paul L Schmehl [mailto:paulsUTDALLAS.EDU]
> Sent: Tuesday, June 13, 2000 8:21 AM
> To: FOCUS-MSSECURITYFOCUS.COM
> Subject: Re: MS hotmail Email Spam
>
>
> He didn't use your account. Mail is easily forged,
> especially the From
> line. He simply put your username in both lines to hide his identity.
>
> There's nothing you can do to stop this from happening, but you *can*
> complain about it. Send a complaint, with a copy of the
> email including
> all the headers, to abusepsi.net.
>
> --On Monday, June 12, 2000 12:04 PM +0000 Rob Beneson
> <rbenesonHOTMAIL.COM> wrote:
>
> > I am not sure if this is the right forum for this (is
> incidents the right
> > one? I don't really know if this is considered an
> "incident"), but please
> > point me in the right direction if not.
> > I am security conscious, but I try not to get paranoid.
> When I got this
> > in my MS hotmail account this morning, I got annoyed:
> >
> > From: rbenesonhotmail.com
> > To: rbenesonhotmail.com
> > Subject: Bcc: How are you?
> > Date: Mon, 12 Jun 2000 13:52:23 -0500
> > Received: from [38.37.11.174] by hotmail.com (3.2) with ESMTP id
> > MHotMailBB0E6D280032D82197B226250BAE132530; Mon Jun 12 10:53:30 2000
> > From userhotmail.com Mon Jun 12 10:54:45 2000
> > Message-Id: <3mivnf8ccg5elb7uwf7y.4e6r1k7hg08pop3.email.msn.com>
> >
> >
> > It was a piece of spam that used my account to mail me this crap.
> > Has anyone seen this? Is there any way to circumvent this?
> Any way to
> > trace it back to the culprit?
> >
> > Thanks for any help.
> >
> > Rob
> >
> ______________________________________________________________
> __________
> > Get Your Private, Free E-mail from MSN Hotmail at
http://www.hotmail.com
Paul L. Schmehl, paulsutdallas.edu
Technical Support Services Manager
The University of Texas at Dallas
- Next message: Forrester, Mike: "Re: Secuirty-Log Event-ID 528"
- Previous message: Alony: "Multiple login with the same user name."
- Maybe in reply to: Rob Beneson: "MS hotmail Email Spam"
- Next in thread: Thomas Novin: "Re: MS hotmail Email Spam"
- Maybe reply: Forrester, Mike: "Re: MS hotmail Email Spam"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]