Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Author Topic: Spam addressed to none listed address.  (Read 3011 times)

silversurfer44

  • Kitizen
  • ****
  • Posts: 4421
  • Lord Muck
    • Ben Novice Weather
Spam addressed to none listed address.
« on: April 19, 2012, 11:03:33 AM »

First off I am not worried, just curious.
I received some spam Yesterday and it was addressed to a fabricated name that I use on a laptop.
The name is not kept anywhere other than this particular laptop, which uses the strongest possible encrypted wifi.
Now the address that it was addressed to is of the variety 'name<proper email address at o2.co.uk>'. The proper email address is known by only a few trusted people. I know it can still be harvested.
All my computers run on Linux, which some of you may of heard of <big grin> so therefore I am not worried that a computer may have been infected. In fact I run scans quite often looking for rootkit's and the like + they are all (bar one) switched off at night & none are run with root permissions.
What I would like to know is :-

How did someone manage to put the two elements together. That is the fake name and genuine email address?
Suggestions please?

Thank you.
Logged
Colin II : It's no good being a pessimist, it wouldn't work anyway.

silversurfer44

  • Kitizen
  • ****
  • Posts: 4421
  • Lord Muck
    • Ben Novice Weather
Re: Spam addressed to none listed address.
« Reply #1 on: April 21, 2012, 06:28:18 AM »

I guess that no-one has any further insight.
Thanks for looking. :)
Logged
Colin II : It's no good being a pessimist, it wouldn't work anyway.

burakkucat

  • Respected
  • Senior Kitizen
  • *
  • Posts: 38300
  • Over the Rainbow Bridge
    • The ELRepo Project
Re: Spam addressed to none listed address.
« Reply #2 on: April 21, 2012, 06:21:09 PM »

Sorry, SS44, but it is a total mystery to me.  :-\
Logged
:cat:  100% Linux and, previously, Unix. Co-founder of the ELRepo Project.

Please consider making a donation to support the running of this site.

kitz

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 33881
  • Trinity: Most guys do.
    • http://www.kitz.co.uk
Re: Spam addressed to none listed address.
« Reply #3 on: April 21, 2012, 06:41:56 PM »

I should think the most likely reason is that unfortunately its one of those few trusted people that has/had some sort of worm on their pc. :/

Once resident on a PC the worm specifically searches the infected drive looking for contact details.  Depending on the worm variant it will usually look for either email addresses are most common as they are easily identified by the @.  msn contacts though are another common target, as are mail lists address book etc on the host computer.
 
Once the virus has compiled its list of contacts from the infected PC, it then targets those other addresses either to continue the replication process (hoping it will reach further unprotected PC's and continue to spread).. or it could be just plain spam.

The klez variant of worms are very adept at doing this sort of thing (I only mention klez because its one of the common worms that I investigated whilst doing my dissertation, but there are many similar types which can also do this) klez became infamous due to its mail engine and ability to spam and replicate.  They're not so much a nasty horrible wreck the PC virus..  just damn annoying.

Depending on the type of virus and the spoof ..  sometimes if you look closely at the full email header you can sometimes suss some clues as to where its really come from. 
Many years ago I had something similar, and I identied it to my uncles PC by looking at the header message source which in that particular instance quoted his PC name.  Depends how clever the worm is though at hiding its tracks I guess.
Logged
Please do not PM me with queries for broadband help as I may not be able to respond.
-----
How to get your router line stats :: ADSL Exchange Checker

silversurfer44

  • Kitizen
  • ****
  • Posts: 4421
  • Lord Muck
    • Ben Novice Weather
Re: Spam addressed to none listed address.
« Reply #4 on: April 22, 2012, 08:09:56 AM »

Thank you burakkucat, and the interesting thoughts kitz. The I dragged the offending mail from the wastebin, which I should have deleted, and checked the headers again.
What I did find curious is this
                                               'Return-Path: <bounce-1123346-27699000@email.get-pdfsuite.com>'
at the very top.

Now I have had spam from get-pdfsuite on a number of occasions, but not addressed the the named email account.
The logon name that was used belongs to the laptop that occasionally use which has never been used to send an email from.
I am therefore looking closer to home and wondering if there is some kind of virus on one of my Linux machines.  ???
Time to have a look at clamav I think. The rootkit checks have not found anything. A real mystery.
Logged
Colin II : It's no good being a pessimist, it wouldn't work anyway.

kitz

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 33881
  • Trinity: Most guys do.
    • http://www.kitz.co.uk
Re: Spam addressed to none listed address.
« Reply #5 on: April 22, 2012, 08:22:29 PM »

TBH SS I think its unlikely that the problem is with your own machine.

When you send out mail via an authenticated server,  then you often will send out information in the header which machine you have used.  The format would be something like 'name<proper email address at o2.co.uk>'.

At a guess its more likely that email correspondence that you sent out at some time is still sat on someone's compromised machine somewhere and thats where the worm has got the info from.

I had an email address that was personal, I kept a tight lid on it and it never got any spam at all...... until someone elses system was hacked and hijacked for spam from the other machines email box. :/
Logged
Please do not PM me with queries for broadband help as I may not be able to respond.
-----
How to get your router line stats :: ADSL Exchange Checker

silversurfer44

  • Kitizen
  • ****
  • Posts: 4421
  • Lord Muck
    • Ben Novice Weather
Re: Spam addressed to none listed address.
« Reply #6 on: April 22, 2012, 09:13:03 PM »

Thank you for that Kitz. You are probably correct. I haven't had the laptop on for a few days so I will have a check tomorrow to see if I sent any mail whilst I was on that computer. I don't recall doing so but with my memory I could have sent one yesterday and I would have forgotten. I really mean that. :'(
Thank you again.
Logged
Colin II : It's no good being a pessimist, it wouldn't work anyway.

kitz

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 33881
  • Trinity: Most guys do.
    • http://www.kitz.co.uk
Re: Spam addressed to none listed address.
« Reply #7 on: April 22, 2012, 09:43:42 PM »

>>> I don't recall doing so but with my memory I could have sent one yesterday and I would have forgotten.

It could be long long ago.... not necessarily recently.   If the other compromised  machine still has that email sitting somewhere on their PC then the worm will have been able to pick it up. :(
Logged
Please do not PM me with queries for broadband help as I may not be able to respond.
-----
How to get your router line stats :: ADSL Exchange Checker
 

anything