Results 1 to 3 of 3

Thread: email bot

  1. #1
    Member turquoise122's Avatar
    Join Date
    Jun 2006
    Location
    USA
    Posts
    305
    Points
    2

    Question email bot

    I don't know a lot about this...and am not sure of the subject line is the technical term. I also know nothing about the pc. I am just trying to gather information for a friend who seems to be having a problem. Me and many others in my friends contact list, get emails from this person, most of the time with "(No subject)" in the subject line. The email contains nothing but a very odd link - that I have never opened btw. My friend even gets them sent to himself. Lately they have been coming in 3-4 times a day. I just delete them w/o opening and of course can no longer trust anything from this person.

    Does this sound familiar to anyone? Looks like some kind of worm. What steps can I advise him to take?
    Thanks all!

  2. #2
    Member abseh1's Avatar
    Join Date
    Jul 2008
    Location
    Tampa Bay
    Posts
    2,319
    Points
    388
    Blog Entries
    2

    Default

    This does not directly address your subject issue but is a good guide for email use in general



    Tips & Warnings

    • If you do not know the sender of an email, it is always best to simply delete the message.

    • If you do not know the source of an attachment, link or file, it should be deleted as well.

    • A message from a well established company you do business with will rarely have a link within the email message. It will ask you to log into your account, not ask you to click the link provided.

    • To spot fake email addresses and email links, hover your mouse over link within the email. Oftentimes, the address shown in the address window of your browser will be different than the address written as the link. This is a sure sign of a fake email and a fake email address.

    • Never click on links found within messages sent from a fake email address! They will normally take you to fake Web sites asking for personal information, or could take you to an area that can infect your computer with some sort of spy-ware.

    • Never respond to a fake email address! This will indicate a valid email, which could lead to even more spamming.
    • ********************************************************************************
    BTW: depending on the email program you can click on properties/View Source or view message source and follow the email source code

    See example below of an email source...there is more info but I think you get the idea
    NOTE:Actual route addresses/names /ips change by me

    Delivered-To: your (changed by abs) email@gmail.comReceived: by 10.231.85.194 with SMTP id p2cs25921ibl; Fri, 9 Apr 2010 07:10:11 -0700 (PDT)Received: by 11.231.192.130 with SMTP id dq3mr40596ibb.61.1270822211483; Fri, 09 Apr 2010 07:10:11 -0700 (PDT)Return-Path: <deleted@yahoo.com>Received: from web35704.mail.mud.yahoo.com (web35704.mail.mud.yahoo.com [66.163.179.158]) by mx.google.com with SMTP id dc19si1896090ibb.95.2010.04.09.07.10.10; Fri, 09 Apr 2010 07:10:10 -0700 (PDT)Received-SPF: pass (google.com: best guess record for domain of "changed by abs"@yahoo.com designates 66.163.279.158 Ip changed by abs as permitted sender) client-ip=66.163.179.158;Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of "changed by abs"@yahoo.com designates 66.167.189.158 (IP changed by abs as permitted sender) smtp.mail="changed by abs" @yahoo.com; dkim=pass (test mode) header.i=@yahoo.comReceived: (qmail 95836 invoked by uid 60001); 9 Apr 2010 14:10:06 -0000DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1270822206; bh=ik0jQEJEzAQCOASoZlZU33k6yZM+t5zmRuWWKCIpY2Y=; h=Message-ID:X-YMail-OSG:Received:X-RocketSRV:X-Mailerate:From:Subject:To:MIME-Version:Content-Type; b=HGbyrgaYq050Qo5jPbbFX+1u2TPmFsFTy6nkGc3NLZcTH7VhnG/jLvL6cMOGIrAfbyGyNNqk31fAcVeZrk3A3GR7fSrLb9/bPpUXQfAScEtlFu2iUqVE3KwfYvxzHmjXrAvD4waGTMtk0tPzJdZ3jkFE8S2tmNgjHBM8zFSDjjo=DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:X-YMail-OSG:Received:X-RocketSRV:X-Mailerate:From:Subject:To:MIME-Version:Content-Type; b=DmwSUU595sqhmBFZNAoXwjXAmx67FfUIT+AbfDZhuOeNNIT/LTh/DAHFz43ETsUCMoC3ijtAf7FJgPSoG4OiJUUdgHZ06oSHCGN0ClloGbuPh7LaP7RKzNG6uURTDnpdofnR8uf2rfT8gPaIipOqqHyj7dEQiHZ+YYtaLqgpXDM=;Message-ID: <583418.94099.qm@web35704.mail.mud.yahoo.com>X-YMail-OSG: aTVSxdEVM1n82kidpeXnjfS9pcIHf2FY610D6cLg2e6GV0Q DU_nec_.sZC9oJyA6A7DnOxTNYtS3LujoMZfJ83tZT.b9AXdvRITLgYOQsKC 0EUe3O9zsdt1MpU9q.ZQcYx_dALQjPyJ81m8JZNwqIAgdB5wJs.YROsZiO84 NZAbKXlEgnue6KMzyvEBkJH0qMjUpQxfssPOzk9NAbbc2gISG_4Smq8uGCdW xWdgEJGQCsQoQyx0r1pLXmlQpOHjec7LEp5koP7bTe9yIZpD.11I.wuszqzK GALs7lee70vhQ0Gq6Received: from [72.185.137.154] by web35704.mail.mud.yahoo.com via HTTP; Fri, 09 Apr 2010 07:10:06 PDTX-RocketSRV: showStationery=1270821816860@dclient.mail.yahoo.comX-Mailer: YahooMailRC/348.3 YahooMailWebService/0.8.100.260964Date: Fri, 9 Apr 2010 07:10:06 -0700 (PDT)From: Steve Smith <changed by abs@yahoo.com>Subject: BradTo: Steve Smith <deleted@yahoo.com>MIME-Version: 1.0Content-Type: multipart/alternative; boundary="0-937907196-1270822206=:94099"--0-937907196-1270822206=:94099Content-Type: text/plain; charset=iso-8859-1Content-Transfer-Encoding: quoted-printableJust in case you haven't heard, my son, Brad, was promoted=A0yesterday to s=argent=A0with the
    Last edited by abseh1; 04-10-2010 at 07:32 AM.
    SIGNATURE...When I post info I assume you have already read this link
    How to Start Removing Viruses and Spyware from your Computer

  3. #3
    Moderator Forum Moderator arraknid's Avatar
    Join Date
    Dec 2006
    Location
    France
    Posts
    6,151
    Points
    1293
    Blog Entries
    4

    Default

    It sounds as though your friend has a malware infection which is using his email address to send out spam. You and your friends are probably in his address book which is why you are getting the spam. If it continues, his ISP may block all of his email traffic.

    He'd be well advised to sign on as a member of H2G, read this article and follow all of the instructions to post in the Spyware Help forum.