| View previous topic :: View next topic |
| Author |
Message |
Deepak420
Apprentice
Joined: 12 Jan 2005
Posts: 173
Location: Beantown
|
 Posted: Sun Dec 18, 2005 5:14 am Post subject: Spoofed mail or worm? |
 |
|
Last night I recieved about 30 mailer daemon responses about undeliverable mail which are stated to originate at me@myschool.edu and going out to me@someotherdomain.xyz (they're all to a recipient with my username at some random domain) - how could I find out if this is someone simply spoofing my account name (which is the most likely scenario) or if I've recieved some malicious code through my mail client? Also, if it's the former, how could I track down who the culprit is?
Any help is appreciated, and I really wouldn't care except for the fact that it's my school account.
EDIT: I've also scanned for rootkits and with clamav |
|
| Back to top |
|
 |
benster
n00b
Joined: 30 Nov 2005
Posts: 67
Location: Funkytown
|
| Posted: Sun Dec 18, 2005 6:54 am Post subject: |
|
|
I really doubt if you're on some flavor of unix that your mail client has been h4x0r3d enough to issue email to random domains that then happen to bounce. Your former conclusion is most likely. If you're lucky the bounced messages may come to you with headers and all intact, but usually I don't think you get that.
If you did have the headers you could trace it back to the originating mail relay, but that just maybe a zombie home windows PC or an open relay. If you were really motivated, I would contact the adminstrator of the someotherdomain.xyz and see if they have more information. |
|
| Back to top |
|
|
Deepak420
Apprentice
Joined: 12 Jan 2005
Posts: 173
Location: Beantown
|
| Posted: Sun Dec 18, 2005 8:11 pm Post subject: |
|
|
| I've checked the headers and tracerouting to the originating addresses yields * * * after about 15 hops or so. I've also contacted the admins at the three domains from which I recieved these mails, and have yet to recieve any response. Thanks. |
|
| Back to top |
|
|
|
Networking & Security
