4WebHelp
 FAQ  •  Search  •  User Groups  •  Forum Admins  •  Smilies List  •  Statistics  •  Rules   •  Login   •  Register
Toggle Navigation Menu

 receiving bounced emails I haven't sent
Post New TopicReply to Topic
View Previous Topic Print this topic View Next Topic
Author Message
Darren
Team Member



Joined: 05 Feb 2002
Posts: 549
Location: London

PostPosted: Mon Jul 01, 2002 12:58 pm (15 years, 5 months ago) Reply with QuoteBack to Top

Over the last 2 days I have received 3 bounced emails that I have not actually sent.

they have all been received from:
modem-63.lynx.dialup.pol.co.uk ([217.135.192.63]
modem-1653.lion.dialup.pol.co.uk ([217.135.166.117]
which according to the IP atlas is in Leeds

messages include this and then a page or so of nonsense
Quote:
This message has been rejected because it has an apparently executable attachment end.exe This is a virus prevention measure.

This message has been rejected because it has an apparently executable attachment RTF_WP5.bat This is a virus prevention measure.

This message has been rejected because it has an apparently executable attachment setup.exe This is a virus prevention measure.

The last one also contains this, which appears to be a virus, I'm not sure about the other 2
Quote:
W32.Elkern is a dangerous virus that can infect on Win98/Me/2000/XP.<br>
Symantec give you the W32.Elkern removal tools


Any ideas why I would get the emails?

Make that 4 as I type I just got another one from the same place. but again a slightly different email.
OfflineView User's ProfileFind all posts by DarrenSend Personal MessageVisit Poster's Website
Justin
4WebHelp Addict
4WebHelp Addict


Joined: 07 Jan 2002
Posts: 1060

PostPosted: Mon Jul 01, 2002 2:15 pm (15 years, 5 months ago) Reply with QuoteBack to Top

POL.co.uk is Freeserve by the way, don't know if it helps you though.......
OfflineView User's ProfileFind all posts by JustinSend Personal MessageSend email
Darren
Team Member



Joined: 05 Feb 2002
Posts: 549
Location: London

PostPosted: Mon Jul 01, 2002 2:26 pm (15 years, 5 months ago) Reply with QuoteBack to Top

Yeah, I tried typing in www.pol.co.uk and got sent to Energis.

Quote:
Energis Squared is a backbone ISP. We host a number of virtual ISP's including Freeserve, Greatxscape, Jungle. This means that we own the network space on which the accounts of our customers' end users are hosted. For this reason we deal with abuse issues relating to our network.


but I see the Freeserve connection in this quote from the autoresponder I got sent when I emailed Energis's abuse contact email (not that I really class this as abuse). They say they have a 2 week backlog of problems so not expecting a response anytime soon!
OfflineView User's ProfileFind all posts by DarrenSend Personal MessageVisit Poster's Website
Darren
Team Member



Joined: 05 Feb 2002
Posts: 549
Location: London

PostPosted: Sat Jul 06, 2002 2:20 pm (15 years, 5 months ago) Reply with QuoteBack to Top

The apparently 'bounced' emails have continued to arrive, I now have about 10.

I have also received another email from the pol.co.uk domain containing a pornographic image (don't worry I wont be posting that as an example Embarassed ), this one coming straight to me rather than being bounced.

Is my email in some way being used to send spam? I'm wondering how many are being sent and arriving at their destination without bouncing back.

Still no word from Energis/freeserve!

Is there anything my host can do to stop this happening?

Thanks
OfflineView User's ProfileFind all posts by DarrenSend Personal MessageVisit Poster's Website
Justin
4WebHelp Addict
4WebHelp Addict


Joined: 07 Jan 2002
Posts: 1060

PostPosted: Sat Jul 06, 2002 2:31 pm (15 years, 5 months ago) Reply with QuoteBack to Top

Darren wrote:
The apparently 'bounced' emails have continued to arrive, I now have about 10.

I have also received another email from the pol.co.uk domain containing a pornographic image (don't worry I wont be posting that as an example Embarassed ), this one coming straight to me rather than being bounced.

Is my email in some way being used to send spam? I'm wondering how many are being sent and arriving at their destination without bouncing back.

Still no word from Energis/freeserve!

Is there anything my host can do to stop this happening?

Thanks

I get a lot of this to my Hotmail account, and found out it was someone that was infected with Klez, which sends all these emails out, they always have an attachment right?
OfflineView User's ProfileFind all posts by JustinSend Personal MessageSend email
Darren
Team Member



Joined: 05 Feb 2002
Posts: 549
Location: London

PostPosted: Sat Jul 06, 2002 4:04 pm (15 years, 5 months ago) Reply with QuoteBack to Top

Justin, I think you have hit the nail squarely on the head!!

I just looked up Klez on Symantec and my problem fits the MO perfectly.

- It has a random subject most of those I have received are on the list
- It attaches a random file along with the virus, which all mine have
- and they look like I have sent them because it uses email spoofing. Making it look like I have been sending out viruses.

the good news though:
Quote:
Systems Not Affected: Macintosh, Unix, Linux


heres the link on symantec if anyones interested:
http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.h@mm.html

I wonder who the poor infected person is that has my email in their address book?
OfflineView User's ProfileFind all posts by DarrenSend Personal MessageVisit Poster's Website
Ben
Senior WebHelper
Senior WebHelper


Joined: 08 Jan 2002
Posts: 431
Location: Liverpool - UK

PostPosted: Sat Jul 06, 2002 4:26 pm (15 years, 5 months ago) Reply with QuoteBack to Top

Some tool who was infected with it kept on hitting me about 10 times a minute with it Sad

Had about 700 emails in my inbox in the end... Poor plesk2 Sad

In the end I had to set my mail client to delete anything from the server from this address

________________________________
Ben Scott

Red and White Kop
OfflineView User's ProfileFind all posts by BenSend Personal MessageSend emailVisit Poster's Website
Darren
Team Member



Joined: 05 Feb 2002
Posts: 549
Location: London

PostPosted: Tue Jul 09, 2002 5:40 pm (15 years, 5 months ago) Reply with QuoteBack to Top

Problem solved.

Energis confirmed that it was the klez virus. They have tracked the infected account down, locked there outgoing mail facility and instructed them how to disinfect there computer.

All is well, until the next time Laughing
OfflineView User's ProfileFind all posts by DarrenSend Personal MessageVisit Poster's Website
Ben
Senior WebHelper
Senior WebHelper


Joined: 08 Jan 2002
Posts: 431
Location: Liverpool - UK

PostPosted: Tue Jul 09, 2002 7:17 pm (15 years, 5 months ago) Reply with QuoteBack to Top

Energis have a top abuse department... shame other ISPs dont

________________________________
Ben Scott

Red and White Kop
OfflineView User's ProfileFind all posts by BenSend Personal MessageSend emailVisit Poster's Website
Display posts from previous:      
Post New TopicReply to Topic
View Previous Topic Print this topic View Next Topic


 Jump to:   




You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot edit your posts in this forum.
You cannot delete your posts in this forum.
You cannot vote in polls in this forum.


Page generation time: 0.05187 seconds :: 17 queries executed :: All Times are GMT
Powered by phpBB 2.0 © 2001, 2002 phpBB Group :: Based on an FI Theme