|
Starhugger -> ID theft? Virus? Email hack? (1/20/2007 10:55:58)
|
Not sure what forum to put this in. Feel free to move it if another is more appropriate.
Since 01-Jan-2007 I have received 332 (as of the moment I'm writing this; there will no doubt be more before I've hit OK) emails that are probably a virus but maybe something more.
They all have these same characteristics:
1) They look like email that has bounced and been returned to sender (mailer-daemon, etc.)...except that I never sent the messages out.
2) The email IDs are a random series of letters in varying lengths (anywhere from 3 to 6 letters), which I never use. Example "abcdef@mysite.com"
3) They often come in spurts, suggesting they could be being churned out when someone turns on their computer and then stops when the computer is turned off.
Most of them (but not all) have what appear to be the usual attachments for a bounced email: a txt file supposedly containing the bouncing server's error message details, and an email attachment supposedly with the original email that was sent. The body of the container email has what appears to be the usual message saying "we were unable to deliver your message, blah blah blah." I've never dared open any of the attachments because they have "virus trap" written all over them.
I've tried emailing my antivirus software people (Trend Micro) to ask about these things, but they are headquartered in SE Asia and have apparently been thrown into communication chaos with the earthquakes that happened there over the holidays. None of my emails have been answered, and any phonecalls I've tried to make just get busy signals, which they warn about on their website.
Until 2 days ago, my antivirus software has not identified any of these emails as a virus, even when I tried downloading unopened attachments and doing a separate scan on the files -- nothing. That's not unusual though, and my antivirus has always been good about squashing anything that comes out of its shell and threatens to infect me, so I don't get "too" worried about it (she said nervously).
Two days ago finally some of these emails started getting flagged as viral when they come into my Inbox, as "PAK_generic." But if I understand the info in Trend's virus encyclopedia, this is an umbrella name for anything that looks suspicious as a zipped virus. And I'm not seeing anything in an online search for this name that seems to match the email characteristics. So it seems the jury's still out on exactly what this is.
The weird thing is that not all of these "bounced emails" have attachments, which makes me wonder if they're more than just a virus on some viewer's computer. Maybe there really are emails being sent out saying they're from "abcdef@mysite.com" which are being bounced because there are so many of them??? Maybe a virus is spoofing its "from" field using my domain and a random ID name??
I guess I just wish I knew for sure what I was dealing with. If it's "just" a virus from a viewer, it's very annoying and a little unsettling to get these things but that's probably an occupational hazzard of having a website. I would just have to learn to live with it.
But if this is also ID theft, where real emails are being sent out using my domain name, then maybe I should be looking into doing something about it. In the past I've seen what appear to be real emails bounced back to me, where some spammer scum has used my email address. But those always use email IDs that I use or have used, and I only get a few bounces at a time, not averaging 17 a day for 3 weeks straight.
I do not have any forms on my website, so it can't be connected to that. I do have a lot of send-me-email links, many of which are now cloaked but some still aren't. And I send out newsletters twice a month.
Has anyone ever had something like this happen? Any words of wisdom from anyone about this?
Thanks in advance.
Starhugger
|
|
|
|
