Email weirdness

Associate
Joined
26 Mar 2005
Posts
1,662
No idea where this thread should go, its not exactly technicial....

Got a call from a user today, stating he had recieved an email from himself although he didn't send it. All it contained was three numbers in the title and three numbers in the body. That was weird enough, but I've just had the same thing happen to me from a personal account that has nothing to do with the company I'm at.

DAY OF THE DEVIL!!!!!
 
Associate
Joined
3 Aug 2004
Posts
1,770
Location
Essex
It's not hard to fake the email address of where it's been sent from, I expect it's just a random spam email thats going round useing the recepients email as the "From" email address as well.

Let me guess..the numbers were 666?
 
Soldato
Joined
18 Oct 2002
Posts
10,675
Location
Castle Anthrax
I got one to the email address that I use in my sig here (and only here) so whatever script is doing this it has scraped a load of email addresses from here amongst other places.
 
Soldato
Joined
4 Nov 2003
Posts
5,738
Location
Edinburgh
Yeah same, it's just spoofed:
Code:
X-Gmail-Received: 2e54f9319d8c70c34da7da2f54a40fc5e8882624
Delivered-To: [email protected]
Received: by 10.49.41.11 with SMTP id t11cs178422nfj;
        Mon, 5 Jun 2006 19:03:29 -0700 (PDT)
Received: by 10.35.88.17 with SMTP id q17mr7456132pyl;
        Mon, 05 Jun 2006 19:03:29 -0700 (PDT)
Return-Path: <[email protected]>
Received: from tucker.org (blk-222-142-233.eastlink.ca [24.222.142.233])
        by mx.gmail.com with SMTP id v53si1052974pyv.2006.06.05.19.03.28;
        Mon, 05 Jun 2006 19:03:29 -0700 (PDT)
Received-SPF: neutral (gmail.com: 24.222.142.233 is neither permitted nor denied by domain of [email protected])
Date: Mon, 05 Jun 2006 19:03:19 -0800
To: "Alexdodd" <[email protected]>
From: "Alexdodd" <[email protected]>
Subject: 1545453
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit

<html><body>
969

<br>
</body></html>
 
Permabanned
Joined
19 Apr 2006
Posts
2,333
Location
West Yorkshire
Wryel said:
No idea where this thread should go, its not exactly technicial....

Got a call from a user today, stating he had recieved an email from himself although he didn't send it. All it contained was three numbers in the title and three numbers in the body. That was weird enough, but I've just had the same thing happen to me from a personal account that has nothing to do with the company I'm at.

DAY OF THE DEVIL!!!!!

we got about 60 of these today too :S

-----Original Message-----
From: Karl.scott [mailto:karl.scottXXXXXXXXX]
Sent: 06 June 2006 08:39
To: Karl.scott
Subject: 557


5556

Not had any luck in tracking down what it is, but it is harmless as far I could see, no attachments, nothing hidden in the html code, very odd!
 

Kol

Kol

Man of Honour
Joined
8 Jan 2003
Posts
14,201
Location
London
Wryel said:
No idea where this thread should go, its not exactly technicial....

Got a call from a user today, stating he had recieved an email from himself although he didn't send it. All it contained was three numbers in the title and three numbers in the body. That was weird enough, but I've just had the same thing happen to me from a personal account that has nothing to do with the company I'm at.

DAY OF THE DEVIL!!!!!

I had exactly the same. An email from myself, but four numbers and about 5 or 6 in the subject.
 
Man of Honour
Joined
4 Nov 2002
Posts
15,508
Location
West Berkshire
I have three accounts that get spammed regularly and only the account I use for the forums got one.

Anyway, it's spam originating from a server somewhere in/near Moscow. The server is either compromised or set up deliberately to send spam, as it's using a fake announcement as well as fake headers.

My guess would be a spammer who hasn't got a clue what they're doing. Happens regularly. I got a Barclays Phishing email yesterday that looked good enough, except for the fact that they forgot to put the URL of their fake site in it. :D
 
Permabanned
Joined
19 Apr 2006
Posts
2,333
Location
West Yorkshire
it has been suggested by Sans that this may a technique for seeding out a new bagle variant:

A new twist in spammer tactics is being reported, although we're not sure what their goal is at the moment.

Some of our readers report receiving messages apearing to originate from themselves, with only numbers as subject and body.

The body does apears to be HTML encoded, but it's so basic as to not pose a threat so far.

It would be a good idea to investigate if you can drop email that apears to be from your own organization while originating outside of it. If your users do not send such email (e.g. because they use a VPN to connect back to the inside while on the road), dropping that email might cut down on a few spams.

Some fun while on this subject - it's a Tuesday after a 3 day weekend in some countries - :
All relations to the SPAM luncheon meat product are purely accidental, even if it was inspired on a 1975 sketch from Monty Python. Most of us think spam started back in 1994 when two lawyers advertized their green card scam in each and every usenet newsgroup. Some digging around revealed much earlier attempts in 1978 on the precursor to the modern Internet. It just goes to show you're never around for too long to learn something new.

UPDATE

Some guesses as to what the cause of the spam might be have been received by now and I'd like to point out a few:

* Today's date is the number of the beast, it might attract some old style hackers.
* There is a possible link to Bagle seeding as it was done in the past and we might need to expect a new variant of it soon.
 
Back
Top Bottom