Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

mystery email transmission

4 views
Skip to first unread message

drwho

unread,
Jun 24, 1999, 3:00:00 AM6/24/99
to
quik...@ix.netcom.com (anonymous) writes:

> Tell me if I'm posting this in the wrong category.
>
> Here's the story:

To me, this sounds like a spammer, relaying mail off someone's host.
If anything, you should look at the FULL headers of the message (in
particular, the "Received: " lines, and take note of the hosts the
mail passed through. The very last "Received: " line is probably
(but not always) the host that originally sent the message.

Check out in the news.admin.net-abuse groups for more information on
this, and when you find what you are looking for, PLEASE complain to
the ISP of the user that sent the mail originally... usually, this
results in the termination of that user's account, or at least a
severe warning to STOP spamming...

Also see the site listed in my .signature.

--
Fight email spam: http://www.cauce.org/

anonymous

unread,
Jun 25, 1999, 3:00:00 AM6/25/99
to
Tell me if I'm posting this in the wrong category.

Here's the story:
An e-mail was sent from my father's computer at 6 pm tonight, EDT. I
am posting this question on his behalf. He did not send this message,
and he has been sitting at his computer since 3 pm so he knows that no
other individual at his home sent it. He is not familiar with the
destination e-mail address, at aol.com. He feels that someone is
accessing his computer remotely and sent this message. He noticed the
message when he checked his sent mail folder at about 6:30 pm to make
sure that a message, that he really sent, was sent. By the way, my
father has a habit of deleting messages from his sent mail folder as
soon as he sees that the message was sent. His 6:30 message was not
the first one of the day -- his previous messages for today had
already been deleted earler. Only this mystery message and the 6:30
message were in his sent mail folder. So he knows that this mystery
message was sent from his computer today.

I am posting the message --- he forwarded it to me. Can anybody tell
me how this could have happened? How can we figure out who is doing
this? I hope you do not think this is a joke. It is not. I am
concerned. Any help gratefully appreciated. The only things I have
changed on the message are my and my father's user names.

***************************************************

From: myfa...@aol.com
Date: Thu, 24 Jun 1999 21:33:30 EDT
Subject: Fwd: the baby
To: m...@ix.netcom.com
X-Mailer: AOL 4.0 for Windows 95 sub 13


Return-path: myfa...@aol.com
From: myfa...@aol.com
Full-name: myfather
Message-ID: <8c0de40d...@aol.com>
Date: Thu, 24 Jun 1999 21:00:24 EDT
Subject: the baby
To: Zzb...@aol.com
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: AOL for Macintosh sub 54

Hey little one,
bargaining is a sport that comes naturaly and can not be taught.
but I
will try my best to teach the little one all of my very special charms
and
beggery. i love XiXi and you too!!! so do you want to go or not?
Look -
you knew what I what I meant. Anywho you forget that the baby - Me,
can get
into and out of anything. So yes I will help you. "What does a
flower say
when it blooms?" It says " yeah baby, yeah do I make you horny baby?"
bye
now


love, The Baby

Nikola Milutinovic

unread,
Jun 25, 1999, 3:00:00 AM6/25/99
to
anonymous wrote:
>
> Tell me if I'm posting this in the wrong category.

Well, yeah, but don't let that bother you. This is so interesting that most of
us will forgive you.

> From: myfa...@aol.com
> Date: Thu, 24 Jun 1999 21:33:30 EDT
> Subject: Fwd: the baby
> To: m...@ix.netcom.com
> X-Mailer: AOL 4.0 for Windows 95 sub 13

I'm not familiar with AOL, looks like their custom mail program (Netscape?) for
Win95.

> Return-path: myfa...@aol.com
> From: myfa...@aol.com
> Full-name: myfather
> Message-ID: <8c0de40d...@aol.com>
> Date: Thu, 24 Jun 1999 21:00:24 EDT
> Subject: the baby
> To: Zzb...@aol.com

Contact AOL, explain your problem, ask who is that "Zzb...@aol.com" it could be
na alias for mail list. And those are used bu bulkers and spammers, but they are
also OWNED, thus tracable through AOL admins.

> MIME-Version: 1.0
> Content-Type: text/plain; charset="us-ascii"
> Content-Transfer-Encoding: 7bit
> X-Mailer: AOL for Macintosh sub 54

"Mystery, kick in!" This shows AOL mailer (Netscape?) but for Macintosh!!???
There's no way someone used your father's mailer for this, this was done by
someone else's mailer and then placed in that "Sent folder". Or perhaps
"unsent", to be sent and when it was sent, it was placed automatically in "sent"
folder.

Purpose? To cover tracks. That mail doesn't look like your every day spam, more
like abusive massage. Beware of Back Oriffice and similar "Troyans", could be
your case.

I am told that AOL sucks generally, maybe you should run more public and less
custom software?

Nix.
--

anonymous

unread,
Jun 25, 1999, 3:00:00 AM6/25/99
to
Please explain to me what
Back Oriffice and similar "Troyans"
means.

anonymous

unread,
Jun 25, 1999, 3:00:00 AM6/25/99
to
The headers I have listed are the only ones my father sees. I asked
him to print out the message to see if more information was printed.
There was no more, just the headers that he saw on his monitor.


On 24 Jun 1999 23:19:14 -0500, drwho <dr...@xnet.com> wrote:

>quik...@ix.netcom.com (anonymous) writes:
>
>> Tell me if I'm posting this in the wrong category.
>>

David Stanaway

unread,
Jun 25, 1999, 3:00:00 AM6/25/99
to
I think AOL is really bad with security..
My Fiance had to change screen names a few times because someone gained access
to her mail files on AOL and was sending stuff. AOL was very unhelpful in this
reguard.. and everyone gets internal spam with porn and pyramid shit.

Get a better ISP... and don't post to so many damned newsgroups.
If they victim is using AOL, then they doesn't really have much to do with all
the Unix groups you spamed.. direct them to AOL and abuse the crap out of their
support staff if they are not helpfull.

Bob Tinsley

unread,
Jun 26, 1999, 3:00:00 AM6/26/99
to
anonymous wrote:
>
> Please explain to me what
> Back Oriffice and similar "Troyans"
> means.

"Please explain to me how to use a search engine."

Okay:

http://www.altavista.com/cgi-bin/query?pg=q&kl=XX&q=%22back+orrifice%22

HTH,

-- Bob

>
> On Fri, 25 Jun 1999 09:46:35 +0200, Nikola Milutinovic
> <Nikola.Mi...@ev.co.yu> wrote:
>
> >anonymous wrote:
> >>

> >> Tell me if I'm posting this in the wrong category.
> >

Ben Aveling

unread,
Jun 28, 1999, 3:00:00 AM6/28/99
to
Twas brillig, and Nikola Milutinovic scrobe:

> "Mystery, kick in!" This shows AOL mailer (Netscape?) but for Macintosh!!???
> There's no way someone used your father's mailer for this, this was done by
> someone else's mailer and then placed in that "Sent folder". Or perhaps
> "unsent", to be sent and when it was sent, it was placed automatically in "sent"
> folder.

But why would that message end up in the sent folder? Unless someone was
actually logged in as that user? In the system logs, yes, certainly, but
not in the user's sent folder. (Unless AOL is stranger than I realised?)

He should probably tell his father to change his password, for all that's
worth. And ISP, for that matter.

Regards, BenA
--
"It's not my job to teach you how to read or to think. If you have a
critical failing in either of those abilities, you will find yourself in
situations where you will look foolish because of it." -Sean K. Reynolds

0 new messages