Oh dear...

Jan. 28th, 2009 02:43 am
capri0mni: A black Skull & Crossbones with the Online Disability Pride Flag as a background (Default)
[personal profile] capri0mni
I think I may have opened a malware email which then sent something to my entire AOL address book...

The addy that showed in the mailbox window only had MAILER-DAEMON... visable in the addy box. And I couldn't see, until I opened the email, that it was sent from an the Internet, and the full addy was:
MAILER-DAEMON@wllqa.myall.net.

And that the transcript says it was mailed tomorrow morning...

...That '.myall' is making me nervous...

So how do I warn the people in my address book not to open any email that seems to be coming from me, without sending them an email?

How do I stop this?

*just this close to biting my fingernails*
Tags:
  • Add Memory
  • Share This Entry
Flat | Top-Level Comments Only

Date: 2009-01-28 08:01 am (UTC)
From: [identity profile] alryssa.livejournal.com
No, you're fine.

myall.net is a valid email address. Mailer-Daemon is the postmaster for that domain.

If you could copy the text and headers from that email into a comment, I can tell you what it's about.

In the case of malware attack, you would have to open an attachment to said email in order to execute a virus on your system.

Date: 2009-01-28 08:19 am (UTC)
From: [identity profile] capriuni.livejournal.com
That's what I thought at first, but then it was so weird, because none of the words in the message itself made any sense, towhit:

Subject: Returned mail: see transcript for details

The original message was received at Wed, 28 Jan 2009 11:14:20 +1000
from ppp-124-120-36-99.revip2.asianet.co.th [124.120.36.99]

----- The following addresses had permanent fatal errors -----
<caprius@myall.net>
(reason: 550 5.1.1 <caprius@myall.net>: Recipient address rejected: User unknown in local recipient table)

----- Transcript of session follows -----
... while talking to kurrajong.myall.net.:
>>> DATA
<<< 550 5.1.1 <caprius@myall.net>: Recipient address rejected: User unknown in local recipient table
550 5.1.1 <caprius@myall.net>... User unknown
<<< 554 5.5.1 Error: no valid recipients


Final-Recipient: RFC822; caprius@myall.net
Action: failed
Status: 5.1.1
Remote-MTA: DNS; kurrajong.myall.net
Diagnostic-Code: SMTP; 550 5.1.1 <caprius@myall.net>: Recipient address rejected: User unknown in local recipient table
Last-Attempt-Date: Wed, 28 Jan 2009 11:14:21 +1000


Return-Path: <capriuni@aol.com>
Received: from BOONG (ppp-124-120-36-99.revip2.asianet.co.th [124.120.36.99])
by wilga.myall.net (8.14.0/8.14.0) with SMTP id n0S1EJSl023054
for <caprius@myall.net>; Wed, 28 Jan 2009 11:14:20 +1000
Date: Wed, 28 Jan 2009 11:14:19 +1000
Message-Id: <200901280114.n0S1EJSl023054@wilga.myall.net>
Content-Return: allowed
X-Mailer: devMail.Net (3.0.1854.22234-2)
To: caprius@myall.net
Subject: RE: Canadian Pharmacy Message 77153
From: caprius@myall.net
MIME-Version: 1.0
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: 7bit


I mean: Whut?

There isn't even a message in that message?!?!!

Date: 2009-01-28 08:36 am (UTC)
From: [identity profile] alryssa.livejournal.com
It's basically telling you that a message sent from your address to caprius@myall.net bounced. That's all.

Date: 2009-01-28 08:53 am (UTC)
From: [identity profile] capriuni.livejournal.com
But that's just it -- I never sent any message to caprius@myall.net.

I've only sent out one email in the last ten days, and that was to my aide, on Sunday night. And she's got her email at cox.net.

Date: 2009-01-28 09:17 am (UTC)
From: [identity profile] alryssa.livejournal.com
It's really nothing to worry about. It's probably the result of a spam email that went out, with a spoofed reply-to that used your address as the reply-to. Spammers often use other people's email addresses as the reply-to field, oftentimes just harvesting them from the internet or just making them up.

Just opening this email did not cause any harm to you or your machine.

Date: 2009-01-28 02:54 pm (UTC)
From: [identity profile] rob-t-firefly.livejournal.com
I second this. Spammers use their ill-gotten email lists not only to spam to, but to populate their forged from: fields. So when a spam like that bounces, it goes back to the spoofed "sender," in this case yourself.

There is also spam that simply makes itself look like something you ostensibly sent which failed and came back, for the reason that you're more likely to actually look at it if it seems like the result of a mistake on your part. In an industry that sends out billions of dodgy emails per second, any trick can raise the percentile of their ill-gotten returns.

Either way, it's harmless to you.
  • Add Memory
  • Share This Entry
Flat | Top-Level Comments Only

Profile

capri0mni: A black Skull & Crossbones with the Online Disability Pride Flag as a background (Default)
Ann

February 2025

S M T W T F S
      1
2345678
91011121314 15
16171819202122
232425262728 

Most Popular Tags

Page Summary

Active Entries

Style Credit

Expand Cut Tags

No cut tags
Page generated Jun. 25th, 2025 02:25 pm
Powered by Dreamwidth Studios