Spoofing Mails

[LSainsbury]

Hi,

Today something strange happened.

My hotmail decided to send a spam message to my contacts and also to my messenger contacts.

I wasn't logged into either at the time.

So far I've changed my password and done complete virus scans and malware scans of my laptop and desktop - nothing found.

Any ideas how this happened? I can understand the email side of things but how the hell did it manage to send a msn message to my contacts when I wasn't even logged into msn!

[Peter_]

You do not need to be logged in if someone has managed to hijack your account, you have changed the password so it should be ok now.

[LSainsbury]

OK thanks for that - is there a way to tell where it was logged in from like in gMail?

[Peter_]

I do not use or deal that kind of issue so maybe one of the more technical guys may be able to give advice.

I am basing this on Virginmedia webmail, I can be fully logged off this machine but my email can be accessed from virtually any machine in the world via the Virginmedia homepage as long as they have my email address and can crack my password, the first thing I would know about it would be when I noticed suspicious activity, such as strange emails dropping into my Outlook inbox.

[progers]

My daughter's Hotmail is always doing this, if anyone finds the answer, please post!

[Hugh]

On gmail, at the bottom of the screen there is the option (Details) to check where your gmail has been accessed from

Quote:

Add your Gmail inbox to the Google homepage.
You are currently using 270MB (3%) of your 7527MB.
Last account activity: 32 minutes ago at IP xxx.xx.xx.xxx. Details
Gmail view: standard | turn off chat | turn off buzz | older contact manager | basic HTML Learn more
©2010 Google - Terms - Privacy Policy - Buzz Privacy Policy - Google Home

[Peter_]

Quote:

Originally Posted by Hugh

On gmail, at the bottom of the screen there is the option (Details) to check where your gmail has been accessed from

If you do a NSLOOKUP of the ip address here I think you will find that is the email gateway for Googlemail.

This is mine on the Google platform Webmail 62.254.26.10 which resolves to
name = know-mailgateway-2.server.virginmedia.net.

[Uncle Peter]

The originating IP of the machine which sent the message will be in the header. Anyone can fake the contents of the "from" field, the level of difficulty in doing this is trivial.

There is a possiblity that someone you know has malware on their system which is harvesting their address book for valid contacts, using the addresses it finds as targets and also as values for the return address, yours being one of them.

[Hugh]

Quote:

Originally Posted by Masque

If you do a NSLOOKUP of the ip address here I think you will find that is the email gateway for Googlemail.

This is mine on the Google platform Webmail 62.254.26.10 which resolves to
name = know-mailgateway-2.server.virginmedia.net.

You need to click on the details button to get the last ten ip addresses that accessed the account....

[Peter_]

Quote:

Originally Posted by Hugh

You need to click on the details button to get the last ten ip addresses that accessed the account....

They are all email gateways just go to http://tools.virginmedia.com/ and put each of the 10 into it and do nslookup and they will all resolve to the email servers.

[Hugh]

Strange - when I check the IPs on the list, they resolve to my place of work, my mobile phone provider, and my home IP.......

[Peter_]

Quote:

Originally Posted by Hugh

Strange - when I check the IPs on the list, they resolve to my place of work, my mobile phone provider, and my home IP.......

When I go to my @blueyonder.co.uk webmail account and I click on details at the bottom and then put them into nslookup they all resolve to an email gateway, but when I open my Googlemail accounts I cannot find the details button with the ip's listed.