|
john@ntlworld.com
Anyone else get a whole bunch of emails from john@ntlworld.com sent to their ntlworld email account?
My anti virus software went made when these were coming down the wire. |
Re: john@ntlworld.com
Nope but it's not uncommon for the "Ghost" sender's name to be something that sounds "OK" like "John" as it increases the chance of those who do get mail from a real "John" to be tempted to open with less thought.
|
Re: john@ntlworld.com
same as sociable said, plus..
as a general rule the sender address is worthless when tracing spam or virii, it's the IP address in the header that gives you the actual source |
Re: john@ntlworld.com
i got a load more tonight. The ip address is 80.0.208.185.
|
Re: john@ntlworld.com
that resolves to
public2-pete1-3-cust185.lond.broadband.ntl.com so it looks like an ntl ip. I would say that it would also be possible to spoof the IP address of the sender too, more difficult, but possible |
Re: john@ntlworld.com
so basically your saying its not possible to trace this email back ot the originator?
|
Re: john@ntlworld.com
Quote:
|
Re: john@ntlworld.com
Quote:
It is possible to spoof the originating IP and even if it did originate from that IP it may well not have been the person on that IP that initiated it. If that person has a trojan sitting on their system it would be relatively simple to bounce mails through them without them ever being aware of it. Going back a few years Cabletel (Pre NTL) were blacklisted by many sites because their mail servers were so insecure they were a popular target for this type of "Bounce" being used to hide the true origins of attacks. Up-dates to the security allowed them to get off the blacklist but it shows just how easy it can be to fool the system even when it is being controlled by a large organisation in the internet provison field let alone an individual subscriber. |
Re: john@ntlworld.com
Got some more today. This is the complete header
Return-Path: <john@ntlworld.com> Received: from localhost ([80.0.208.185]) by mta07-svc.ntlworld.com (InterMail vM.4.01.03.37 201-229-121-137-20020806) with SMTP id <20031212072431.BIQ2588.mta07-svc.ntlworld.com@localhost> for <****.*****@ntlworld.com>; Fri, 12 Dec 2003 07:24:31 +0000 From: john@ntlworld.com To: ****.***** <****.*****@ntlworld.com> Reply-To: john@ntlworld.com X-Priority: 1 (High) Subject: don't be late! aeaagmeg MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----------D5017952000A9B8" Message-Id: <20031212072431.BIQ2588.mta07-svc.ntlworld.com@localhost> Date: Fri, 12 Dec 2003 07:24:36 +0000 |
Re: john@ntlworld.com
Try forwarding a couple of headers to abuse@ntlworld.com, I would have thought that they should be able to tell him to stop spamming you (assuming the header hasnt been spoofed) or to protect himself from trojans
|
Re: john@ntlworld.com
I got a boatload of these in a BTINTERNET email account last week, from a 'john@btinternet' same subject line as yours 'don't be late!' followed by a series of letters that were different on each email. Body of message was something about 'see you on wednesday' etc 'details in attached file' , which was a .zip file containing a .scr file. D
I deleted them all but would have been interested to find out what the script did. |
| All times are GMT +1. The time now is 23:38. |
Powered by vBulletin® Version 3.8.5
Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.3.2
Copyright © 2003 - 2010, Cable Forum.