HotPOP.com again!!!



roberto
07-09-2005, 11:50 PM
This is the message I received now!!! And before i received 4 spams!!

Well... this is the Original Code of message. Dave suggested 2 days ago that
my e-mail account has been forged... but in any case the original message is
on my HOTPOP INBOX...!! Whats going on with this site?? Hasn't AV protection
or what??

X-EMS: wait 10s
X-EMS: wait 20s
X-EMS: wait 30s
X-EMS: wait 40s
X-EMS: wait 50s
X-EMS: wait 60s
X-EMS: wait 70s
X-EMS: wait 80s
X-EMS: wait 90s
Return-Path: <pohisdal@c2i.net>
Received: from swip.net (mailfe07.swip.net [212.247.154.193])
by mx1.hotpop.com (Postfix) with ESMTP id 85AF3E810E
for <ralplavner@hotpop.com>; Mon, 4 Jul 2005 21:54:05 +0000 (UTC)
X-T2-Posting-ID: HqRFDKJEwrPQ5sNJ3Bpz2A==
Received: from [193.216.200.207] (HELO myigrk)
by mailfe07.swip.net (CommuniGate Pro SMTP 4.3.4)
with SMTP id 217137596; Mon, 04 Jul 2005 21:04:33 +0200
From: "Microsoft Network Email Service" <masterservice@rocketmail.com>
To: " " <user@homedomain.com>
SUBJECT: Advice
Date: Mon, 04 Jul 2005 21:04:35 +0200
Message-ID: <auto-000217137596@mailfe07.swip.net>
X-HotPOP-Delivered-To: ralplavner@hotpop.com
X-Antivirus: AVG for E-mail 7.0.323 [267.8.9]
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="=======AVGMAIL-42C9D19567D7======="

--=======AVGMAIL-42C9D19567D7=======
Content-Type: multipart/alternative; boundary=iyintzjmvh

--iyintzjmvh
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable

<HTML>
<HEAD></HEAD>
<BODY>
<iframe src=3D"cid:umsoemmyjfvpmm" height=3D0 width=3D0></iframe>
<BR><BR>Hi.
<BR>I'm sorry =
I wasn't able to deliver your message =
to the following addresses:<BR>
<BR><BR><BR>Undelivered to <B>yttftxtnng@rocketmail.com</B>
</BODY></HTML>

--iyintzjmvh--
--=======AVGMAIL-42C9D19567D7=======
Content-Type: text/plain; x-avg=cert; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Content-Description: "AVG certification"

Viruses found in the attached files.
The file haipvb.bat: Virus identified I-Worm/Swen.A. The attachment was
mov=
ed to the virus vault.

Checked by AVG Anti-Virus.
Version: 7.0.323 / Virus Database: 267.8.9/39 - Release Date: 04/07/2005

--=======AVGMAIL-42C9D19567D7=======--

Phil Weldon
07-09-2005, 11:50 PM
'roberto' posted, in part:


| This is the message I received now!!! And before i received 4 spams!!
|
| Well... this is the Original Code of message. Dave suggested 2 days ago
that
| my e-mail account has been forged... but in any case the original message
is
| on my HOTPOP INBOX...!! Whats going on with this site?? Hasn't AV
protection
| or what??


_____

As David suggested, an infected system has
harvested your email address
uses your harvested email address as a forged 'From:' entry on infected
email

infected email using your email address as a forged 'From:' entry is
received by the hotpop.com mail server
the antivirus protection on the hotpop.com mail server detects and removes
the infected package
the hotpop.com mail server sends a notice of infected mail recieved to the
forged address (yours)

How did your hotpop.com email address get harvested? Well, you posted to
this newsgroup using a hotpop.com email address. Some malware harvests
email addresses from Usenet newsgroup postings, reading directly from news
servers.
Never post to Usenet newsgroups using a valid email address as the 'From:'
address. Instead, use a guaranteed invalid email address. 'invalid.com'
and 'example.com' are reserved domain names and can be used safely without
fear of directing spam or infectious attacks to an email address in use.
Use not.disclosed@invalid.com is a good choice - since it is reserved, any
number of people can use it and no bounces are generated.

Phili Weldon

"roberto" <ralplavner@HotPOP.com> wrote in message
news:%232HGlgOgFHA.2700@TK2MSFTNGP15.phx.gbl...
> This is the message I received now!!! And before i received 4 spams!!
>
> Well... this is the Original Code of message. Dave suggested 2 days ago
> that
> my e-mail account has been forged... but in any case the original message
> is
> on my HOTPOP INBOX...!! Whats going on with this site?? Hasn't AV
> protection
> or what??
>
> X-EMS: wait 10s
> X-EMS: wait 20s
> X-EMS: wait 30s
> X-EMS: wait 40s
> X-EMS: wait 50s
> X-EMS: wait 60s
> X-EMS: wait 70s
> X-EMS: wait 80s
> X-EMS: wait 90s
> Return-Path: <pohisdal@c2i.net>
> Received: from swip.net (mailfe07.swip.net [212.247.154.193])
> by mx1.hotpop.com (Postfix) with ESMTP id 85AF3E810E
> for <ralplavner@hotpop.com>; Mon, 4 Jul 2005 21:54:05 +0000 (UTC)
> X-T2-Posting-ID: HqRFDKJEwrPQ5sNJ3Bpz2A==
> Received: from [193.216.200.207] (HELO myigrk)
> by mailfe07.swip.net (CommuniGate Pro SMTP 4.3.4)
> with SMTP id 217137596; Mon, 04 Jul 2005 21:04:33 +0200
> From: "Microsoft Network Email Service" <masterservice@rocketmail.com>
> To: " " <user@homedomain.com>
> SUBJECT: Advice
> Date: Mon, 04 Jul 2005 21:04:35 +0200
> Message-ID: <auto-000217137596@mailfe07.swip.net>
> X-HotPOP-Delivered-To: ralplavner@hotpop.com
> X-Antivirus: AVG for E-mail 7.0.323 [267.8.9]
> Mime-Version: 1.0
> Content-Type: multipart/mixed;
> boundary="=======AVGMAIL-42C9D19567D7======="
>
> --=======AVGMAIL-42C9D19567D7=======
> Content-Type: multipart/alternative; boundary=iyintzjmvh
>
> --iyintzjmvh
> Content-Type: text/html
> Content-Transfer-Encoding: quoted-printable
>
> <HTML>
> <HEAD></HEAD>
> <BODY>
> <iframe src=3D"cid:umsoemmyjfvpmm" height=3D0 width=3D0></iframe>
> <BR><BR>Hi.
> <BR>I'm sorry =
> I wasn't able to deliver your message =
> to the following addresses:<BR>
> <BR><BR><BR>Undelivered to <B>yttftxtnng@rocketmail.com</B>
> </BODY></HTML>
>
> --iyintzjmvh--
> --=======AVGMAIL-42C9D19567D7=======
> Content-Type: text/plain; x-avg=cert; charset=us-ascii
> Content-Transfer-Encoding: quoted-printable
> Content-Disposition: inline
> Content-Description: "AVG certification"
>
> Viruses found in the attached files.
> The file haipvb.bat: Virus identified I-Worm/Swen.A. The attachment was
> mov=
> ed to the virus vault.
>
> Checked by AVG Anti-Virus.
> Version: 7.0.323 / Virus Database: 267.8.9/39 - Release Date: 04/07/2005
>
> --=======AVGMAIL-42C9D19567D7=======--
>
>
>

Lanwench [MVP - Exchange]
07-09-2005, 11:50 PM
In news:%232HGlgOgFHA.2700@TK2MSFTNGP15.phx.gbl,
roberto <ralplavner@HotPOP.com> typed:
> This is the message I received now!!! And before i received 4 spams!!
>
> Well... this is the Original Code of message. Dave suggested 2 days
> ago that my e-mail account has been forged... but in any case the
> original message is on my HOTPOP INBOX...!! Whats going on with this
> site?? Hasn't AV protection or what??
>
<snip>

As Phil said: you're posting to a public newsgroup with your real, unmunged,
e-mail address in your account properties, visible to all, including the
unscrupulous. You will also probably get viruses and more spam sent to you.

Other than changing your e-mail address, there isn't much you can do about
that now - but see http://www.mailmsg.com/SPAM_munging.htm

roberto
07-09-2005, 11:50 PM
Well, ....then i was a "rookie" LOL. I did this:

1. Disable the option of e mail forwarding on my HotPOP account
2. I create a new account

Since now i will just need to check regularly the mails on my HotPOP inbox
i need to say that i use this account for a few purposes related all of
them with news from Sophos, and other sites and just for a few persons
.....whose could be noticed about it)

Thanks to all of u !!!!

robert

"Lanwench [MVP - Exchange]"
<lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com> escribió en el
mensaje news:#T1hx1dgFHA.272@TK2MSFTNGP15.phx.gbl...
>
>
> In news:%232HGlgOgFHA.2700@TK2MSFTNGP15.phx.gbl,
> roberto <ralplavner@HotPOP.com> typed:
> > This is the message I received now!!! And before i received 4 spams!!
> >
> > Well... this is the Original Code of message. Dave suggested 2 days
> > ago that my e-mail account has been forged... but in any case the
> > original message is on my HOTPOP INBOX...!! Whats going on with this
> > site?? Hasn't AV protection or what??
> >
> <snip>
>
> As Phil said: you're posting to a public newsgroup with your real,
unmunged,
> e-mail address in your account properties, visible to all, including the
> unscrupulous. You will also probably get viruses and more spam sent to
you.
>
> Other than changing your e-mail address, there isn't much you can do about
> that now - but see http://www.mailmsg.com/SPAM_munging.htm
>
>

Lanwench [MVP - Exchange]
07-09-2005, 11:50 PM
In news:eZEh4SigFHA.1252@TK2MSFTNGP09.phx.gbl,
roberto <ralplavner@HotPOP.com> typed:
> Well, ....then i was a "rookie" LOL. I did this:
>
> 1. Disable the option of e mail forwarding on my HotPOP account
> 2. I create a new account
>
> Since now i will just need to check regularly the mails on my HotPOP
> inbox i need to say that i use this account for a few purposes
> related all of them with news from Sophos, and other sites and just
> for a few persons ....whose could be noticed about it)
>
> Thanks to all of u !!!!

No problem - but I can see from the headers that you still haven't munged
your e-mail address in your news account settings, so you haven't fixed the
problem. Change it to me@example.com or something else - do NOT choose a
domain name that actually exists, though. Example.com is fine, as is
thisisnotarealdomainhonestyahoo.com .....capische?
>
> robert
>
> "Lanwench [MVP - Exchange]"
> <lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com> escribió
> en el mensaje news:#T1hx1dgFHA.272@TK2MSFTNGP15.phx.gbl...
>>
>>
>> In news:%232HGlgOgFHA.2700@TK2MSFTNGP15.phx.gbl,
>> roberto <ralplavner@HotPOP.com> typed:
>>> This is the message I received now!!! And before i received 4
>>> spams!!
>>>
>>> Well... this is the Original Code of message. Dave suggested 2 days
>>> ago that my e-mail account has been forged... but in any case the
>>> original message is on my HOTPOP INBOX...!! Whats going on with this
>>> site?? Hasn't AV protection or what??
>>>
>> <snip>
>>
>> As Phil said: you're posting to a public newsgroup with your real,
>> unmunged, e-mail address in your account properties, visible to all,
>> including the unscrupulous. You will also probably get viruses and
>> more spam sent to you.
>>
>> Other than changing your e-mail address, there isn't much you can do
>> about that now - but see http://www.mailmsg.com/SPAM_munging.htm


HotPOP.com again!!!