Author Topic: Email addys - anyone heard of this one?  (Read 3866 times)

0 Members and 1 Guest are viewing this topic.

Offline MikeBCda

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2247
Email addys - anyone heard of this one?
« on: February 16, 2004, 07:03:49 PM »
Hi,

I posted this a short while ago over at Wilders, but I figured posting here too wouldn't hurt any.

I'm well aware that some email viruses "borrow" the from and/or to addresses from the addy book in the process of distributing themselves.  But I always thought the address was picked up complete, rather than in "pieces".

I frequently forward copies of Nigerian Letters and related stuff to the Phonebusters unit (joint RCMP-OPP operation).  Last night I got a failed-delivery notice relating to one of those, for one I'd sent them -- it was showing delivery attempted to "wafl@" (so far correct) at a totally different domain.  The message body, and even my original "To" address, were still there and were correct.

I use Eudora 6 (under XP-Home, all critical updates), and avast (both resident and on-demand) and Ad-Aware both showed clean, and not a peep out of SpywareGuard.

Anyone ever heard of this before, the mix-and-match of a name and an unrelated domain?  It's entirely possible, of course, that it was a freak mailer-daemon glitch rather than any kind of malware -- I re-sent the latest version, complete with failed-delivery notice, and they apparently received that one ok.

Any comments or suggestions would be appreciated.  There's been no other oddball behavior to suggest any kind of malware.

Thanks and best,
Mike
Intel Atom D2700, 2 gig RAM, Win 7 x64 SP1 & IE-11, Firefox 51.0
(default). 320 gig HD, 15Mb DSL, Win firewall, Avast 12.3.2280 free, SpywareBlaster, MBAM Prem., Crypto-Prevent

Pavel Baudis

  • Guest
Re:Email addys - anyone heard of this one?
« Reply #1 on: February 16, 2004, 10:39:12 PM »
Anyone ever heard of this before, the mix-and-match of a name and an unrelated domain?

It is old, well known and widely used trick. First e-mail viruses did use the real addresses (of those really infected). Then they used false but real addresses (of some innocent people). Third step is to combine name and domain - such address does not exist in most cases.

Pavel

Offline MikeBCda

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2247
Re:Email addys - anyone heard of this one?
« Reply #2 on: February 16, 2004, 10:59:44 PM »
Thanks, Pavel.  :)  That third step, which is apparently what I ran into, I'd never even heard of before.

As I'd mentioned, everything looks clean at my end.  I did get a couple of pop-up warnings about incoming mail this afternoon, "possibly dangerous" frames -- they related to Doubleclick, however, and while that outfit is a pain for spam, it's highly unlikely they're dangerous.  I risked a look at the second one, and it turned out to be Yahoo's own advertising (this was in a group there).

Best,
Mike
Intel Atom D2700, 2 gig RAM, Win 7 x64 SP1 & IE-11, Firefox 51.0
(default). 320 gig HD, 15Mb DSL, Win firewall, Avast 12.3.2280 free, SpywareBlaster, MBAM Prem., Crypto-Prevent