The Ethical Hacker Network

Latest Additions

Who's Online

LoganYoung

Newbie

Offline

Posts: 4

Email Spoofing

« on: October 26, 2010, 03:30:39 PM »

Hi!

Some of my friends have been complaining at me because I'm apparently sending them spam email from my Hotmail account. I'm investigating now and it looks like someone's spoofing.

The first alarm bells went off when I saw over 250 "Undelivered Reports" in my inbox. I had a look at the header for one of these and, after going through it, I'm not really 100% on what I'm seeing, but a little more research will help that...

What I'd like to know is what steps I have to take to (essentially) get my email back.

Any help will be greatly appreciated.


	Logged

dante

Jr. Member

Offline

Posts: 58

Re: Email Spoofing

« Reply #1 on: October 26, 2010, 03:50:51 PM »

Normally by the inherent nature of how email works it is possible to spoof email ids. But as you are seeing Undelivered reports, seems something fishy.

Your email might have been hacked.

1)Change your password
2)Change your security questions
3)Change the backup email address that you might have given in case if you forget the password

If you system is infected, then doing all the above is just waste of time. Do the above steps on a clean system. Then format the infected system. This is better than scanning the system for malware as you will be never sure whether all the threats has been neutralized.


« Last Edit: October 26, 2010, 03:54:19 PM by dante »	Logged

LoganYoung

Newbie

Offline

Posts: 4

Re: Email Spoofing

« Reply #2 on: October 26, 2010, 04:09:24 PM »

Hi dante,

Can I just make some assumptions here?

1)Wouldn't anyone who can hack my account try to change the password, security question, backup email address?
2)Because I haven't actually used this specific account in months (aside from tonight, I don't remember the last time I logged into it), isn't there a good chance it's not some sort of infection on my system? (I do keep my AV/AM programs up to date)

The main reason I think it's being spoofed is because I haven't logged into the account for so long (I also changed the password a few months back because my mom's laptop got stolen and she had my password saved there).
Also, when I looked at the header for one of the emails that didn't send, I saw this:

Code:

X-Originating-IP: [88.96.215.78]

When I tried to ping this IP, I didn't get any results, so I'm thinking it's either forged or it's a zombie machine somewhere.
As for your steps, I'll be doing them in a second from my laptop (which has been cleaned).

Assuming this is someone spoofing my mail address, what can I do about this?


	Logged

chrisj

Hero Member

Offline

Posts: 1163

Re: Email Spoofing

« Reply #3 on: October 27, 2010, 03:51:16 AM »

The answer to question 1) is they could. However once they have the email account they'll want to draw a little attention to it has possible. Making those changes would be the opposite.

Check to see if you're account is being accessed from anywhere else. That's one of the features I like about Gmail, it'll show me what other ip address have accessed the account.

2) not logging in for a while makes the account a prime target. Because you don't know what's been done AV and AM programs are reactive, so you could be infected for a few days and not know it. Some of the nasties hide by disabling updates and others. You'll think it's working right when it's not.

Check your out box. see what's there. Also read the whole header of the emails.

Lastly 1 account 1 password is best. I've had several friends recently (over the last year) sending spam. Not spoofed, from their accounts, that they didn't send. Mainly because the thought the were logging into a site, and they reused their passwords.

Facebook scams a great for that, click a link you think is from face book log in, and bad guy now has you're face book account, and if you reuse passwords your email password.