email spoofed/hijacked?

[jetzkr8]

I would like to see if any others have this thing happening. I received the follwoing email 'bounce' notification for mail that i never sent. the first one I just deleted, but the second one is appended below.

The sending email client is indicated as OUTLOOK EXPRESS. I have this installed but use OUTLOOK 2002 for all my emails.

The email root@localhost probably refers to oscommerce, which I am testing in my current hosting area; and my email has been xxx'ed out but it's my actual email. The fact is I never sent any email like this. Could my email id or similar resource have been hijacked?

Quote:

X-Symantec-TimeoutProtection: 0
X-Symantec-TimeoutProtection: 1
Return-Path: <owner-mynic-users@mail.mynic.net.my>
Delivered-To: xxxx@xxxxx.xxx (blanked out my email here)
Received: (qmail 44725 invoked by uid 399); 6 Sep 2003 23:10:36 -0000
Received: from unknown (HELO mail.mynic.net.my) (192.228.180.4)
by mail1.hsphere.cc with SMTP; 6 Sep 2003 23:10:32 -0000
Received: (from root@localhost)
by mail.mynic.net.my (8.12.9/8.12.9) id h86F9C6P061216
for mynic-users-outgoing@mail.mynic.net.my; Sat, 6 Sep 2003 23:09:12 +0800 (MYT)
(envelope-from postmaster@webshop2u.com)
Received: from webshop2u.com (ns1.webshop2u.com [202.157.185.52])
by mail.mynic.net.my (8.12.9/8.12.9) with SMTP id h86F9CO0061147
for <mynic-users-outgoing@mail.mynic.net.my>; Sat, 6 Sep 2003 23:09:12 +0800 (MYT)
(envelope-from postmaster@webshop2u.com)
Received: (qmail 24268 invoked by uid 99); 6 Sep 2003 15:09:20 -0000
Received: from unknown (HELO home-pc.webshop2u.com) (219.95.129.237)
by ns1.webshop2u.com with SMTP; 6 Sep 2003 15:09:20 -0000
Message-Id: <5.2.1.1.0.20030906230742.02f445d8@interplay.com.m y>
X-Mailer: QUALCOMM Windows Eudora Version 5.2.1
Date: Sat, 06 Sep 2003 23:08:26 +0800
To: mynic-users-outgoing@mail.mynic.net.my
From: Postmaster Virus Checker <postmaster@webshop2u.com>
Subject: Re: Returned mail: User unknown AOL
In-Reply-To: <200309060028.UAA04234@rly-xg02.mx.aol.com>
Mime-Version: 1.0
X-scanner: scanned by Inflex 1.0.12 - (http://pldaniels.com/inflex/)
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-AntiVirus: scanned for viruses by AMaViS 0.2.1 (http://amavis.org/)
X-Spam-Status: No, hits=-2.0 required=5.0
tests=EMAIL_ATTRIBUTION,IN_REP_TO,QUOTED_EMAIL_TEX T,
REPLY_WITH_QUOTES
version=2.55
X-Spam-Level:
X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp)


-----Original Message-----
From: Postmaster Virus Checker [mailtoostmaster@webshop2u.com]
Sent: Saturday, September 06, 2003 11:08 PM
To: mynic-users-outgoing@mail.mynic.net.my
Subject: Re: Returned mail: User unknown AOL


At 08:28 PM 9/5/2003 -0400, you wrote:
>The original message was received at Fri, 5 Sep 2003 20:28:04 -0400
>(EDT) from [202.184.83.2]
>
>
>*** ATTENTION ***
>
>Your e-mail is being returned to you because there was a problem with
>its delivery. The address which was undeliverable is listed in the
>section
>labeled: "----- The following addresses had permanent fatal errors -----".
>
>The reason your mail is being returned to you is listed in the section
>labeled: "----- Transcript of Session Follows -----".
>
>The line beginning with "<<<" describes the specific reason your e-mail
>could not be delivered. The next line contains a second error message
>which is a general translation for other e-mail servers.
>
>Please direct further questions regarding this message to your e-mail
>administrator.
>
>--AOL Postmaster
>
>
>
> ----- The following addresses had permanent fatal errors -----
><vkajy13e1h46@aol.com>
>
> ----- Transcript of session follows -----
>... while talking to air-xg03.mail.aol.com.:
> >>> RCPT To:<vkajy13e1h46@aol.com>
><<< 550 MAILBOX NOT FOUND
>550 <vkajy13e1h46@aol.com>... User unknown
>Reporting-MTA: dns; rly-xg02.mx.aol.com
>Arrival-Date: Fri, 5 Sep 2003 20:28:04 -0400 (EDT)
>
>Final-Recipient: RFC822; vkajy13e1h46@aol.com
>Action: failed
>Status: 5.1.1
>Remote-MTA: DNS; air-xg03.mail.aol.com
>Diagnostic-Code: SMTP; 550 MAILBOX NOT FOUND
>Last-Attempt-Date: Fri, 5 Sep 2003 20:28:36 -0400 (EDT)
>Received: from MAIL ([202.184.83.2]) by rly-xg02.mx.aol.com (v95.1)
>with
>ESMTP id MAILRELAYINXG210-4563f5929ff14f; Fri, 05 Sep 2003 20:27:49 -0400
>From: <mynic-users-outgoing@mail.mynic.net.my>
>To: <vkajy13e1h46@aol.com>
>Subject: Re: Wicked screensaver
>Date: Sat, 6 Sep 2003 8:31:51 +0800
>X-MailScanner: Found to be clean
>Importance: Normal
>X-Mailer: Microsoft Outlook Express 6.00.2600.0000
>X-MSMail-Priority: Normal
>X-Priority: 3 (Normal)
>MIME-Version: 1.0
>Content-Type: multipart/mixed;
> boundary="_NextPart_000_0003B49B"
>X-AOL-IP: 202.184.83.2
>X-AOL-SCOLL-SCORE: 0:XXX:XX
>X-AOL-SCOLL-URL_COUNT: 0
>Message-ID: <200309052028.4563f5929ff14f@rly-xg02.mx.aol.com>

this is sobig.f the mass mailing spoofing worm/virus I can tell by the subject. i have recieved similar emails, and I don't even run windows. The virus/worm spoof addresses it find on the infected persons computer.

[bootNumlock]

i got some of the sobigs from me to me...i got a real kick out of that one...

yea, I am just glad they aren't really from me, however it make it hard to trackdown who really is infected.

[bootNumlock]

oh, i am positive it was one of my, let's say, not so tech savvy clients--or parents from the school my kids attend

i even hooked all the parents up with symantec as part of a scholastic licensing thing that they offered--they just don't update their definitions like i told them---ugh!

AVG from grisoft is also great, and it does a nice auto update and warns when out of date.

www.grisoft.com also it is free work far better than mcafee any day of the week.

[jetzkr8]

Upon further examination of the header info, I agthered it's this virus thingy. Anyway Symantec reports no problems as far as my PC is concerned, so maybe it's some old stuff etc.
Thanks guys, for the trouble you took to provide more info.

basically it means someone has you in their address book and got infected and it sending out the virus as you, I know it is pain.

[Garreg]

Landiserve is right..... and I'm sick of the damn things.... nice to know so many people have me in their address book , pain I keep getting the bounced things back !