Mail Delivery Failure

[Bigaldoc]

Looks like I've been stung by someone's infected or pirated machine. Yesterday I started getting "Mail Delivery Failure" emails in droves. Of course, MailWasher catches all of them and marks as spam so all I have to do is delete.

Kinda strange 'cause I'm VERY careful about my "real" email address and usually get little or no spam there. I suppose someone who DOES have my email address has gotten hooked. MSE and MalwareBytes don't report any problems on my machine.

So, I think I remember the sage advice here is that all you can do is wait it out until it stops. Is that the essence of it?

[StuartR]

Unfortunately, that is about it. You can either wait it out, or create a new email address, inform all your contacts, and discard the old address. I wouldn't do this until the spam became intolerable.

[HansV]

Yep, it's very unlikely that your own PC is sending the e-mails, so the PC of someone else who has your e-mail address in their contacts must have been compromised. Sit still and wait is the best you can do, and hope that you don't get blacklisted. It usually peters out after a few days.

[Bigaldoc]

Thanks fellas. Oh boy, I hadn't thought about the possibility of being blacklisted. I hope it stops soon before that happens.

[Bigaldoc]

Maybe 24 hours is their limit in picking on someone. It has already begun to abate. I've only seen a few in the past 6-8 hours. I just hope it wasn't sufficient to get me blacklisted. I'll have to send a few test emails tomorrow or the next day or whatever...

Meanwhile, in the MailWasher Pro's preview window, I checked the "source" code of a number of them. Based on what I believe to be the originating IP address, they seemed to have come from places like Brazil, Colombia and so on.

Life in the fast lane of electronics...

[Bigaldoc]

Oh boy, was I ever wrong on that last post. They're back with a vengeance this morning! Must be due to the "time zone differences."

[westerneagle]

Looks like I've been stung by someone's infected or pirated machine. Yesterday I started getting "Mail Delivery Failure" emails in droves. Of course, MailWasher catches all of them and marks as spam so all I have to do is delete.

Kinda strange 'cause I'm VERY careful about my "real" email address and usually get little or no spam there. I suppose someone who DOES have my email address has gotten hooked. MSE and MalwareBytes don't report any problems on my machine.

So, I think I remember the sage advice here is that all you can do is wait it out until it stops. Is that the essence of it?

Wow, it got me too, with my Hotmail account. I saw it happening right before my eyes!!. I quickly logged out of the account. Then I went back in to change the password and saw it going again. So I went into the account and deleted the account. I waited until the next day and then logged back in.
(Hotmail says if you delete an account, but log back in less than 30 days (I think) then you get the account again.
Anyway it seems to stop.

I did a full scan with Microsoft security and found two Trojans. It removed them.
My question is why did not MSS not find them when I stupidly clicked on the link in my friends email.
It seems to close the door after the fox had gotten into the hen house!!

I only use my hotmail account for 'other' stuff and don't have many contacts in hotmail...but it seemed to be using my Gmail contact list. It sent out about 100 or so email to my contarct. Some already are responding back with "What?" or "hey you been hacked!"

Anyway it seems to be ok now. Now let's see if I have any friends left.....

Mike

[Bigaldoc]

Oh boy, was I ever wrong on that last post. They're back with a vengeance this morning! Must be due to the "time zone differences."

Yesterday afternoon at about 3:30 pm local time, MailWasher Pro had accumulated 130 of those "mail delivery failure" messages, which I of course had told it to delete. I hope it actually DOES delete them on my ISP's server. I stopped counting at that point and for the remainder of the night I just told MW to delete them every time more came in.

Early this morning when I arose, MW showed 30-40 more on screen but when I attempted to delete them and continue, MW was not able to connect with the ISP mail server. Tried that several times without success for about an hour.

I then tried to look at my mail server with web mail and upon trying to login got an "authentication error." Also tried that a few times during the hour, just in case there was a server outage. I had to call ISP's tech support and it appeared to the rep I talked to that his server had "locked" my email account, "probably" because of the hundreds of those failure emails.

He cleared my account, changed the password for me and waited while I also changed it in MY local copy of Thunderbird. I was then able to get back in, delete the failure messages that were sitting there. I have to give the guy credit. He assured me that if it doesn't stop, OR if I get blacklisted by a spam house, he will help me as needed.

Now, I don't understand how changing my password helped but that's been an hour ago and frequent checks, there's no more of the failure messages. I don't understand how an INCOMING email would be dependent on knowing my password just to get on the server. MYT FINGERS ARE CROSSED !!!

[westerneagle]

Oh boy, was I ever wrong on that last post. They're back with a vengeance this morning! Must be due to the "time zone differences."

Yesterday afternoon at about 3:30 pm local time, MailWasher Pro had accumulated 130 of those "mail delivery failure" messages,

This is how it happen with me.
A friend sent me an email to my gmail account. He is of course 'trusted' and I clicked on 'his' included 'link'. Nothing happened, but then a window came up asking me to sign in to my MSN Messenger account. (which I never use.) So...I thought his link (trusted of course) had something to do with that. So....I logged on. Nothing happened....

Now, I become suspicious..... Nothing is going on with gmail. I click over to my Hotmail tap, which has been logged on, and the "mail deliver failure" post are pouring in. Each post has a one of my contacts in them. (it seemed to be using my gmail contact list)

I knew what was happening....I logged off the hotmail account. I then started a Full scan with Microsoft Security.

I logged back on to Hotmail and they were still pouring in....I changed the password and then logged off again.
I then logged back on...(yes still coming) and then I decided to deleted the whole account with Hotmail.

The next day I found that MS had removed two Trojans. Which I assume got there when I click on the 'Link"

I went back to Hotmail and logged back in to my account. (Even though I had deleted it, if you log back in within a few days, it is still there)
All seemed to be quite. Looking at the in box, it had pumped out about 100 or so emails to my contacts.
I let it set a few min. to see what would happen. All ok.
I guess closing the account and also using a new Password, seemed to put a stop to it!

I used to leave Hotmail in a tab and logged on....but for awhile, I think I will only log on for a few mins at a time....Ha!

When you think of how many emails that this thing can generate, it helped me to see how fast these things can grow and spread all over the world. We are so inter-connected.

So Al, even though you were using MailWasher, did the email still go out to your contacts?

Oh....are not computers fun

[Bigaldoc]

Mike, my situation is very different from yours I think.

NO EMAILS were sent by me, either from Thunderbird OR web mail. (I just checked all the folders in web mail, just to be sure.)

I suspect that "someone" with whom I DO correspond, either did the terrible act of FORWARDING one or more emails like people tend to do when they get these cute, funny, political or whatever crap emails. If someone who has MY email address forwards an email and someone, somewhere along the way has a compromised machine, that exposes ALL the addresses in the forward to harvesting by bad guys on the web.

If not the above, then someone with whom I do correspond has a compromised machine and my email address got harvested from his/her machine's address book. There's no way to tell as far as I know.

I have FREQUENTLY "begged" people I know NOT to EVER forward an email, AND make sure they have a good AV and malware program(s) active to protect their computer. Some people, unfortunately, just don't "get it !!!"

[Timelord]

It may also be that they 'guessed' your email address. Spammers will frequently spoof email addresses as the 'From:'. Here is a blog about how one person beat spam: http://www.thisistrue.com/blog-how_i_beat_spam.html" onclick="window.open(this.href);return false;. And this following site I have sent family to read: http://www.spamprimer.com/" onclick="window.open(this.href);return false;

[westerneagle]

It may also be that they 'guessed' your email address. Spammers will frequently spoof email addresses as the 'From:'. Here is a blog about how one person beat spam: http://www.thisistrue.com/blog-how_i_beat_spam.html" onclick="window.open(this.href);return false;. And this following site I have sent family to read: http://www.spamprimer.com/" onclick="window.open(this.href);return false;

Interesting reading....I agree Gmail is GREAT in stopping spam, very rarely do I get spam.

Also, I have a 'few' emails and use them when a web site calls for one and etc. Hence my main address (which I have had for a long time) is fairly clean, although Gmail does stop about 20 or so a day from geting into my main mail box.

In the above case, what got the whole thing going was that I purposely clicked on a link that I though was from a trusted source. I am usually pretty good at picking out 'bad' links but this one got me!

Thanks for the information.