Your forum username:
Do you already have an account?
Forgot your password?
  • Log in or Sign up


    Welcome to Sky User - The Unofficial Support Forum for everything Sky! - Proudly helping over 65k members.


    Advertisement

    Results 1 to 8 of 8

    Have i been hacked?

    This is a discussion on Have i been hacked? within the Sky Email and Portal Log-in forums, part of the Sky Broadband help and support category; Hi again. I've just come back from a long weekend away and found this returned mail in my inbox: This ...

    1. #1
      wendythegoat's Avatar
      wendythegoat is offline Sky User Member
      Exchange: Gravesend, Kent
      Broadband ISP: Max
      Router:
      Sky TV:
      Join Date
      Apr 2007
      Posts
      9
      Thanks
      0
      Thanked 0 Times in 0 Posts

      Have i been hacked?

      Hi again.
      I've just come back from a long weekend away and found this returned mail in my inbox:

      This message was created automatically by mail delivery software.

      A message that you sent could not be delivered to one or more of its
      recipients. This is a permanent error. The following address(es) failed:

      biolawal_2000@yahoo.com
      Unknown user
      biolawuyi@yahoo.com
      Unknown user
      biolboy@yahoo.com
      Unknown user
      biolee84@yahoo.com
      Unknown user
      bioletagonzalez@yahoo.com
      Unknown user

      ------ This is a copy of the message, including all the headers. ------

      Return-path: <******@sky.com>
      Received: from 5ac63826.bb.sky.com ([90.198.56.38] helo=aristotle.net)
      by read7 with smtp (Exim 4.62)
      (envelope-from <*****@sky.com>)
      id 1HcT6i-0001d4-Ay; Fri, 13 Apr 2007 22:15:01 +0100
      Received: from nobody by usa.net with local (Exim 4.52) id injgkb-000may-fr; Sat, 14 Apr 2007 22:15:01 +0100
      To: biolawal_2000@yahoo.com,biolawuyi@ya...ez@yah oo.com
      Subject: Magic in a bottle i
      From: ****** <******@sky.com>
      Date: Sat, 14 Apr 2007 22:15:01 +0100
      MIME-Version: 1.0
      Content-type: text/plain; charset=iso-8859-1
      Content-transfer-encoding: 8bit
      X-Priority: 1
      X-MSMail-Priority: Normal
      X-Mailer: Microsoft CDO for Exchange 2000
      X-MimeOLE: Produced By phpBB2
      X-AntiAbuse: Board servername - brainerd.net
      X-AntiAbuse: Username - teipxi
      X-AntiAbuse: Originator/Caller UID/GID - [41 29] / [29 76]
      X-AntiAbuse: Original Domain - yahoo.com
      X-AntiAbuse: Primary Hostname - genevaonline.com
      X-AntiAbuse: User_id - 9030
      X-AntiAbuse: Sender Address Domain - talk21.com
      X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
      X-Source: qxhk
      X-Source-Args:
      X-Source-Dir:
      Message-Id: <E1HcT6i-0001d4-Ay@read7>
      X-Spam_score: 9.9
      X-Spam_score_int: 99
      X-Spam_bar: +++++++++
      X-Spam_report: Spam detection software, running on the system "read7", has
      identified this incoming email as possible spam. The original message
      has been attached to this so you can view it (if it isn't spam) or label
      similar future email. If you have any questions, see
      isp-abuse@sky.com for details.
      Content preview: Lenghten yer rocket up to three extra incheesInches ! We
      assure you 100% Satisfaction, or Your Money Back!!!
      Man-XL - Rated No.1 Penis Enlargement Pills vend opel sprung squibb turret ceres ida
      . [...]
      Content analysis details: (9.9 points, 5.0 required)
      pts rule name description
      ---- ---------------------- --------------------------------------------------
      0.1 X_PRIORITY_HIGH Sent with 'X-Priority' set to high
      0.9 MSGID_FROM_MTA_ID Message-Id for external message added locally
      2.1 DATE_IN_FUTURE_24_48 Date: is 24 to 48 hours after Received: date
      0.8 SUSPICIOUS_RECIPS Similar addresses in recipient list
      2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address
      [90.198.56.38 listed in dnsbl.sorbs.net]
      0.9 DNS_FROM_RFC_WHOIS RBL: Envelope sender in whois.rfc-ignorant.org
      1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
      [Blocked - see <http://www.spamcop.net/bl.shtml?90.198.56.38>]
      1.7 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local SMTP
      [90.198.56.38 listed in combined.njabl.org]
      X-ACL-Warn: Spam scan


      Lenghten yer rocket up to three extra incheesInches !

      We assure you 100% Satisfaction, or Your Money Back!!!
      Man-XL - Rated No.1 Penis Enlargement Pills

      vend
      opel
      sprung
      squibb
      turret
      ceres
      ida
      .
      (Obviously i've removed my email address) I've only been with sky a week!


    2. Advertisement
    3. #2
      Alan b's Avatar
      Alan b is offline Sky User Member
      Exchange:
      Broadband ISP: Unlimited
      Router: Netgear V2 DG934G
      Sky TV: 2 x Sky+ HD
      Join Date
      Sep 2006
      Posts
      4,206
      Thanks
      18
      Thanked 58 Times in 54 Posts

      Re: Have i been hacked?

      It looks like spam to me. I wouldn't worry to much about it, these spammers guess email addresses so that might explain why you have one already.

    4. #3
      wendythegoat's Avatar
      wendythegoat is offline Sky User Member
      Exchange: Gravesend, Kent
      Broadband ISP: Max
      Router:
      Sky TV:
      Join Date
      Apr 2007
      Posts
      9
      Thanks
      0
      Thanked 0 Times in 0 Posts

      Re: Have i been hacked?

      Thats what i thought but it appears to have been sent from my email address. How is that possible?

    5. #4
      Saturday's Avatar
      Saturday is offline Sky User Super Mod
      Exchange:
      Broadband ISP: Sky Broadband Unlimited Pro
      Router: Sky Hub SR102
      Sky TV: Sky+HD box
      Join Date
      Sep 2006
      Posts
      6,091
      Thanks
      20
      Thanked 53 Times in 48 Posts

      Re: Have i been hacked?

      Most email programs will let you send as though from any account you want - Bill Gates, the Pope etc. Spammers do this because they don't want to get all the rejections and to make their spam look more legitimate and possibly get past spam filters. An examination of the headers will usually reveal that this has been done.

      They have simply chosen your email address as the sender address (no doubt one amongst many tens or hundreds of thousands). Normally they'll just use it for a few thousand emails before dropping it.

      It's very aggravating but there's not a lot you can do about it. Don't worry - your address won't end up blacklisted.

    6. #5
      wendythegoat's Avatar
      wendythegoat is offline Sky User Member
      Exchange: Gravesend, Kent
      Broadband ISP: Max
      Router:
      Sky TV:
      Join Date
      Apr 2007
      Posts
      9
      Thanks
      0
      Thanked 0 Times in 0 Posts

      Re: Have i been hacked?

      Ahh i see. Thanks for explaining it for me.
      Had me worried as i've had a few email addresses hacked in the past.

    7. #6
      phoe's Avatar
      phoe is offline Sky User Member
      Exchange: Stoneycroft
      Broadband ISP: Max
      Router:
      Sky TV:
      Join Date
      Mar 2007
      Location
      Liverpool
      Posts
      48
      Thanks
      0
      Thanked 0 Times in 0 Posts

      Re: Have i been hacked?

      Almost certainly standard spam - just about everything in the header can be forged with the exception of the "received:" lines. I'm not an expert on the subject but i've put a small tutorial about spam and phishing on my site over at "Phishing"

      One small note I should add is that some AV programs (Kaspersky mainly, but there may be others) wrongly identify the page as being potentially malicious, as I give an example of how a link can disguise the true location of the website it will send you to.

      I did email them and let them know of the false positive, but they're probably best leaving it at as is for the sake of potentially missing real malicious html.

    8. #7
      phoe's Avatar
      phoe is offline Sky User Member
      Exchange: Stoneycroft
      Broadband ISP: Max
      Router:
      Sky TV:
      Join Date
      Mar 2007
      Location
      Liverpool
      Posts
      48
      Thanks
      0
      Thanked 0 Times in 0 Posts

      Re: Have i been hacked?

      Incidentally, the way the forum software "hides" the URL in my previous reply is my point in question - it shows "Phishing" as against the true location of the link it refers to.

    9. #8
      fly4fun's Avatar
      fly4fun is offline Sky User Member
      Exchange:
      Broadband ISP: Base
      Router:
      Sky TV:
      Join Date
      Sep 2006
      Location
      On the Eastenders Map
      Posts
      36
      Thanks
      0
      Thanked 0 Times in 0 Posts

      Re: Have i been hacked?

      Quote Originally Posted by phoe View Post

      One small note I should add is that some AV programs (Kaspersky mainly, but there may be others) wrongly identify the page as being potentially malicious, as I give an example of how a link can disguise the true location of the website it will send you to.

      I did email them and let them know of the false positive, but they're probably best leaving it at as is for the sake of potentially missing real malicious html.
      Zone Alarm has come up with a trojan spy virus. Scary!
      Protect the environment - stop having children.

     

     

    Tags for this Thread

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •  
    SkyUser - Copyright © 2006-2020. SatDish and NewsreadeR | SkyUser is in no way affiliated with Sky Broadband / BSkyB
    RIPA NOTICE: NO CONSENT IS GIVEN FOR INTERCEPTION OF PAGE TRANSMISSION