dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
619
satwilson
join:2014-05-09

satwilson

Member

WOW Lawrence Ks email virus problems

A week ago I received an email from what looked like from UPS saying they were rescheduling my package delivery, cool I was expecting a package, details in an attachment. I know attachments in emails can be bad news but it really looked legit. I clicked on attachment and BOOM, huge virus(Zeus), crashed boot file, had to re-image my hard drive from my W7 complete system image backup I make monthly. A closer look at the email showed 12 other "recipients" of the same email, anyway, my bad. I told WOW about it and they expressed "sorry", etc. Yesterday I received another bogus email with attachment, not addressed to me but someone else @ sunflower.com.(WOW bought sunflower and manages their email accounts). The To: was not me! I am starting to wonder if WOW's server is corrupted. I told WOW about my new issue however they seemed unconcerned. Any idea what might be going on?

parkut
Crunch Addict
MVM
join:2001-12-15
Clinton Township, MI

parkut

MVM

Likely, a spammer blind carbon copied you. If you are bored, you might read the message headers to see more about the spammer, and their targets.

As you already discovered, it's best not to assume links are valid and click on them. There are some nasty viruses and trojans out there.

NormanS
I gave her time to steal my mind away
MVM
join:2001-02-14
San Jose, CA
TP-Link TD-8616
Asus RT-AC66U B1
Netgear FR114P

NormanS to satwilson

MVM

to satwilson
said by satwilson:

Yesterday I received another bogus email with attachment, not addressed to me but someone else @ sunflower.com.(WOW bought sunflower and manages their email accounts). The To: was not me! I am starting to wonder if WOW's server is corrupted.

I serious doubt it. Mail servers only deliver email to the recipient listed in the SMTP "RCPT TO:" argument. This is not necessarily the same as the visible "To:" header:
Received: from c.mail.sonic.net (c.mail.sonic.net [64.142.111.80])
     by flph384.prodigy.net (8.14.4 IN/8.14.4) with ESMTP id s41BEAuJ010760
     for <**********@pacbell.net>; Thu, 1 May 2014 04:14:11 -0700
Received: from Miyuki.aosake.net (reki.aosake.net [173.228.7.217])
     (authenticated bits=0)
     by c.mail.sonic.net (8.14.4/8.14.4) with ESMTP id s41BE6oi031683
     (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT);
     Thu, 1 May 2014 04:14:07 -0700
Message-ID: <53622C7A.7040304@Miyuki.aosake.net>
Date: Thu, 01 May 2014 04:14:02 -0700
From: "NormanS" <**********@gmail.com>
Organization: PDR
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: **********@fastmail.jp
 

Pay attention to the "for" email address ("**********@pacbell.net"), vs. the "To:" email address ("**********@fastmail.jp"). 'Pacbell.net' is an AT&T domain, which is handled by Yahoo! servers. Yahoo! actually stamps the SMTP "RCPT TO:" value at the top of their headers, thus:
X-Apparently-To: **********@pacbell.net via 98.138.213.211; Thu, 01 May 2014 11:14:12 +0000
 

I sent the email with the above headers with "To:" set to the 'fastmail.jp' domain, and "Bcc:" set to the 'pacbell.net' domain. "Bcc:" recipients are suppressed; which is the whole purpose of "Bcc:".
devolved
join:2012-07-11
Rapid City, SD

devolved to satwilson

Member

to satwilson
WOW mail has built in spam settings, on the left under "WebApp" there is a "WOW! SPAM Settings" link. Double click that, and set your filter to "Medium".