What the hell is this?

[murphy55d]

Ok I know this should be in software but nobody hardly reads that forum..so what is going on here? Do I have a virus/trojan of some kind..? I ran Norton with updated definitions but nothing came up. I went to this hanmail.net and it is some kind of Asian MSN/Yahoo site, or some crap.

What's going on here?

FROM: Mail Delivery Subsystem [MAILER-DAEMON@rmail-118.hanmail.net]
SUBJECT: Returned mail: see transcript for details
The original message was received at Sat, 12 Jul 2003 05:52:27 +0900 from [209.225.8.33]

----- The following addresses had permanent fatal errors ----- <sdf98@hanmail.net>
(reason: 552 5.2.2 sdf98: mbox is over quota)

----- Transcript of session follows -----
... while talking to www36.daum.net:
>>> DATA
<<< 552 5.2.2 sdf98: mbox is over quota
554 5.0.0 Service unavailable (sdf98: mbox is over quota)

----- Original message follows -----

Return-Path: <murphy55d@charter.net>
Received: from remt23.cluster1.charter.net ([209.225.8.33])
by rmail-118.hanmail.net (8.12.9/8.9.1) with ESMTP id h6BKqFG9014282
for <sdf98@hanmail.net>; Sat, 12 Jul 2003 05:52:27 +0900
X-Hanmail-Peer-IP: 209.225.8.33
Received: from [24.159.6.49] (HELO desktop)
by remt23.cluster1.charter.net (CommuniGate Pro SMTP 4.0.6)
with ESMTP id 89708978 for sdf98@hanmail.net; Fri, 11 Jul 2003 16:52:08 -0400
From: "Matt Barry" <murphy55d@charter.net>
To: "=?Windows-1252?B?J8Dlua689ic=?=" <sdf98@hanmail.net>
Subject: =?Windows-1252?B?Tm90IHJlYWQ6ICixpLDtKcD8yK23ziDB8bHitMIgMToxILj0t6EgtQ==?=
=?Windows-1252?B?pcDMxq4hQA==?=
Date: Fri, 11 Jul 2003 16:51:57 -0400
Message-ID: <006401c347ee$4cf132d0$b000a8c0@desktop>
MIME-Version: 1.0
Content-Type: application/ms-tnef;
name="winmail.dat"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="winmail.dat"
X-Mailer: Microsoft Outlook, Build 10.0.4024
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
X-MS-TNEF-Correlator: 00000000C022A0D5BFAB3D4E9245F8F011412B02E4B92000

eJ8+IgsUAQaQCAAEAAAAAAABAAEAAQeQBgAIAAAA5AQAAAAAAADoAAEIgAcAFwAAAFJFUE9S
eJ8+VC5J
UE0uTm90ZS5JUE5OUk4AtwYBCoABACEAAABGRjBGOEE4NDdGQURDRTRBOTI5OUI4MzIzNEIxRDU4
OABlBwEDkAYAcAMAABoAAAALACMAAAAAAAsAKQAAAAAAQAAyAJCRFBruR8MBHgBJAAEAAAAmAAAA
KLGksO0pwPzIrbfOIMHxseK0wiAxOjEguPS3oSC1pcDMxq4hQAAAAAIBTAABAAAANgAAAAAAAACB
Kx+kvqMQGZ1uAN0BD1QCAAABAMDlua689gBTTVRQAHNkZjk4QGhhbm1haWwubmV0AAAAQABO
Kx+AIBQ
1zZCR8MBQABVAAAoQBdCR8MBHgBwAAEAAAAmAAAAKLGksO0pwPzIrbfOIMHxseK0wiAxOjEguPS3
oSC1pcDMxq4hQAAAAAIBcQABAAAAFgAAAAHDR+4aFj89ckPgAkPThXmo4pri2W4AAB4AcgAB
oSC1pcDMxq4hQAAAAAIBcQABAAAAFgAAAAHDR+AAAA
AQAAAAAAAAAeAHMAAQAAAAEAAAAAAAAAHgB0AAEAAAAWAAAAbXVycGh5NTVkQGNoYXJ0ZXIubmV0
AAAACwAIDAAAAAACAR0MAQAAABsAAABTTVRQOk1VUlBIWTU1REBDSEFSVEVSLk5FVAAACwABDgEA
AAADABQOAAAAAB4AKA4BAAAAMAAAADAwMDAwMDAyAW11cnBoeTU1ZEBjaGFydGVyLm5ldAFtYWls
LmNoYXJ0ZXIubmV0AB4AKQ4BAAAAMAAAADAwMDAwMDAyAW11cnBoeTU1ZEBjaGFydGVyLm5ldAFt
YWlsLmNoYXJ0ZXIubmV0AB4AARABAAAAGQAAAE1lc3NhZ2Ugd2FzIG5vdCByZWFkIGJ5OgAAAAAC
AfgPAQAAABAAAADAIqDVv6s9TpJF+PARQSsCAgH6DwEAAAAQAAAAwCKg1b+rPU6SRfjwEUEr
AfgPAQAAABAAAADAIqDVv6s9TpJF+PARQSsCAgH6DwEAAAAQAAAAwCKg1b+AgIB
+w8BAAAAkgAAAAAAAAA4obsQBeUQGqG7CAArKlbCAABtc3BzdC5kbGwAAAAAAE5JVEH5v7gB
+AKoA
N9luAAAAQzpcRG9jdW1lbnRzIGFuZCBTZXR0aW5nc1xNYXR0XExvY2FsIFNldHRpbmdzXEFwcGxp
Y2F0aW9uIERhdGFcTWljcm9zb2Z0XE91dGxvb2tcT3V0bG9vay5wc3QAAAADAP4PBQAAAAMADTT9
NwIAAgEUNAEAAAAQAAAATklUQfm/uAEAqgA32W4AAAIBfwABAAAAMQAAADAwMDAwMDAwQzAyMkEw
RDVCRkFCM0Q0RTkyNDVGOEYwMTE0MTJCMDJFNEI5MjAwMAAAAABq6A==

 

[Quixfire]

That's not true, I read software forum everyday.

With that said, I think it was a virus that your e-mail server stripped.

 

[murphy55d]

Well it appears I sent the email..(murphy55d@charter.net being my email)... and the email bounced as whoever this person is has a full mailbox... is there something I can do about this?

 

[Quixfire]

Can you mark it urgent?

I don't think there is much you can do if your friend has a full inbox.

 

[kranky]

Someone out there is infected with a virus which spreads via email. The virus made it look like the email came from you (but it didn't). When the virus sent an email trying to infect someone else, it bounced. Since it appeared to come from you, that's why you received the bounced email.

It's pretty common with viruses to spoof the "return-path" in the header.

 

[Quixfire]

Originally posted by: kranky
Someone out there is infected with a virus which spreads via email. The virus made it look like the email came from you (but it didn't). When the virus sent an email trying to infect someone else, it bounced. Since it appeared to come from you, that's why you received the bounced email.

It's pretty common with viruses to spoof the "return-path" in the header.

Thanks for the answer.

 

[ndee]

well, it's so easy to send fake emails. They put a fake from address in there, and the mail will return to you.

 

[guyver01]

----- The following addresses had permanent fatal errors ----- <sdf98@hanmail.net>
(reason: 552 5.2.2 sdf98: mbox is over quota)


mailbox over quota.

someone either has it set to 'leave messages on server' ... or doesn't know how to check email regularly.... or is getting tons of virus email



forward the message to their email admin.... probably mailadmin@hanmail.net ... they'll take care of it.

 

[murphy55d]

No no you guys are missing it..I don't know whoever this hanmail person is. I assumed it was some sort of spam address. Sorry if I didn't make that clear.

kranky, so what you are saying is that someone has some virus, and my email was spoofed, making it LOOK like I sent an email to this hanmail dude? So I don't actually have this virus? Do I need to do anything? How the fsck did my email get involved at all?

 

[NogginBoink]

Okay, let's start with the real obvious:

-Either your computer sent the email, or it didn't.

Now, if a virus/trojan were sending email from your computer using its own SMTP engine, it would be an unnecessary burden on the virus author to get your email address and put your authentic email address in an email it was sending. While possible, that scenario is unlikely.

If a virus/trojan were sending email from your computer using your already installed email client(s), then your email client would automatically put your email address as the return address on the email. Your email client would also save a copy of the email in your sent items folder (unless the malware author also deletes from sent items when done). Check your sent items folder.

In either case, you'd have malware on your machine and a virus/spyware scan is warranted. You could also do a network trace to see if your machine is sending emails.

It is, however, quite likely it was a spoofed email with your address as the return address.

 

[murphy55d]

Nothing in my sent box and as I said, Norton didn't find anything when it scanned. So it's just a spoof then, most likely.

alrighty, thanks much guys.