Re: Hacked e-mail

2016-07-30 Thread Steinar Pedersen 

> Message-id: <659fcc7d9c4872f12d2861e99ddfb...@verizon.net>
> Date: Fri, 29 Jul 2016 22:38:07 +0200
> From: =?windows-1251?B?0eDi5evo6SDI5+7y7uLo9w==?= 
> To: 
> Subject: =?windows-1251?B?zeAg4uD45SDw5ef+7OUg7eDp5OXt4CDu8uvo?=
>  =?windows-1251?B?9+3g/yDi4Org7fHo/y4=?=
>
> Your message cannot be delivered to the following recipients:
>
> Recipient address: tigrul...@bigmir.net
> Reason: Remote SMTP server has rejected address
> Diagnostic code: smtp;550 Mailbox is frozen. See http://mail.bigmir.net/err/3/
> Remote system: dns;mx5.bigmir.net
> (TCP|206.46.173.25|49115|213.186.116.118|25) (e0-u.tchkcdn.com ESMTP Exim
> 4.80.1 Fri, 29 Jul 2016 23:38:16 +0300)

Ok - so it is confirmed:

Your wife is a victim of Joe Job:
https://en.wikipedia.org/wiki/Joe_job

The non-deliverance messages she is receiving is due to badly configured mail
servers - the problem with the mail servers is called 'backscatter':
https://en.wikipedia.org/wiki/Backscatter_(email)

Ypur wife's account is not hacked.

-- 
Regards
Steinar Pedersen 



Current version is 7.1 | 'Using TBUDL' information:
http://www.silverstones.com/thebat/TBUDLInfo.html

Re: Hacked e-mail

2016-07-29 Thread Leonard S. Berkowitz 
On Friday, July 29, 2016, 6:24:54 PM, you (tbudl@thebat.dutaint.com) wrote:

> Please, if you can post one of these undeliverable notices here, we would be
> able to confirm.


Return-path: <>
Received: from process-daemon.vms173025.mailsrvcs.net by
 vms173025.mailsrvcs.net
 (Oracle Communications Messaging Server 7.0.5.32.0 64bit (built Jul 16 2014))
 id <0ob300l00dgl0...@vms173025.mailsrvcs.net> for cxx...@verizon.net;
 Fri, 29 Jul 2016 15:38:16 -0500 (CDT)
Received: from vms173025.mailsrvcs.net
 (Oracle Communications Messaging Server 7.0.5.32.0 64bit (built Jul 16 2014))
 id <0ob300411fzru...@vms173025.mailsrvcs.net>; Fri,
 29 Jul 2016 15:38:16 -0500 (CDT)
Received: for 
Date: Fri, 29 Jul 2016 15:38:16 -0500 (CDT)
From: postmas...@verizon.net
Subject: Delivery Notification: Delivery has failed
In-reply-to: <659fcc7d9c4872f12d2861e99ddfb...@verizon.net>
To: cxx...@verizon.net
Message-id: <0ob300413fzsu...@vms173025.mailsrvcs.net>
MIME-version: 1.0
Content-type: multipart/report; report-type=delivery-status;
 boundary="Boundary_(ID_w2nkB6lnd+sMoetH2/SyoQ)"
References: <659fcc7d9c4872f12d2861e99ddfb...@verizon.net>
Original-recipient: rfc822;cxx...@verizon.net



This report relates to a message you sent with the following header fields:

  Message-id: <659fcc7d9c4872f12d2861e99ddfb...@verizon.net>
  Date: Fri, 29 Jul 2016 22:38:07 +0200
  From: =?windows-1251?B?0eDi5evo6SDI5+7y7uLo9w==?= 
  To: 
  Subject: =?windows-1251?B?zeAg4uD45SDw5ef+7OUg7eDp5OXt4CDu8uvo?=
=?windows-1251?B?9+3g/yDi4Org7fHo/y4=?=

Your message cannot be delivered to the following recipients:

  Recipient address: tigrul...@bigmir.net
  Reason: Remote SMTP server has rejected address
  Diagnostic code: smtp;550 Mailbox is frozen. See http://mail.bigmir.net/err/3/
  Remote system: dns;mx5.bigmir.net 
(TCP|206.46.173.25|49115|213.186.116.118|25) (e0-u.tchkcdn.com ESMTP Exim 
4.80.1 Fri, 29 Jul 2016 23:38:16 +0300)

-- 
Leonard S. Berkowitz


Using The Bat! v5.2.2 on Windows 6.2 Build 9200 



Current version is 7.1 | 'Using TBUDL' information:
http://www.silverstones.com/thebat/TBUDLInfo.html

Re: Hacked e-mail

2016-07-29 Thread Steinar Pedersen 
> My wife's e-mail account has been hacked. We know this only because
> several undeliverable notices are coming in. The messages are in
> Russian or Ukranian. How do we know this? Google translate.

Likely, your wife is experiencing a so-called Joe Job - a spammer sending
spam using your wife's address as Sender (From:). It's bothersome, but has no
real harm: https://en.wikipedia.org/wiki/Joe_job

Please, if you can post one of these undeliverable notices here, we would be
able to confirm.

-- 
Regards
Steinar Pedersen 



Current version is 7.1 | 'Using TBUDL' information:
http://www.silverstones.com/thebat/TBUDLInfo.html

Re: Hacked e-mail

2016-07-29 Thread Leonard S. Berkowitz 
On Friday, July 29, 2016, 5:05:28 PM, you (tbudl@thebat.dutaint.com) wrote:

> Yes, change the password.  If desktop computers, as opposed to mobile 
> devices, are involved, I'd run a Malwarebytes scan.  I don't know what
> one does when a mobile device is potentially infected, as I haven't had
> that happen.  I've been hacked before on AOL mail and changed the 
> password.  As an aside, I was about to give up on using antivirus 
> software on our desktop computers, as they are invasive. Instead, I got
> 360 Total Security and am very satisfied.

Thank you. I will try this.
-- 
Leonard S. Berkowitz


Using The Bat! v5.2.2 on Windows 6.2 Build 9200 



Current version is 7.1 | 'Using TBUDL' information:
http://www.silverstones.com/thebat/TBUDLInfo.html

Re: Hacked e-mail

2016-07-29 Thread Robert Braver 
On Friday, July 29, 2016, 3:53:49 PM, Leonard wrote:

LSB> My wife's e-mail account has been hacked. We know this only because
LSB> several undeliverable notices are coming in. The messages are in
LSB> Russian or Ukranian. How do we know this? Google translate.

LSB> How do we stop this? Change the password on the account? Or are there
LSB> other steps to take. This has never happened to us before.

>From  what  you  describe,  it's  possible that your email address was
simply spoofed as the 'from' address in a spam or malware blast.

If  your  account  was  hacked,  you'd expect to see bounces from your
usual  mail  server.   Because  you  are seeing only NDNs from foreign
servers, that suggests that your email address was spoofed on messages
that  were  sent from somewhere else, and you got the few bounces from
poorly configured mail servers that accept-then-bounce.

To  be  sure, simply drill in to the NDNs you received.  You should be
able  to  see  full  headers  of  the original messages, and that will
quickly  reveal  whether the messages came through your mail server or
from somewhere else (likely some compromised machine or botnet).

-- 
Best regards,
 Robert Braver
 rbra...@ohww.norman.ok.us



Current version is 7.1 | 'Using TBUDL' information:
http://www.silverstones.com/thebat/TBUDLInfo.html

Re: Hacked e-mail

2016-07-29 Thread Lore Galore 

On 7/29/2016 1:53 PM, Leonard S. Berkowitz wrote:

My wife's e-mail account has been hacked. We know this only because
several undeliverable notices are coming in. The messages are in
Russian or Ukranian. How do we know this? Google translate.

How do we stop this? Change the password on the account? Or are there
other steps to take. This has never happened to us before.

Thanks.

Yes, change the password.  If desktop computers, as opposed to mobile 
devices, are involved, I'd run a Malwarebytes scan.  I don't know what 
one does when a mobile device is potentially infected, as I haven't had 
that happen.  I've been hacked before on AOL mail and changed the 
password.  As an aside, I was about to give up on using antivirus 
software on our desktop computers, as they are invasive. Instead, I got 
360 Total Security and am very satisfied.


--
Best Regards,
 Lore Galore

Secure Email   Voir Dire
 http://fastmail.newsbeans.co   http://fija.org

 Using The Bat! v7.1.18 on Windows 6.3 Build 9600


Current version is 7.1 | 'Using TBUDL' information:
http://www.silverstones.com/thebat/TBUDLInfo.html