Friends--

Don't know where to post this question, and I know several of you are knowledgeable about such matters.

Every once in a while I have been getting emails that have a recognizable name in the from line. Usually they are not my friend's email address. (For instance, their usual address is comcast.net and this one comes from noname.tv.)

Today I got one that is from the person's real email address and there is to: (not sure how I even got a copy, unless as a bcc) naming someone else who is someone I know, with their correct email address. I am pretty sure these two people do not know each other.

The entire text of the email reads: "wow this is pretty crazy you should look into it http://www.local9newsia.net/work/?alert=25026"

Googling this local9 etc seems to be a current hacker out there, but nobody is reporting on it.

So I am wondering if I have been hacked? I do not store my address book anyplace online. I use Thunderbird 15.0.1, CompuServe imap for incoming mail, Comcast smtp for outgoing.

How can I check this out?

Thanks!

Friends--

Don't know where to post this question, and I know several of you are knowledgeable about such matters.

Every once in a while I have been getting emails that have a recognizable name in the from line. Usually they are not my friend's email address. (For instance, their usual address is comcast.net and this one comes from noname.tv.)

Today I got one that is from the person's real email address and there is to: (not sure how I even got a copy, unless as a bcc) naming someone else who is someone I know, with their correct email address. I am pretty sure these two people do not know each other.

The entire text of the email reads: "wow this is pretty crazy you should look into it http://www.local9newsia.net/work/?alert=25026"

Googling this local9 etc seems to be a current hacker out there, but nobody is reporting on it.

So I am wondering if I have been hacked? I do not store my address book anyplace online. I use Thunderbird 15.0.1, CompuServe imap for incoming mail, Comcast smtp for outgoing.

How can I check this out?

Thanks!
Doug,
I won't try to give a specific answer.

But in general it is not uncommon for worms to infect people's computers and mine names and email addresses out of their email programs, in order to use such info to spread spam and/or malware.

In addition to that, it is more or less a routine matter for bad guys to forge arbitrary names and addresses in emails. Unlike the old fidonet (which I never used), the internet email protocols were not designed to be particularly secure as far as authentication of senders goes, etc.

From what you have said, if I were in your situation I would not be particularly concerned as long as I had not clicked any links in the msg.

I assume you are still using Linux, so I can't make any general suggestions on further action to take, if any.

David--

Thanks.

Yes, I am still using Linux.

Perhaps they have a door into Linux from the Thunderbird program which is cross platform.

David--

Thanks.

Yes, I am still using Linux.

Perhaps they have a door into Linux from the Thunderbird program which is cross platform.
Doug,
As far as I can tell, what you have described is merely some kind of spoofing, not a malware infection, not evidence that anyone has accessed your private info (unless perhaps some of your emails residing on the computer of one of your correspondents).

Email spoofing is email activity in which the sender address and other parts of the email header are altered to appear as though the email originated from a different source. Because core SMTP doesn't provide any authentication, it is easy to impersonate and forge emails.

Although there may be legitimate reasons to spoof an address, these techniques are commonly used in spam and phishing emails to hide the origin of the email message.[1]
http://en.wikipedia.org/wiki/Email_spoofing

As I said, I don't see evidence that anyone has broken into your computer. But of course, most software has security vulnerabilities, regardless of OS. It's just a matter of whether the bad guys have discovered them and then made a tool to exploit them. I don't know about Linux security. For example what anti malware tools there are.

Just speaking in general terms applicable to any computer user, best policy normally would be to keep software up to date.

OpenDNS should work with Linux. It would block you from reaching servers known to host certain malware. Whether such malware ever affects Linux is another question. NoScript extension should work with Firefox on Linux, but some people don't like the inconvenience of clicking another button to view a website.

There may be unpatched known security holes in Oracle's Java that could affect Java on both Windows and Linux, so it might not be a bad idea to uninstall Java on Linux too if you don't normally use it.

... (I think we're safe from web crawlers here but I deleted my address just in case):

... Jeff
Jeff, FWIW, I googled the first sentence (in double quotation marks) from Doug's first message in this thread and it did appear.

So only "section 8" and "for members only" sections are not indexed (crawled) by Google.

David and Jeff--

Thanks for making me feel better about my email.

I was just worried because I have been seeing things like this of late, and when it uses two legit addresses of my correspondents who likely do not know each other, it sets off alarms.

I'll continue to watch what happens.

Thanks!

David and Jeff--

Thanks for making me feel better about my email.

I was just worried because I have been seeing things like this of late, and when it uses two legit addresses of my correspondents who likely do not know each other, it sets off alarms.

I'll continue to watch what happens.

Thanks!
Doug,

FWIW, I only use the email address that comes with my ISP account to receive my ISP (telephone and broadband/DSL) bills.

The reason is that I don't want to commit my main email address to be with my ISP in case I change ISP's, e.g. for better billing rates, etc.

With Mozilla Thunderbird I collect my email messages from multiple accounts on multiple services / servers.

I sort of figure that Google, Yahoo, Microsoft (Hotmail?), AOL, etc. which are NOT mainly ISP's (AOL used to be I guess) are maybe somewhat more motivated to give good email service (such as spam filtering) than straightforward vanilla ISP's because of the business model they follow, namely revenues from ads, as opposed to network connectivity. In other words, why put up with ads unless the messaging service (e.g. email) is at least as good as what you are already paying for with your ISP?

David--

My main email (incoming) is CIS, but for outgoing I use Comcast, which is my ISP. Two reasons for staying with CIS: 1. I have that address in so many places, I would not know whom all to notify of a change of address; 2. CIS has imap, which Comcast strangely does not offer.

But CIS has been difficult of late: about a third of the time Tbird cannot get logged in to store copies in the drafts or sent files. Sometimes it takes 6 or 8 times of timing out before it finally connects and stores. Does not seem to matter the security level used.

I have so far avoided ads in the emails.