Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Very Strange Ebay Emaills not spoofing

  • 31-01-2006 9:38am
    #1
    Closed Accounts Posts: 4,476 ✭✭✭


    I would apreciate if anyone could shed some light on this as it is quite a cause for concern.

    I have contaced ebay in relation to this and since the emails have stopped dead yet I have recieved no reply from ebay, they have obviously taken action but I am very curious as to what the source of the problem may have been.

    I sell quite alot on ebay and so deal with the usual spoof mails, muppet mails etc.

    Last week I started to recieve approx. 200k in size emails, with what appear to be virus attachments, first one, then 5, then up to 20 a day up until yesterday when i contact ebay.

    What's alarming is that it states from member, o.k this could be any schmuck, however when I check the email source and properties it says the following.
    details are edited for privacy



    Return-Path: <member@ebay.com>
    Delivered-To: eircom.net-xxxxxx@eircom.net
    Received: (vpopmail 28205 invoked by uid 16); 27 Jan 2006 17:05:39 +0000
    Received: (qmail 27625 messnum 7068514 invoked from network[xxxxxxxxx1.prp.dublin.eircom.net]); 27 Jan 2006 17:05:30 -0000
    Received: from xxxxxxx-ras1.prp.dublin.eircom.net (HELO pc2) (xxxxx249.160)
    by
    xxxxxxcra.dublin.eircom.net (qp 27625) with SMTP; 27 Jan 2006 17:05:30 -0000
    From: "member" <member@ebay.com>
    To: <ixxxx@ircom.net>
    Subject: Fw: Sexy
    MIME-Version: 1.0
    Status: U
    X-UIDL: 1138381539.xxxxx.mail01.xxxxxdublin.eircom.net,S=183157
    Content-Type: multipart/mixed; boundary="----=_NextPart_1.84517502784729E-03"



    So you see, if i then block "member@ebay.com" naturally any of my customers attempting to contact me will also be blocked.

    My internet security and spoofing education is well out dated and I would apreciate if anyone could shed some light on this very shady business!

    Running Up to date win2k, outlook express, Internet explorer, all secure and firewalled etc.

    Some of the emails were of sexual content with jpeg images showing places but no images. I have no bloody virus scanner from the computer where I work and so I have not been able to analyse any of the files.

    Sorry for the long post.

    Samba


Comments

  • Registered Users, Registered Users 2 Posts: 944 ✭✭✭SwampThing


    May have nothing to do with it, but when you say you have no virus scanner....


    http://news.bbc.co.uk/2/hi/technology/4661582.stm


  • Closed Accounts Posts: 4,476 ✭✭✭Samba


    Very much related, I recieved all of the following

    SAMPLE SUBJECT LINES
    Fw: Funny :)
    Fw: Picturs
    Fw: SeX.mpg
    Re: Sex Video


    My biggest concern is that it would appear as though ebay themselves are or at least were passing on the infection


  • Closed Accounts Posts: 6,601 ✭✭✭Kali


    Samba wrote:
    Very much related, I recieved all of the following

    SAMPLE SUBJECT LINES
    Fw: Funny :)
    Fw: Picturs
    Fw: SeX.mpg
    Re: Sex Video

    My biggest concern is that it would appear as though ebay themselves are or at least were passing on the infection

    By the looks of the headers you posted it's an infected Eircom user (or at least one who has their smtp servers set to eircom)... nothing to do with ebay at all, most viruses From headers are spoofed.
    Likely scenario is that someone has your email address in their contacts/inbox and have gotten infected.. or else your pc is infected.. either way a virus scanner really is a necessity.


  • Closed Accounts Posts: 4,476 ✭✭✭Samba


    I'm on eircom myself using an eircom email address also.

    I am very curious (and ignorant in many respects :)) i was not aware that spoofing was possible in the actual header, how and why could it possibly have spoofed member@ebay.com what would be the likely explanation for this? any random email address I can understand, member@ebay.com and the fact that as soon as I alerted ebay to the issue, it stopped and instantly.

    I ran a scan and everything is clean, i bloody hate anti-virus software!


  • Registered Users, Registered Users 2 Posts: 944 ✭✭✭SwampThing


    Samba wrote:
    i bloody hate anti-virus software!

    It's a neccessary evil, or the lesser of two weavels (watch Master and Commander)

    The alternative is just too scary to think about - no-one using anti-virus software?!?!?!?!

    Samba, you can to some degree, thank all the people who do use anti-virus software for keeping crap like this from bringing I.T. to it's knees.

    It's no joke - e-mail as a communications medium is fast becoming unviable because of spam and the easy spread of virii.
    Already work is underway on iSMTP servers to control e-mail - you only get mail from people you authorise to send to you.

    Anyway, don't get me started.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 566 ✭✭✭dalk


    Samba wrote:
    I am very curious (and ignorant in many respects ) i was not aware that spoofing was possible in the actual header, how and why could it possibly have spoofed member@ebay.com what would be the likely explanation for this?

    The virus is either coded to use this address (or a list of) or it simply goes through the infected PC's email address', choses one to send an email to and another to use as the spoofed Mail From.
    Samba wrote:
    any random email address I can understand, member@ebay.com and the fact that as soon as I alerted ebay to the issue, it stopped and instantly.

    Coincidence. The emails were not originating from ebay mail servers. Nothing to do with them. Maybe ebay got in contact with the user of the infected PC that was spitting emails at you? Maybe the user of the infected PC copped on and removed the infection...


Advertisement