Jump to content
xisto Community
ysNoi

Email From "resume-thanks@google.com" I received an email with Thank you from Google...

Recommended Posts

Yes I know that anybody will recommend using antivirus programs but how would you recommend on how to avoid receiving such things from those email addresses...

It's a general health security problem.A friend of yours did not have a good antivirus program, so no guardian prevented him from catching this worm.
The worm got your e-mail address from your friend's contact list, and started sending mails. This will continue until your friend fixes his problem.
Your PC is also infested, so your PC is also sending mails, and will continue until you fix your own problem.
The only possible thing would have been preventing the remote server from having your mail address, which is the job antivirus programs perform. Now it's too late for that.
The only thing I guess would be possible is to define all mails coming from resume-thanks to go to the spam folder. It's easy to do if your mailer is gmail, it's probably possible with the other mail systems.
Regards
Yordan

Share this post


Link to post
Share on other sites

The only thing I guess would be possible is to define all mails coming from resume-thanks to go to the spam folder. It's easy to do if your mailer is gmail, it's probably possible with the other mail systems.

Thanks for the advise yordan... I'll consider doing this for the time being...

I will just point those mails to junks this time and also inform my co-workers to do the same.

Thank you once again...

Share this post


Link to post
Share on other sites

Thanks for the advise yordan... I'll consider doing this for the time being...
I will just point those mails to junks this time and also inform my co-workers to do the same.

Thank you once again...


Also ask them to look for the virus signature description on their own PC...
Remember that the initial virus infector has probably been sent by somebody having your mail address inside his PC!

Share this post


Link to post
Share on other sites

I think, it has to do something with our company email service provider because some of my co-workers also received this kind of email.

 

Oh and today, I got another email from different address. But it's kind of the same attachment.

 

I received another email from "update@facebookmail.com" and the message was:


Delivered-To: xyz@emailservice.com

Received: by 10.216.91.83 with SMTP id g61cs72895wef;

Sat, 23 Oct 2010 10:26:58 -0700 (PDT)

Received: by 10.100.253.5 with SMTP id a5mr3576039ani.128.1287854817141;

Sat, 23 Oct 2010 10:26:57 -0700 (PDT)

Return-Path: <notification+zya0fz96@facebookmail.com>

Received: from mx-out.facebook.com (outmail014.snc4.facebook.com [66.220.144.146])

by mx.google.com with ESMTP id f9si6900001anp.188.2010.10.23.10.26.55;

Sat, 23 Oct 2010 10:26:56 -0700 (PDT)

Received-SPF: pass (google.com: domain of notification+zya0fz96@facebookmail.com designates 66.220.144.146 as permitted sender) client-ip=66.220.144.146;

Authentication-Results: mx.google.com; spf=pass (google.com: domain of notification+zya0fz96@facebookmail.com designates 66.220.144.146 as permitted sender) smtp.mail=notification+zya0fz96@facebookmail.com; dkim=pass header.i=@facebookmail.com

Return-Path: <notification+zya0fz96@facebookmail.com>

DKIM-Signature: v=1; a=rsa-sha1; d=facebookmail.com; s=201006181024; c=relaxed/relaxed;

q=dns/txt; i=@facebookmail.com; t=1287854807;

h=From:Subject:Date:To:MIME-Version:Content-Type;

bh=5Fr5syIch7WXxEab/wNI+xPO9RI=;

b=rJPaOEjomdWkNHQZXExVuqZ64ZecIaJ9PWlRlktMyMoPaxrpaIx1XOtw97Nk4kzQ

h0aawa8cQw+UpMVcgU/wFkDI4dGynHwJkZY5yFoLq3xgfw0MXbBKTTYG9Ib7JjVG

N1OORuOHDqJU+wwx0T6jaTc6FBLmTOlFI5J7TPwqsQ8=;

Received: from [10.36.111.122] ([10.36.111.122:59002])

by mta005.snc4.facebook.com (envelope-from <notification+zya0fz96@facebookmail.com>)

(ecelerity 2.2.2.45 r(34222M)) with ECSTREAM

id 78/4B-07535-7DA13CC4; Sat, 23 Oct 2010 10:26:47 -0700

X-Facebook: from zuckmail ([MTI3LjAuMC4x])

by /?_fb_noscript=1 with HTTP (ZuckMail);

Date: Sat, 23 Oct 2010 10:26:47 -0700

To: xyz<xyz@emailservice.com>

From: Facebook <notification+zya0fz96@facebookmail.com>

Reply-to: Reply to Comment <c+23jlpmd000000m6jwio2s001ojggjvnmt000000m6jwio000000q9100x1mj1i@reply.facebo

ok.com>

Subject: Charis M Lachica posted on your Wall.

Message-ID: <8871bb8b936c4599739d20c61250307a@freehost.xisto.com/r/h/www.facebook.com;

X-Priority: 3

X-Mailer: ZuckMail [version 1.00]

X-Facebook-Notify: wall; from=1587283809; mailid=32d1805G4ff20960G15ab43aG1

Errors-To: notification+zya0fz96@facebookmail.com

X-FACEBOOK-PRIORITY: 0

MIME-Version: 1.0

Content-Transfer-Encoding: quoted-printable

Content-Type: text/plain; charset="UTF-8"


Text in bold is the recipient - this can be forged and if you don't appear as a recipient and you still get the email then it is one of the following.

1. it was sent to a mail group, a mail group is a list of emails private to the email provider. If some discover the group name then he can send 1 email to 1 address and nothing will appear on the "To:" still everyone on the group will get a copy.

2. you are included on the blind carbon copy list (BCC), it was commonly used way to send mass email and spam since 99.9% of email servers throw away the BCC info in hopes to remove tracing on who got a copy.

 

Text in bold and underlined - is the real email server, 70% of spams i received faking paypal are being sent from Hotmail with fake email header. The sample above claims that the email comes from facebook and the receiving email server accepts it and appends a message ID (f9si6900001anp.188.2010.10.23.10.26.55).

 

Text in bold and italic - the actual "handshake", this is a server to server communication and authentication part. If one fails to identify the communication attempt should be terminated. Sadly most email servers are configured to still continue even if the other end fails to identify.

Share this post


Link to post
Share on other sites

As a suggestion for email security, it is unlikely that any reputable online business / company would send any attachments, especially if it is an executable phone. That probably is the first sign. Also, if possible, you should not click links from the email unless you are absolutely sure of its identity e.g. clear names in URL, email validation links for sites you recently registered for etc. For example, in the above Facebook email advising you of a message on your Facebook wall, the best option would be to login directly into Facebook rather than clicking the link in the email.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.