Re: Distressing, possibly life threatening emails from free accounts (yahoo, hotmail

["David Vertie" <verticalrave () hotmail com>]

In most cases, you'd be able to find that the mail headers were forged, and 
mail bounced through several proxies. In other cases, the culprit is in the 
open air, unintelligeable as to methods of detection.

I would be extremely carefully in pointing fingers however, since it is more 
than likely that e-mail headers were probably forged (should assume so 
anyway), and going to the person who owns the particular account and yanking 
it from them will do no good to stop the e-mails any how.

In these cases, it is hard to try to tell what to do, much like in the case 
of Ping of Death attacks. You can either attempt to socially engineer the 
person out, or try to trap the person by wiretapping and monitoring the 
paths that the particular person has taken to send the e-mail and wait. Law 
enforcement should be involved. As always. I believe this is more serious 
than a PoD Reflection attack against a major corporation.

David


> From: "Ken Horton" <Ken_Horton () hc-sc gc ca>
> To: "steve baker" <stephenbbaker () hotmail com>
> CC: security-basics () securityfocus com
> Subject: Re: Distressing, possibly life threatening emails from free 
> accounts (yahoo, hotmail
> Date: Wed, 28 May 2003 13:54:20 -0400
>
>
> Due to the advent of spam trojan horses, it may be nearly impossible.
> Contact Yahoo, they'll terminate the account and investigate.  Also submit
> the emails to your federal cybercrime/police authority (FBI in the US).
>
>
>
>
>                       "steve baker"
>                       <stephenbbaker@ho        To:       
> security-basics () securityfocus com
>                       tmail.com>               cc:
>                                                Subject:  Distressing, 
> possibly life threatening emails from free accounts (yahoo,
>                       2003-05-27 12:38          hotmail
>                       PM
>
>
>
>
>
>
> One of our users has received questionable and possibly life threatening
> emails from a yahoo account that was created recently.  They have
> approached
> us to find out as much as we can pertaining to the person sending it.
>
> Of course, we are not YAHOO so we cannot determine anything about the mail
> other than the content.
>
> How can we find out who sent this?
>
> _________________________________________________________________
> STOP MORE SPAM with the new MSN 8 and get 2 months FREE*
> http://join.msn.com/?page=features/junkmail
>
>
> ---------------------------------------------------------------------------
> ----------------------------------------------------------------------------
>
>
>
>
>
> ---------------------------------------------------------------------------
> ----------------------------------------------------------------------------

_________________________________________________________________
The new MSN 8: smart spam protection and 2 months FREE*  
http://join.msn.com/?page=features/junkmail


---------------------------------------------------------------------------
----------------------------------------------------------------------------