Need some help with this

anniemac

Ueber Meister
PABnoaccred
MM
Joined
Jan 30, 2007
Location
Texas, USA
I received a spam email from this address: zspm23@imail.etsu.edu. It was casino advertising but for some reason it wouldn't open so I don't know what casino it was for. However, my question is this, how do I go about finding out where/who it came from. Not that I care which casino, but in the US an email that came with .edu at the end usually comes from a college. ETSU is a university here in Texas and I am really curious if this actually came from a college computer.

I know that most of you at CM are far more knowledgeable about this sort of thing than I am or will ever be, so I was just wondering if someone could help with this.
 

bb28

Meister Member
Joined
Nov 18, 2006
Location
US
It's most likely a forged email address......happens all the time.
If you want to know more look at the headers on the email. If you need help with that, post what email client you are using.

Hope that helps.
 

bb28

Meister Member
Joined
Nov 18, 2006
Location
US
I see you are using yahoo email. I can help show you how to view the header info in the email but someone else will need to take a look at it to let you know what the info means. I''m not sure who it was but others on here have posted that have knowledge about email headers.

You can view the header by going into the options menu on your yahoo email page, top of page on the right side, above listing of your emails. After you are in the options menu go to Management/General Preferences and select the option that is under the messages part that says "show all headers".

Then you can go back to the email in question and copy and paste the header here and ask for help with it.

BB
 

lojo

Banned User - repetitive violations of <a href="ht
Joined
Jan 18, 2007
Location
USA
Or you can go to the bottom of the message (looks like you're using the older yahoo, I do too) on the bottom right there will be "Full Headers" click on that and take a screenshot or copy paste here. Be sure to go through and remove your info. It will look something like this:

From Kaitlyn Gonzalez Thu Jan 3 21:48:46 2008
X-Apparently-To: xxlojoxx@yahoo.com via 68.xxx.xxx.104; Thu, 03 Jan 2008 21:49:48 -0800
X-YahooFilteredBulk: 69.81.87.16
X-Originating-IP: [69.81.87.16]
Return-Path: <hjbberq@excite.com>
Authentication-Results: mta434.mail.mud.yahoo.com from=excite.com; domainkeys=neutral (no sig)
Received: from 69.81.87.16 (HELO jays.earthlink.net) (69.81.87.16) by mta434.mail.mud.yahoo.com with SMTP; Thu, 03 Jan 2008 21:49:47 -0800
Received: from [200.191.81.126] (HELO IhsNSETtvEYSzBuciw1chw) by jays.earthlink.net with Microsoft SMTPSVC(6.0.3790.211); Fri, 4 Jan 2008 00:49:07 -0500
Message-ID: <2e0201c84e6c$01c90dc9$2a74e871@jays.earthlink.net>
From: "Kaitlyn Gonzalez" <hjbberq@excite.com> Add to Address Book Add Mobile Alert
To: xxxlojoxxx@yahoo.com
Subject: Welcome to our casino0. Special offers! extra!
Date: Fri, 4 Jan 2008 00:48:46 -0500
MIME-Version: 1.0
Content-Type: multipart/related; type="multipart/alternative"; boundary="------=_NextPart_000_3442_344377E7.1FFE925F"
Precedence: normal
Content-Length: 52216
A new electronic publication from Ca*si*no-World. Announcement Letters.
 

lojo

Banned User - repetitive violations of <a href="ht
Joined
Jan 18, 2007
Location
USA
Can you copy and paste it so its easier to read? It can be sleuthed from there:) me eyes ain't what they used to was.
 

anniemac

Ueber Meister
PABnoaccred
MM
Joined
Jan 30, 2007
Location
Texas, USA
Let's see if this is better. I told all I am computer illiterate. :)



From zspm23@imail.etsu.edu Sat Jan 5 14:37:20 2008
X-Apparently-To: via 68.142.207.95; Sat, 05 Jan 2008 14:37:21 -0800
X-YahooFilteredBulk: 67.19.218.194
X-Originating-IP: [67.19.218.194]
Return-Path: <zspm23@imail.etsu.edu>
Authentication-Results: mta376.mail.re4.yahoo.com from=imail.etsu.edu; domainkeys=neutral (no sig)
Received: from 67.19.218.194 (HELO nebula.websiteactive.com) (67.19.218.194) by mta376.mail.re4.yahoo.com with SMTP; Sat, 05 Jan 2008 14:37:20 -0800
Received: from srvgzjr (252.36.205.173) by nebula.websiteactive.com; Sun, 6 Jan 2008 09:37:20 +1100
Date: Sun, 6 Jan 2008 09:37:20 +1100
From: zspm23@imail.etsu.edu Add to Address Book Add Mobile Alert
X-Mailer: The Bat! (v2.01)
Reply-to: <se@msn.com>
X-Priority: 3 (Normal)
Message-ID: <33607599.20071119072933@imail.etsu.edu>
To: Subject: big money
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------F3452192283AC"
Content-Length: 206613
 

bb28

Meister Member
Joined
Nov 18, 2006
Location
US
Here is the Who is info on the orginating IP

Result for 67.19.218.194

--> /usr/local/bin/fwhois 67.19.218.194@whois.arin.net
[whois.arin.net]

OrgName: ThePlanet.com Internet Services, Inc.
OrgID: TPCM
Address: 1333 North Stemmons Freeway
Address: Suite 110
City: Dallas
StateProv: TX
PostalCode: 75207
Country: US

ReferralServer: rwhois://rwhois.theplanet.com:4321

NetRange: 67.18.0.0 - 67.19.255.255
CIDR: 67.18.0.0/15
NetName: NETBLK-THEPLANET-BLK-11
NetHandle: NET-67-18-0-0-1
Parent: NET-67-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.THEPLANET.COM
NameServer: NS2.THEPLANET.COM
Comment:
RegDate: 2004-03-15
Updated: 2004-07-29

RTechHandle: PP46-ARIN
RTechName: Pathos, Peter
RTechPhone: +1-214-782-7800
RTechEmail: admins@theplanet.com

OrgAbuseHandle: ABUSE271-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-214-782-7802
OrgAbuseEmail: abuse@theplanet.com

OrgNOCHandle: TECHN33-ARIN
OrgNOCName: Technical Support
OrgNOCPhone: +1-214-782-7800
OrgNOCEmail: admins@theplanet.com

OrgTechHandle: TECHN33-ARIN
OrgTechName: Technical Support
OrgTechPhone: +1-214-782-7800
OrgTechEmail: admins@theplanet.com

# ARIN WHOIS database, last updated 2008-01-05 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
 

lojo

Banned User - repetitive violations of <a href="ht
Joined
Jan 18, 2007
Location
USA
I've never quite known the best way to deal with stuff like this. Is forwarding the message to abuse@theplanet.com the best thing? I don't have time right now to crack it down further... hope I was a help in getting the info here to be looked at.

You were awesome bb28 :)
 

anniemac

Ueber Meister
PABnoaccred
MM
Joined
Jan 30, 2007
Location
Texas, USA
Thank you both so much. I don't know why this particular email got to me but I just had to know who it came from. I get so much junk mail but this one caught my eye.

You are both awesome.
 

lojo

Banned User - repetitive violations of <a href="ht
Joined
Jan 18, 2007
Location
USA
When I get a chance to focus, I can help you expose the stuff, at least for now it is archived here just like 'my' golden casino is.

I do find it interesting that your 'mask' was an .edu but that complicates the affiliates more than defines them (so-called university think tanks and incubators)
I'd rather get to the bottom of it and end the aff business as it operates today. Period. It is shady and corrupt for the most part. Good affiliates can stand up and recreate it unless they are part and parcel.
 

bb28

Meister Member
Joined
Nov 18, 2006
Location
US
You are welcome Anniemac although I didn't do much.
Lojo is way out in front of me.
 

mysticjoz

Senior Member
Joined
Apr 10, 2007
Location
somewhere... over the rainbow!
Also keep in mind everyone.. I myself got a "Trojan" way back.. which literally stole my email address and was SPAMMING from it. (which is why I changed internet providers and email addresses) I had signed on one day to see literally dozens of "mailer damon and can not be delivered" emails in my inbox when I had not sent any emails out!!

You can try this site...
You do not have permission to view link Log in or register now.
At the bottom of thier page is a link to each government site that can help out in any situation regarding the internet. And you will receive a reply within 24 hours. (I did anyway)
good luck.
 

bb28

Meister Member
Joined
Nov 18, 2006
Location
US
Also keep in mind everyone.. I myself got a "Trojan" way back.. which literally stole my email address and was SPAMMING from it. (which is why I changed internet providers and email addresses) I had signed on one day to see literally dozens of "mailer damon and can not be delivered" emails in my inbox when I had not sent any emails out!!

You can try this site...
You do not have permission to view link Log in or register now.
At the bottom of thier page is a link to each government site that can help out in any situation regarding the internet. And you will receive a reply within 24 hours. (I did anyway)
good luck.

Mystic.......unless you cleaned your computer of the trojan,, changing ISP's and email address didn't get rid of it......did you clean it or hire someone to do so?
 

mysticjoz

Senior Member
Joined
Apr 10, 2007
Location
somewhere... over the rainbow!
:thumbsup:Yes, it's clean... I spent over 3 hours with "norton" attempting to take control of my computer to remove the trojan. everytime they got close, they were booted out! (amazing how much a trojan can do!)
In the end I removed Norton antivirus and installed McAfee.. which did catch and remove the trojan.
I also had it checked by a professional just to make sure.. but it is gone!
thank you! :notworthy

What I was thinking was with the edu. ending on that email it could have been from a college or educational site that had been hijacked. (slim possibility, but still possible)
 
Last edited:

bb28

Meister Member
Joined
Nov 18, 2006
Location
US
:thumbsup:Yes, it's clean... I spent over 3 hours with "norton" attempting to take control of my computer to remove the trojan. everytime they got close, they were booted out! (amazing how much a trojan can do!)
In the end I removed Norton antivirus and installed McAfee.. which did catch and remove the trojan.
I also had it checked by a professional just to make sure.. but it is gone!
thank you! :notworthy

What I was thinking was with the edu. ending on that email it could have been from a college or educational site that had been hijacked. (slim possibility, but still possible)

Glad you got it cleaned up :).......Trojans are very nasty things.....can steal bank info, passwords, take over your computer by spewing spam, etc........etc.
You could have got it from an email.....website, IM client......you may never know where it came from.
 

RobWin

closed account
Joined
Apr 24, 2004
Location
A Vault!
:thumbsup:Yes, it's clean... I spent over 3 hours with "norton" attempting to take control of my computer to remove the trojan. everytime they got close, they were booted out! (amazing how much a trojan can do!)
In the end I removed Norton antivirus and installed McAfee.. which did catch and remove the trojan.
I also had it checked by a professional just to make sure.. but it is gone!
thank you! :notworthy

What I was thinking was with the edu. ending on that email it could have been from a college or educational site that had been hijacked. (slim possibility, but still possible)

mysticjoz, you should go ahead and dump McAfee too and install AVG, it's more of a professional antivirus program that any of those bundled brands. I got more viruses with McAfee than any other. I've been using AVG for over three years now and have never had one single issue with my system. If you are interested there's another thread in here somewhere, I'll have to find it where I posted the link to their freeware Antivirus & Antispam.
 

bb28

Meister Member
Joined
Nov 18, 2006
Location
US
mysticjoz, you should go ahead and dump McAfee too and install AVG, it's more of a professional antivirus program that any of those bundled brands. I got more viruses with McAfee than any other. I've been using AVG for over three years now and have never had one single issue with my system. If you are interested there's another thread in here somewhere, I'll have to find it where I posted the link to their freeware Antivirus & Antispam.

I use AVG and other free programs and I'm a lot more satisfied with them than the paid versions......see my recommendations in this post. https://www.casinomeister.com/forums/threads/help-serious-browser-problem.21557/?highlight=firewall
 

RobWin

closed account
Joined
Apr 24, 2004
Location
A Vault!
Windows Defender is another free program that helps you stay up to date by protecting your computer against pop-ups, slow performance and security threats caused by spyware and other potentially unwanted software. Here's the link if interested:


You do not have permission to view link Log in or register now.
 

lojo

Banned User - repetitive violations of <a href="ht
Joined
Jan 18, 2007
Location
USA
Another musthave in my opinion is Outdated URL (Invalid)

Worried about changes to your Windows Automatic Update?

Scotty has always monitored unique system settings and now with WinPatrol 12.2.2007 you'll know if malware or even Microsoft makes changes that updates your system without your knowledge or permission.
 
Top