Help Computer Guru's

I just got a spam email ( no surprise) and I checked the 'properties'.....It came from MY EMAIL ADDRESS! How did they do that? if I block the address I am blocking myself!

Not sure how it works, but some spammers get pretty tricky.

Don't block it. Just delete.

......program that is sending spam from your address to everyone in your address book. If you haven't downloaded Spybot Search & Destroy do so immediately! If you already have it loaded, make sure you have downloaded the latest definitions. Also make sure that you inoculate your system against re-infection.

On Edit: Added download link. http://www.safer-networking.org/en/download/index.html

If you havn't got an anti virus program running I suggest you also download the free personal version of Anti Vir

* detects and removes more than 80,000 viruses
* always among the winners of comparison test featured in computer journals
* the resident Virus Guard serves to monitor file movements automatically,
e.g. downloading of data from the internet
* scanning and repair of macro viruses
* protection against previously unknown macro viruses
* safeguard against cost generating dial-up program
* protection against trojaner, worms, backdoors, jokes and other harmful programs
* easy operation
* Internet-Update Wizard for easy updating
* Protection against previously unknown boot record viruses and master boot record viruses
* Quality "Made in Germany"
* support is free of charge via AntiVir Bulletin Board

I have McAfee anti virus and firewall. I ran spybot and spysweeper yesterday as well as registry mechanic. I don't know what else to do??

Here are the headers of some spam I got:

Status: U
Return-Path: <vfphgc@krovatka.net>
Received: from 61.75.4.45 (<61.75.4.45>)
by cave.mail.atl.earthlink.net (EarthLink SMTP Server) with SMTP id 1bTJKc5DO3Nl3pX0
Sun, 8 Aug 2004 05:13:29 -0400 (EDT)
Received: from qd3.advalvas.be (qd3.advalvas.be <134.136.3.220>) by with Microsoft SMTPSVC(5.0.2195.6824);
Sun, 08 Aug 2004 05:12:20 -0400
Message-ID: <hoZvNwzCMTxvs@advalvas.be>
Organization: crank case 0 boys
From: "¹«·áÀüÈ­±â" <nhnrxah@advalvas.be>
Reply-To: "¹«·áÀüÈ­±â" <nhnrxah@advalvas.be>

Notice that the "From" and "Reply To" fields don't match the "Return Path"

While there are often good ressons for this, spammers and hackers normally put random replytos in their emails so they don't get the bounced messages back. So, if they happen upon your email addy, it can be used to spoof the real originating address. Then, you will likely get a spam from yourself. I get them all the time. I also get bounced messages because some lowlife used my addy and it got kicked back by some filter or away message.

That's the easy part, but the return path isn't foolproof either. that's were the serious hackers have fun. Spoofing IPs is a fine art.

If you look up the IP address for that alleged Belgian email address, you find that it is registered to Wright-Patterson AFB.

huh?

That was apparantly used as a relay. Think about this when they talk about military security.

The other IPs look like this thing went through an anonymizer, or had some direct connection though a proxy somewhere. People geekier than I would know more.

Anyway, don't worry. If you haven't been hijacked with a trojan emailing this stuff out, it's just another annoyance.

It is an ongoing problem for me with a firewall and virus protection. I have spybot and spyweeper!

A simple packet spoofer will do the trick. -> A packet spoofer will be set up on a server someplace. When get the email off the mail server, the packet spoofer is notified. It then stops the packets of info going to your computer that would tell you who sent the letter, and it replaces them with the adress the letter was sent to.