I really don't know where to post this and where to look for info.

Since about a week, I've been receiving a curious email at a rate of about 4-5 a day.

It's supposedly an server response to some mail I have sent (which I haven't of course).

I receive a short message saying the email was not deliverable to the adresse mentionned. This adresse is never the same and always looks s---ty like "ghuuyd@whatever.com"...

The email I receive never come from the same sender, never the same Reply-To, and it's even not adressed to me...

Finally, the only thing that really is curious, is that it's always 144 Ko.

I'm receiving this on my Hotmail box. I transfered it to some Outlook account, just to try to see the 144 Ko rest of the email, but Outlook told me it cannot show some scripting in the email. I was sure it was going to say that, but tried it anyways..

So now, I'd like to find anyone who gets this, and anyone who knows what the hell it is. A web site talking about it would be great...

...and how to stop it could be appreciated to!

Smumdax

If you use Google, type "email spoofing" and you will see all kinds of sites that offer information about prevention and what it is. My advise to you is do not try to open any attachments that come with these, just immediately delete them.

I knew about email spoofing, although I didn't know what it was called.

There are no attachments in the "144 Ko mail" (That's how I'll call it from now one). And don't worry, I'm no newbies when it comes to spam, virus, hoaxes and all...

...but this one really bugs me. And simply delete them (what I've been doing for a week) is not enough for me to say "Ok, no problem"... I really want to find out what is causing this, were is it coming from, are there any other getting this particular mail...

Just searching for "email spoofing" on Google isn't enough. I don't really need info on spoofing, but really info on this particular email which I'm sure I'm not the only one getting it...

Erasing some spam as become as daily routine as cleaning my teeths, and I've become acustomed to it... but receiving a 144 Ko email, 5 a day, for simply a week-end off, and my Hotmail box is already loaded!... so this email as got to go.. I usually tcheck my emails everyday, more then once... but I would like to go to the moon someday and not return to see my mailbox blocked because of this damn "144 Ko mail"

Anyone know about it?

I've been getting the same. Casued by a worm out in the wild called worm.automat.AHB look up that and enjoy

hum... maybe it is... but I did receive a couple days ago some fake Microsoft update news page, with a Q##### file attached to it... It was obvious to me that this was some virus thiing, and when I took a look at the attachement, Hotmail informed me it was infected with some virus... didn't take the name in memory, but I assume it was automat...

However, my "144 Ko mail" doesn't have any attachment to it, and the mail just have 3 or 4 short lines of text, nothing elaborated like the fake Microsoft thing...

That is the size I often see with the KLEZ virus. Run a virus scan of the system with one of them downloaded and let it identify it for you. My ISP has starting blocking all infected e-mail for now, so I have not seen one for weeks. But KLEZ infected servers with broadband connection, often send out two copies per day to each e-mail address in the systems address book. This indicates your e-mail address is in two different infected machines.

First question to ask yourself is, who has your e-mail address and could be infected, and who also have a broadband connection (DSL/Cable). Then check with them to see if they have ran a full updated virus scan and checked for any virus.

As this is a hotmail account, you don't have the option of viewing the HTML source of the e-mail. And when you transfer it to OUTLOOK, it may loose the HTML header. But look at it anyway and see if you can trace them to the same source IP address. This is usually the last entry, Received from: IP address in the header. Then all you can do is use the IP address to identify the users ISP. (Do you know someone with that ISP or IP address.) Once you have the ISP and source IP address, you can send a note to the ISP's abuse address and ask them to check their user and have the user correct the problem. I have been able to shut down five accounts that were being used to mass e-mail copies of the KLEZ virus this way.

yes 144 is the klez size it used in first run!

Ok, so it might be the Klez...

Whatever it is, I really don't care. all I want is to stop receiving it... How can I block the adress when it changes all the time?... Just since the last time I posted here, I received to more emails and my account was blocked of overload...

I managed to get the headers though...

Anyone able to read it, post here or email me (if my account isn't blocked again overnight ;) ) and I'll send it out to you...

hello
they will be hard to block as there spoffed email addy try useing mail washer pro and bounce the addys.

posted useing linux konopix 3.3

... does anybody actually read everything we post? It might avoid me saying this: "I can't use any program like Mail Washer Pro because I'm on a -->Hotmail<-- account."

Following all this, I've tried to read trought the headers that I've got, and was helped by some web site explaining how to do it... So now, I've sent an email out to some provider in North Carolina...

... anyone know Road Runner?

...By the way, I didn't receive any "144 Ko mail" tonight... hope it stays that way :)