cancel
Showing results for 
Search instead for 
Did you mean: 

E-Mail From Plusnet Abuse

N/A

E-Mail From Plusnet Abuse

This morning I got what i regard to be a fairly aggressive e-mail from Plusnet which says that I appear to be sending unsolicited e-mails and it starts
"Dear Customer,

It has come to our attention that a source of unsolicited email has been
linked to your account with us. This could have one of several possible
causes, including those in the following list:

- You are running an insecure SMTP relay or proxy software
- Your PC is infected by an email virus, worm or trojan
- You have a web server with an insecure Formmail script
- You are yourself sending unsolicited email"

I have Trend Internet Security installed with up to date anti virus patterns and also a personal firewall and I don't have a webserver .
I think the problem probably relates to an occasion a while ago when a particular virus was rife . I daily get e-mails bounced back to me ,especially from AOL recipients and these seem to have originated from myself but they have not. I believe that this situation is well known so plusnet should be aware of it.
Can anyone suggest anything I can do about this problem -the e-mails not Plusnet :-)
thx
Stuart
10 REPLIES
Community Veteran
Posts: 14,469
Registered: 30-07-2007

E-Mail From Plusnet Abuse

If a report of spamming is received, PlusNet musty take it seriously and investigate which they have done. I would not call the email aggressive, mearly clear and to the point suggesting ways in which your system could have been compromised or your config is doing something you did not expect (i.e. acting as an open relay for spam). It is also a prompt for you to check your system out incase you have been compromised without your knowledge (which does hapen alot).

There are many instances when email addresses have been spoofed but PlusNets first port of call is you hence the email. If you can prove you are not at fault then PlusNet will look elsewhere for the origin but as with all situations there will be suspects that have to be investigated and sometimes those suspects are guilty.

Unfortunately, having a virus scanner does not mean you are free from all viruses, it just means you are free from the ones the virus scanner can detect.

As for the bounced emails you are getting due to your email being spoofed, there really is not much you can do, especially if they are using your main email address. I suggest you do a few scans of your system with some of the other online scanners and trojan scanners. Also run some of the other spyware apps just to be safe. Details of what scanners you can use are in the new General: Essential Security software
N/A

E-Mail From Plusnet Abuse

I agree with the above post.

A while back a collegue at work recieved a mail from his ISP (not plusnet) the mail was essentially telling him to stop sending unsolicited mails with 24 hours or loose the account.

A quick snoop round his PC with adaware, and an AV package showed it to be riddled with viruses, and dubious applications.

He had got infected with a virus (Nimda?, can't remember) and that had disabled his AV, protection, and he hadn't noticed.

Also, a note I personally got Trend (6 month trial) with a new PC, and despite constant updates when the trial ended, and i decided to go with a free AV application I found that my then machine had over 10,000 instances of a diffferent virus.
N/A

E-Mail From Plusnet Abuse

I would download the free trial version of NOD 32,(on list)
Kaspersky is pretty good aswell.
update to the latest signature and run the scan.
Norton and bit defender do online scans which might help.
I had similar problems with trend micro, it's not that it's a
bad product, but an anti virus can only be as good
as it's latest signature base.
Alec
N/A

E-Mail From Plusnet Abuse

Thx for the advice all-i do have Adaware and also Spybot which i run regularly .
a recent programme I have is Trojan hunter . No Trojans or any other susupicious entries have been found but it reports this >>>
-----------------------------------------------------------------------
Port 9999/TCP is open (matches ForcedEntry.100)
Port 9999/TCP is open (matches Infra.100)
Port 9999/TCP is open (matches Prayer.120)
Port 9999/TCP is open (matches Prayer.130)
Port 9999/TCP is open (matches SpadeAce.100)
Port 9999/TCP is open (matches TakeOver.200)
Port 9999/TCP is open (matches TakeOver.300)
--------------------------------------------------------------------
when doing a Port Scan
Could some of you more knowledgeable guys explain this and what,if anything,I need to do .
Stuart
N/A

E-Mail From Plusnet Abuse

lo,a quite simple thing to try is netstat.boot up your pc as normal and make your internet connection,then ensure all normal apps are shut down ie msn messenger,media players,outlook basically anything that uses the net.then open run and type command,this should bring up a dos type window,in this type netstat.you should now see a list of everything that has connected to the net,any virus or worm running will run into 1000's of connection attempts usually.you should not have anything showing as connected unless you iniatate it.this wont stop any malicious program running but it will give you some insight into what does actually connect to the web.
on another point has anyone tried using a port blocker?
seems to work like a firewall in reverse,just wondering if anyone has any experience of them?
Community Veteran
Posts: 14,469
Registered: 30-07-2007

E-Mail From Plusnet Abuse

Or download TaskInfo 2003 which will show all connections and when looking at individual apps, what connections they are using.
N/A

E-Mail From Plusnet Abuse

forced entry,prayer and infra are all trojans that frequent port 9999.when you say you have trend security i assume its the pc-cillin suite?issue 43 of pc utilities has a comprehensive av and trojan test on 48 programs v 58,000 viruses,allthough faring better against viruses than trojans pc-cillin only detected approx 75% of trojans.bear in mind no av is 100% effective.try a few different online scanners,if you are still concerned a port blocker utility will block that port by simply adding it to its block list.


P.S to find out what frequents any port
http://grc.com/port_port.htm
remove port from the url and add the port number want info on ie /port_9999.htm
N/A

E-Mail From Plusnet Abuse

Hi,

Quote

Port 9999/TCP is open (matches ForcedEntry.100)


I can't immediately think of anything valid that would be using this port number. Personally I would be inclined to follow poiuyt's comments to remove every known possibility. If netstat then still shows this port as being in use (or even just listening), the logical conclusion would be that there is something on your system that you don't know about.

If you're on an NT base system then netstat -p will give you the process id that has opened the port. This may help to track down the culprit.

Quote

on another point has anyone tried using a port blocker?
seems to work like a firewall in reverse,just wondering if anyone has any experience of them?


I have effectively used a port blocker (in reality a paranoid firewall with a strict filter list). This has been set-up to allow through only applications that I know should access the web. (i.e. http, ftp, ssh, icmp and dns)

The only problem this caused was when a previous house-mate took issue with the fact he couldn't run Overnet. Once I realised what he wanted, it was easy enough to rectify.

The only downside I guess, is that you would have to modify the filter each time you started using a new app/protocol - or worse, trying to use a new protocol, completely forgetting the unexpected port would be stopped dead, and then wasting a little time figuring out the problem! But to be honest, as it is only personal use, I have rarely had to make modifications once I got the base rules in place.

Regards,
D'Essen
N/A

E-Mail From Plusnet Abuse

As a follow up to previous posts I have discovered that a programme called K9 which is a SPAM filtering programme appears to use port 9999 so i have uninstalled that and also installed Analog Port Blocker and added Port 9999 to the blocked list and after running Trojan hunter found that it did not find any problems .

Someone else asked if i was using Trends PC-Cilin Suite . I WAS using PC-Cillin 2003 but this appears to have been superceded by Trend Micro Internet Security which scans all traffic in and out and also has a firewall and is what i use now .
Stuart
N/A

E-Mail From Plusnet Abuse

thx essen,blocker i have says it will react to any probe but then shuts the probed port down,this is if it gets thru firewall.as its a tiny d/l and only uses 3k memory just seems nice to know there is that xtra bit of security there.also the ability to close a port very fast if netstat shows and odd connection can be useful.