One of our users got a strange email from “System Administrator” at hotmail.
It’s a typical “Undeliverable” message but there are some weird things about it.
It’s referring to an email that was sent 6 months ago, and the address that it bounced back from is not the address it was sent to. The original email from August is still in her “sent” folder so I was able to confirm this.
I also checked her sent folder to see if a copy had been sent more recently. I also used “recover deleted messages”. There was not a more recent version in either place but there were other recently deleted messages. There were no strange sent messages.
Here is the message she received. I’ve replaced parts with “*” to anonymize it for a public message board.
A couple of things to note. The bounce back message says that it was sent 8/4/2011, and at the bottom is says “550 Mailbomb Target” which I take to mean that hotmail is bouncing everything back because that particular address has become a target.
So it appears that someone or something copied an email we sent, screwed with the headers to make the send date the same as the original, and sent it off to someone who is being targeted.
Our user who received this bounce back says that she does not know anyone with that hotmail address. After some Googling I was able to associate a name with that address and she does not know anyone by that name. So it doesn’t appear that her address book is being used.
Kaspersky antivirus is up to date and hasn’t detected anything.
It looks to me like the original recipient may be the one with the problem. They did receive the original message at the time it was originally sent.
Am I missing something?
Have any of you seen anything like this?
