Hi
My hotmail (outlook.com) account appears to have sent itself a single e-mail. The e-mail apperas to have been sent very early on Monday, but I did not realize until over 24 hours later. Active Links awere and are disabled and there is an Outlook Warning in the Message Pane saying: "Warning: Be careful! This sender has failed our fraud detection tests."
When I used the toolbar tool to check the message source, it seems to suggest that an IP address located on an unknown secure server in Scottsdale Arizona (173.201.193.237) has indirectly sent me an e-mail surreptitiously "aliased" as having been sent to my account from the very self same account, via another server that appears to be a Microsoft Server (157.56.161.86).
I have already changed my password and taken steps for my future e-mail security. I would like someone who can understand the "message source" data to tell me if there was indeed an intrusion into my hotmail account whether whoever it was had access to my account for those 36 hours or whether I am just misunderstanding the data and have no cause for concern that anyone had actual access to the private information in my e-mails and contacts list. My concern was raised by the anomalous IP address at the top of the "message source" data as well as the apparent reference to a "bot" in several places, a URL with .exe command at the end of it (which routes to an Error message - I tested it on an non-essential spare PC with a fresh OS and zero internet history) and two different sets of "Message From" data (isolated data of concern is copied and isolated immediately below this paragraph). The full "message source" data is copied at the foot of this e-mail.
SPECIFIC "MESAGE SOURCE" DATA ITEMS THAT CAUSED ME CONCERN:
Authentication-Results: hotmail.com; spf=softfail
X-AUTH-Result: FAIL
X-SID-Result: FAIL
X-Message-Status: n:n
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0xO0Q9MTtHRD0xO1NDTD0z
sender IP is 173.201.193.237
p3plsmtpa09-08.prod.phx3.secureserver.net
smtp.mailfrom=********@hotmail.co.uk; dkim=none header.d=hotmail.co.uk; x-hmca=fail header.id=********@hotmail.co.uk
Received: from p3plsmtpa09-08.prod.phx3.secureserver.net ([173.201.193.237]) by COL0-MC1-F11.Col0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4900); Sun, 25 Aug 2013 23:50:52 -0700
Received: from maqgoogle2 ([157.56.161.86]) by p3plsmtpa09-08.prod.phx3.secureserver.net with id HJqo1m00M1s8jzR01JqrM3; Sun, 25 Aug 2013 23:50:51 -0700
From: "********@hotmail.co.uk" <********@hotmail.co.uk>
Subject: 8/26/2013 6:50:52 AM Document
To: ********@hotmail.co.uk
Content-Type: multipart/alternative; boundary="La5MuhTbbuFpcI=_pxOWA9GSMy2EUvhBot"
https://s3.amazonaws.com/greg4gf/Document_938133.exe
[The text immediately below does not feature in the problem e-mail's "Message Source" Data but is the Error Message that the above URL routes to]
<?xml version="1.0" encoding="UTF-8" ?>
- <Error>
<Code>AllAccessDisabled</Code>
<Message>All access to this object has been disabled</Message>
<RequestId>54FC1D0A87B5A2DA</RequestId>
<HostId>Zg4ivePXOWjm8SMJKXTr/mCRsBO+M2HeADghq35Y9lSMOT0/tnS1x6liTM57h3LP</HostId>
</Error>
[The text immediately above does not feature in the problem e-mail's "Message Source" Data but is the Error Message that the above URL routes to]
I would sincerely appreaciate any available asssistance in properly interpreting this "Message Source" Data to confirm exactly wha transpired and whether my account was or was not accessed or intruded upon and any resulting implications that there might be
for the security of the data in my account or on my computers.
Thank you, in advance.
Rgds
SDBB_869
FULL "MESSAGE SOURCE" DATA:
x-store-info:sbevkl2QZR7OXo7WID5ZcdV2tiiWGqTnNkQhn6V7ynajL8QyJSKDh5ApEI1ElUKaQceKeEl2tWVbpmNHqaDnQBzwBvVDbnEH00lZDv4Sdxm2atr4MpERGAm03K1SH+f+9X2CWewYcxE=
Authentication-Results: hotmail.com; spf=softfail (sender IP is 173.201.193.237)
smtp.mailfrom=********@hotmail.co.uk; dkim=none header.d=hotmail.co.uk; x-hmca=fail
header.id=********@hotmail.co.uk
X-SID-PRA: ********@hotmail.co.uk
X-AUTH-Result: FAIL
X-SID-Result: FAIL
X-Message-Status: n:n
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0xO0Q9MTtHRD0xO1NDTD0z
X-Message-Info: NhFq/7gR1vQ7QfrjP8uog8mjxf5gbI7DLae9jjHQE1IzxK6FpwYgQOj+YZKJcpqBwCRwIAkBJyKiyIpXsggGa2VQyC8q3ZWn6SaXjZDG0CS5glNwMoevkXv20OM4xdQZbUn6R12lkOC/wJTs0e5Rk40WUX/lSUcyqILoQIqsldrXYp/h4xly1xk194a+nJcEfs/uXTykZww9LsXkIMqlmC0o75wcb2Tw
Received: from p3plsmtpa09-08.prod.phx3.secureserver.net ([173.201.193.237]) by COL0-MC1-F11.Col0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4900);
Sun, 25 Aug 2013 23:50:52 -0700
Received: from maqgoogle2 ([157.56.161.86])
by p3plsmtpa09-08.prod.phx3.secureserver.net with
id HJqo1m00M1s8jzR01JqrM3; Sun, 25 Aug 2013 23:50:51 -0700
From: "********@hotmail.co.uk" <*********@hotmail.co.uk>
Subject: 8/26/2013 6:50:52 AM Document
To: *********@hotmail.co.uk
Content-Type: multipart/alternative; boundary="La5MuhTbbuFpcI=_pxOWA9GSMy2EUvhBot"
MIME-Version: 1.0
Reply-To: *********@hotmail.co.uk
Date: Mon, 26 Aug 2013 06:50:53 +0000
Message-Id: <201308260650527209CFAC1F$445583A187@MAQGOOGLE>
Return-Path: ********@hotmail.co.uk
X-OriginalArrivalTime: 26 Aug 2013 06:50:52.0269 (UTC) FILETIME=[9AF879D0:01CEA228]
This is a multi-part message in MIME format
--La5MuhTbbuFpcI=_pxOWA9GSMy2EUvhBot
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
https://s3.amazonaws.com/greg4gf/Document_938133.exe
=2E
--La5MuhTbbuFpcI=_pxOWA9GSMy2EUvhBot
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <html><=
head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Diso-=
8859-1">
<META name=3DGenerator content=3D7.10> <title>8/26/2013 6:50:52 AM D=
ocument</title>
</head>
<body> <P><A href=3D"https://s3.amazonaws.com/greg4gf/Document_938133=
=2Eexe"><IMG border=3D0 src=3D"http://s3.amazonaws.com/greg4gf/documen=
t48856.jpg"></A></p><p> </p><p> </p><p> </p><p> </=
p><p> </p><p> </p><p> </p><p> </p><p> </p><p>=
=2E</P></body>
</html>
--La5MuhTbbuFpcI=_pxOWA9GSMy2EUvhBot--
Recent Comments