Hello,
I believe that my computer has been hacked into. Yesterday I got an
EMAIL FROM MY OWN EMAIL ADDRESS!  It contained the message "be very
careful".  I know that I did not send this message. I tried to view
the mail headers to see where the message really came from but it had
"IP unknown" for the soucre. For several months I have been getting
suspicious emails (most contain viruses which my virus scan takes care
of). They all come from sources that I can't track down. The emails
have gotten progressively more suspect because the subject lines have
become like the subject lines of valid emails that I normally get and
respond to.  I have a small business and it is like this individual is
desperately trying to get my attention and make me open these files.
Also I'm getting emails from  addresses that look identical to valid
email addresses of people and companies I deal with (but I know that
they are fake).
My questions:
1. Is it too late to put a firewall on?  If they have already hacked
their way in and provided a "back door" for themselves would a
firewall protect me?
2. I know that they can hack into files and search for credit card
info and passwords. As far as I know I do not keep that info in any
files but enter it each time I purchase online. Is my credit card info
at risk?
3. I use a DSL connection and am wondering how I can determine if my
IP address changes each time. If I change my IP address and computer
name would that prevent them from getting back in (assuming that's the
info they are using).
4. Is this type of thing considered serious enough to contact the
police?
5. The last email scared me and I have turned off that computer. I
need to know what to do so any info/links related to this problem
would help. I would hate to reformat but will if nothing else can
help.

Crabby

Hello crabapple,

This is a great series of questions. Hackers are a concern to all
internet users. I can offer you some insight to your questions, and
give you some great tips on protecting your computer. I suggest
following the order I have given to reduce the chances of any harm to
your computer. All of your questions are answered, but not in the
order you asked, simply because the order in which the solution is
given is important ;-) I will recap your questions at the end of this
answer in the order you gave the questions. (When I refer to scanner,
it means an up-to-date virus scan program, that has not be compromised
by a disabling virus.)


1) Run a virus scan. If you don't have a scanner, use this free online
source :
  
   HouseCall Online Virus Scanner
   http://housecall.trendmicro.com/

2) Once that is complete download an install this free AV program :
  
   http://www.grisoft.com/html/us_downl.htm#FREE

3) Run the above virus scan once installed. (Redundant, but worth it)

4) Download and run this free personal firewall :

   http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp

5) Activate the firewall, and run the anti virus resident shield.


Now to answer your questions, and offer insight as to how the process
above will help you in the future :

-------------------------------------------------------------------------------

1. Is it too late to put a firewall on?  If they have already hacked
their way in and provided a "back door" for themselves would a
firewall protect me?


No, it's not too late. What is important here, is that we give your
computer a clean bill of health before installing a firewall. If they
have indeed hacked your computer, and have 'learned' to bypass
firewall port protection, then yes - this 'backdoor' could remain
open. Clearing your computer of viruses and backdoor 'scripts' will
ensure that your ports are protected from a clean starting point.

-------------------------------------------------------------------------------

2. I know that they can hack into files and search for credit card
info and passwords. As far as I know I do not keep that info in any
files but enter it each time I purchase online. Is my credit card info
at risk?

Normally this information is not at risk. Data such as credit card
information does not get stored into personal password or information
files. No matter which browser you use, you will note that they only
store passwords and online form information such as address and name.
Password data is still encrypted. Your credit card information should
not be at risk if you do not have the numbers stored in a plain text
file, or in a third party program that does not encrypt this data.

-------------------------------------------------------------------------------

3. I use a DSL connection and am wondering how I can determine if my
IP address changes each time. If I change my IP address and computer
name would that prevent them from getting back in (assuming that's the
info they are using).

If you are using Windows 95/88 you can click on the Start button, then
select Run and type 'winipcfg'. This will pull up your assigned IP
addresses for your different connections. You can release the IP
address and get a new one. Even easier to do, is simply visit this
site :

What is My IP address.
http://www.whatismyipaddress.com

Changing your IP address or name is smart, but will not stop a
seasoned hacker. Following the steps in full that I have provided
should preclude you from having to do this.

-------------------------------------------------------------------------------

4. Is this type of thing considered serious enough to contact the
police?

Only if you are 100% positive, and have proof of foul play. Emails
such as yours are received by millions each day, and have
unfortunately become commonplace. Should you follow all of the steps
above, and are still certain that your computer is at risk, you should
contact your ISP first. They keep in- depth logs of email data that
would assist in tracking down the source. They would also be able to
advise you on further steps to take, and at least stop the email on
their servers.

-------------------------------------------------------------------------------
 
5. The last email scared me and I have turned off that computer. I
need to know what to do so any info/links related to this problem
would help. I would hate to reformat but will if nothing else can
help.

That's exactly how the person might want you to feel. I am certain,
that if you follow the steps I have provided, you should be able to
secure this computer. This brings me to the features of the free virus
scanner I recommended :

1) It scans all incoming and outgoing email messages. Their database
of worms, viruses, and other harmful 'products' are updated more often
that most 'pay for' virus scanners.

2) It contains all suspected items into a virus vault for deletion.
This ensures the item in question is not accidentally opened or left
around to infect other programs.

3) It's free, and works better than most I have used.



The personal firewall I pointed you to will watch all the ports on
your computer for strange activity. If you pay the extra money for the
full version, you can get detailed analysis of suspicious activities
on those ports. It's a very wise investment, and can help track down
the source of all activity ;-)


Of further note, when you receive an email from your own address, it
is almost certainly a virus. You can read more about mailer viruses
here :

Dangerous Viruses
http://homepage.tinet.ie/~leslie/testpage/junk.htm


In closing, I can confirm this is not unusual to feel targeted. I
often receive emails of the same nature, but in using the exact same
set up above, and having a working knowledge of the set up - nothing
gets to do any damage. Reformatting should be your very last resort.


To assist with the answer I searched Google for :

virus "from my own email address"
://www.google.com/search?q=virus+%22from+my+own+email+address%22



Please do not hesitate to ask for clarification. I am here to help and
look forward to assisting you as much as I can -

SgtCory

---

Clarification of Answer by sgtcory-ga on 13 Jun 2003 09:19 PDT

Hello again,

I should have noted that my answer was not soley based on the search I
performed at Google. I relied mostly on my experience in this field,
and provided the link as a means to bring more personal experience to
the answer. Should you be interested in learning more about securing
your computer, here are some great articles :

UW Security Tips
http://www.washington.edu/computing/virus.html

Network security (excellent stuff here)
http://www.cert.org/tech_tips/home_networks.html

Some Google searches that might provide some more great learning
opportunities include :

protecting my computer
://www.google.com/search?q=protecting+my+computer

home network security (applies to business as well)
://www.google.com/search?q=home+network+security


Thanks again for the excellent questions!
SgtCory

Anyone can send an email message that appears to be from anyone else's
email address. If I wanted to, I could send you an email message that
appeared to be from Bill Gates at Microsoft, or from you yourself. No
hacking is necessary; it's very easy.

It is rather easy to track most incoming email messages to their
source email SMTP servers. That usually identifies the ISP. To go
beyond that, that is, to identify the individual responsible for the
message, it's probably necessary to get law enforcement and the
justice system involved. To track an incoming message to its source
ISP, use SpamCop, a system designed to track and report spam email. Go
to
  http://spamcop.net/
and follow the instructions. When you get far enough to see the
results of SpamCop's analysis of the email message's headers, you can
cancel the rest, since you're not actually reporting spam. Or are you?

>> The emails
have gotten progressively more suspect because the subject lines have
become like the subject lines of valid emails that I normally get and
respond to. <<

That suggests spam. Spammers are very good at this. 

>> Also I'm getting emails from  addresses that look identical to
valid
email addresses of people and companies I deal with (but I know that
they are fake). <<

That suggests that someone with whom you have corresponded, or maybe
someone who just happens to have saved an email message on his own
computer that also contained your email address, is infected with a
mass-mailing worm like "Klez". When Klez or one of its relatives
infects a computer, it goes through many of that computer's files and
finds email addresses in them. It then sends infected email messages
to some of those addresses and uses other email addresses as the
"from" addresses. Note: it is not YOUR computer that is infected in
this scenario, it is someone else's. You are just one of many innocent
victims. So you get email messages that may appear to be from people
you know, and yes, other people are getting email messages that appear
to be from you.

Thank you sgtcory-ga and highroute-ga.  

The information has assured me that this was just some sort of spam
and not someone hacking into my computer.
Here's the reasons why I think this:
1. I go through a dsl modem and then through a router (as I have a
little network set up).  I understand that it is harder to hack
through a router.
2. I spoke with a friend who also received the exact same message the
same evening as I did. It was also made to look like she send it to
herself.

Actions Taken:
1. I have run the virus scans as suggested (in addition to the Panda
Software that I already had running)
2. I changed my computer name (although this probably doesn't matter)
3. I installed  ZoneAlarm
4. I ran SpyBot Search & Destroy 1.2

What I wish to know:
1. Is it legal to send emails from another person's email address?  I
think I will ask a lawyer and post the answer (if I get around-to-it).
2. If this is legal, then I would like to know how to send emails so
that they appear to be from someone else and not immediately obvious
where they came from.

If anyone has anything to share that would be great.