Trojans using mozilla and knoppix 3.4

[Meathopster]

For the last few days I have been using Knoppix 3.4 with myconfig and PH. (I destroyed my mbr mesing about with lycoris) However yesterday I received a msg from a postmaster from an email server informing me that an email could not be delivered because the recipient's mailbox was full. I've never heard of this person, so I certainly didn't intend sending them an email. Later in the day as I was sending an email, a mozilla dialogue poppped up to ask me if I wanted to send the email in plain text as the recipient was probably set up to reject html. As far as I was concerned I was sending a plain text email anyway. So I got to thinking whatt could be causing it? Is it likely that I have picked up some form of trojan etc. using knoppix? If so where will it be hiding, PH or myconfig file? Does anybody know?
Thanks in advance
Andrew

[Cuddles]

Meathopster,

Just as a first response on the subject....

I could never imagine something even "getting" through, let alone, doing something...

But, my guess, is that it will be in your /home area... having a v3.4 hard drive install, I looked in my /home location, and there, I found a .mozilla folder - If I was trying to locate anything, my first guess would be -=- personal settings and configurations = /home location.

As for the whole, rejecting mail thing... Check inside your mozilla settings - maybe you are "asking" for which version of sending? ( mine was defaulted to text-only, and give access to HTML email, but don't "default" to display HTML email, ask when I get an email that has HTML... )

But, then again, I use KMail for my email client, not in mozilla - this "default" could be different in mozilla from KMail... [?]

From, what I know of "trojans" and the "email" probs, most of them seem to attack the "Outlook", and all the other "variants", like Outlook, Outlook Express, clients - not sure if using "Netscape" they still apply... [?]

Hope this helps, at least a little,
Ms. Cuddles

[pau1knopp]

I'm with Ms. Cuddles on this one. Sounds like an unfortunate set of coinky dinks...

I infrequently receive legitimate return email (from work and my yahoo account) that say the mail server from company xxxx cannot receive my email for various reasons. I also am sure that I did not send the email. Most likely someone is spoofing my address to try to appear legitimate.

Many email clients (sounds like your version of mozmail as well) will ask for confirmation if sending in text (or html) format if that is not your selected default. Usually you can look in prefs and figure out how to turn that "feature" off.

As always, my recommendation would be to use text as your default format. More devices and software packages can read that format, and there is less opportunity for someone to monkey around with potentially nefarious html code.

[Cuddles]

Thanks pau1knopp, at least I don't feel so much like I was "going out on a limb" on my response....

Nice thing about receiving email with the "text-only" mode is, when you do get one of those HTML emails - mostly from the "wonderful world of telemarketers", you can out-right see everything about the email code, and the nice thing, I "knew" they were doing this, but, until I started receiving text-only HTML email - I never "saw" it, but, what has commonly been called "text-loading", I think thats the name for it -=- it is used for search engines, so that when someone does a "search" for certain words, there page gets into the search -=- here is a sample of the "text" that sits under one of my emails that came in as HTML ( for me, it all appears to be non-sense, but to a search engine, its a "golden" opportunity for this page to get included into someones search characteristics )

Code:

christian bemadden peal geocentric wisconsin tachometer afloat bluegill rendition whore baseline panama gilbertson cowslip allison anthracnose aseptic denunciate taxicab tiny cunard tent blotch privacy cynthia perk topnotch campaign son divalent appellate bison indigestion mysterious yipping bangkok windowsill chimera murky

Note, this text came in with an email that was HTML, this was the text page that came "under" it, and, sorry for the content of these words, some of them were not removed for content -=- these words were not as bad as I have seen in some of my HTML email lately - amazing some of the vulgarity that shows up in some of them...

Ms. Cuddles

[Meathopster]

Thanks both for your input. I've had some more mail returns this morning. This is the sort of thing:

Code:

This Message was undeliverable due to the following reason:

The user(s) account is temporarily over quota.

<andrewking@ntlworld.com>
<andrewl@ntlworld.com>

Please reply to Postmaster@ntlworld.com
if you feel this message to be in error.



Reporting-MTA: dns; mta2-win.server.ntlworld.com
Arrival-Date: Wed, 21 Jul 2004 14:19:56 +0100
Received-From-MTA: dns; cm218-254-187-100.hkcable.com.hk (218.254.187.100)

Final-Recipient: RFC822; <andrewking@ntlworld.com>
Action: failed
Status: 4.2.2

Final-Recipient: RFC822; <andrewl@ntlworld.com>
Action: failed
Status: 4.2.2



Subject:
hiAndrewkent
From:
"Tracie Doyle" <andrewkent@ntlworld.com>
Date:
Thu, 22 Jul 2004 06:20:55 -0700
To:
"Andrewkent" <andrewkent@ntlworld.com>

Andrewkent,@

75%off for all New Softwares.
WindowXP,Photoshop,Window2003...etcMore

http://kLHttCeU.alkccag.info/?pEruXGpEWZwibVVAfHgCI

--
drugstore anachronism lick mizar diabetic nyu ago quinine chancy runyon signor coolheaded illegitimate inexpensive faery coat bryozoa slight magma brig baleen vernon brassy brock

The email account in question receives 100+ junk mails daily!
I hope that you are right about spoofing, is it very common?

[champagnemojo]

Yes. It's very common. I get warnings that messages that I never sent are undeliverable and such all the time. I also receive messages that I know were not sent by the person spoofed. For example, I've gotten messages advertising illicit materials that spoofed coworkers' addresses. Although, I must admit, that those kind of amuse me.