Since yesterday, I receive forged mails which are targeted at me. They use personal information, seem to come from one of my friends and only contain links to these web sites:
http kaosbolaclothing.com/ceremonyemploy/Dean_Edwards28/
http www.sidat.com.mx/engagediatmosphere/Matthew_Bailey44/
(links disabled to prevent someone from accidentally following them).
What should I do now?
[EDIT] Some more information:
- The mail addresses me personally (by first name)
- The sender is the full name of my friend (no typos) but the attacker is using different sender emails (probably forged).
Here is the mail header (personal information replaced with ${...}
):
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset=utf-8
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1345684031; bh=GeuilzHJrvCxtRBuL4FZxQ7aXRM6tpTAePrK26c0570=; h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=Yr4o5RXwGl5U/PCXc8Fjb2jSCXJ+Tm2Hp2OIjZ5uLP896jlz7BL8fOzaFrDYfkHRnYjDCjUQh8ID/P1lFoFDvi7SNHZpK765gG6yyGfMqOk3Beoozxk60WsNoyy7+R/K/X+RQ+x7ZCWmwYaqDwIn9L0neohCsdKJGKtdZOPFyXM=
Date: Wed, 22 Aug 2012 18:07:11 -0700 (PDT)
Delivery-date: Thu, 23 Aug 2012 03:07:17 +0200
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=6LG8CeLCvrnyj4Nognto3b5cV3zLh/o3gtbFxCf0pYJHx3ulUef0M4XNTe9lU5WnIMwpZaBdaSrF7K31KcBvKwJJcbfwpKNGdezUfKNQC00Fmo4sUur9ZrehWrV+j97HmD/UlEcZKuFwE0Lrq1+MYItPkgEGCeOYaDWBAPqbNsI=;
Envelope-to: ${my email}
From: ${name of friend} <${different addresses}>
MIME-Version: 1.0
Message-ID: <1345684031.52519.YahooMailNeo@web163902.mail.gq1.yahoo.com>
Received:
from nm23-vm1.bullet.mail.ne1.yahoo.com ([98.138.91.50]) by www.hepe.com with smtp (Exim 4.72) (envelope-from <rosmery81jimenez@yahoo.com>) id 1T4LtC-0007qp-De for digulla@hepe.com; Thu, 23 Aug 2012 03:07:17 +0200
from [98.138.90.51] by nm23.bullet.mail.ne1.yahoo.com with NNFMP; 23 Aug 2012 01:07:12 -0000
from [98.138.89.174] by tm4.bullet.mail.ne1.yahoo.com with NNFMP; 23 Aug 2012 01:07:12 -0000
from [127.0.0.1] by omp1030.mail.ne1.yahoo.com with NNFMP; 23 Aug 2012 01:07:12 -0000
(qmail 52628 invoked by uid 60001); 23 Aug 2012 01:07:11 -0000
from [216.58.103.108] by web163902.mail.gq1.yahoo.com via HTTP; Wed, 22 Aug 2012 18:07:11 PDT
Reply-To: ${different addresses}
Return-path: <${different addresses}>
Subject: FOR ${my name}
To: ${my email}
X-Mailer: YahooMailWebService/0.8.121.416
X-Sender-Host-Country: USA
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on sebigbos.hepe.com
X-Spam-Status: No, score=-0.1 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE autolearn=unavailable version=3.3.1
X-YMail-OSG: grrWpYMVM1nX9hYw_uNTgdCPoNKWu5jkv0EmY0ZHG4tPd2O mRxwvLiQpCv.k64Dpw3ncbfn2yZ8BJSdT8MQfa30vkl_20DL1PRE.Znx._Cq 5nmBpOrqzrKpnI6FQWrv09oazY4eKdfYj4Tctb69dInKejxmOVmrJBDVT.Bg qe.buX4abq2f0JwUSlgieoxQcVlERFSy4ENI6.t633e4GCpKFaWn.5bJk_P5 VYpdFdVgBtyttRn6e1PQFCI4LkETAAzBcXtlcXf2yF5aL7C4SMWhbpXbbyN9 rOdZXO1vl_hxHl5wCY88YrPkKcm9QvRNHDdyIx0PrnEP3GYiLHPbl_4PoB6K m12Bda2O5ObmO8XC4_OOYc.xfkm8DKezgTyMlvooh1miYOyiELCNMhiTsdbq 4tPsZYnwmhGInOo4qnW6zZuhgIMtwmT2PYKubcjX1xWFNQUpKbAK1pdhEycK KcAiO.c43J1A3fnOZ1oNUeIttRKcRtKaRXjL35UmQadPYDIYQOjK9Dq1LCT3 6rSl2ROTg73gxGH_h1wpAb4A9XI0KCElRgIdLv5UQu5eACzNYq2dQo5J_SQP bGU9NyeEBuq9wZXgvMIKF
X-Yahoo-Newman-Id: 293921.35658.bm@omp1030.mail.ne1.yahoo.com
X-Yahoo-Newman-Property: ymail-3
- I'm pretty sure my server isn't hacked