TriumphPC - Washington, DC

If you have received an Unsolicited Email Advertisement (spam) that references a triumphpc.com user in the From: line of the message, please be aware that: 1) the user DOES NOT exist on our system and the email account indicated on the From: line of the message is fake and was forged (by the spammer); 2) the spam was not sent from our server; and 3) we do not have your name on a list. In fact, we have no knowledge of you at all.

TriumphPC.com has been the victim of repeated (and ongoing) "Joe Job" attacks by an unknown individual or group. The goal of a "Joe Job" attack is to systematically overload the victim's server (ours) with a large quantity of "bounced" (returned) email messages for the purpose of disabling or shutting it down. The attacker(s) forged our domain name (triumphpc.com) into the From: line of thousands and perhaps millions of spams which were then sent to innocent persons like yourself.

Unfortunately, because the spammer likely used some type of automated program or script to randomly generate the address portions (headers) of the messages, the exact contents and return addresses vary, making it impossible for us to know the actual contents of the message you received or the name and email address which the attacker forged into the From: line. Although the message you received is likely different, here is a sample of one of the spams we have seen (the first part is the header section, which is usually hidden until you ENable "Full Header" mode in your email program):

Return-Path: <Dianew2Hutchins@triumphpc.com>
Received: (qmail 77640 messnum 3614595 invoked from network[67.138.20.86/67-138-20-86.dr01.tntw.in.frontiernet.net]); 17 Sep 2006 16:50:40 -0000
Received: from 67-138-20-86.dr01.tntw.in.frontiernet.net (HELO lumpur) (67.138.20.86)
by mail16.svc.cra.dublin.eircom.net (qp 77640) with SMTP; 17 Sep 2006 16:50:40 -0000
Received: from ltv
by triumphpc.com with SMTP id yzYtnD6nC0
for <jadee@eircom.net>; Sun, 17 Sep 2006 11:49:43 +0600
From: "Catherine Lake" <Dianew2Hutchins@triumphpc.com>
To: jadee@eircom.net
Subject: Fwd: ..
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

You have seen it on "60 Minutes" and read the BBC News report -- now find out just what everyone is talking about.
# Suppress your appetite and feel full and satisfied all day long
# Increase your energy levels
# Lose excess weight
# Increase your metabolism
# Burn body fat
# Burn calories
# Attack obesity
And more..

http://www.gowhateverforu.com/

# Suitable for vegetarians and vegans
# MAINTAIN your weight loss
# Make losing weight a sure guarantee
# Look your best during the summer months

http://www.gowhateverforu.com/

Regards,
Dr. Christine Ibarra

you have to be careful. "And I only have one of those,he said, and began to laugh wildly in the empty room in front of the hateful Royal with its gap-toothed grin.
Ill get the champagne!

--1158511841eircom.net3614595--

Again, please be aware that the spam you received will probably be different from the example cited above.

IMPORTANT: The IP address in the header's first 1 or 2 Received: lines (which we highlighted in red for clarity) is the sender's REAL home address (the Internet address of the computer he sent the message from): 67.138.20.86. The sender in the From: line, "Catherine Lake" <Dianew2Hutchins@triumphpc.com>, does not exist on our system and was forged by the attacker.

While it is possible to forge the From: line in a spam, it is NOT possible to forge the sender's (source) IP address in the Received: line. This means that the computer or server that was used to send the email can be found and shut down with a small bit of Internet detective work. In less time than it takes to drink a cup of coffee, you can identify the source of the spam and help to curb this Internet nonsense at the same time. Here's the simple 2-step process (you might want to print this procedure out as it will work equally well for the rest of the rubbish that fills your email inbox every day!):

1. In your email program's Options/Preferences, ENable "Full Headers" (or similar).
Once ENabled, you should see the message's source and tracking information. Here is an example of the header section from the previous example (above):

Return-Path: <Dianew2Hutchins@triumphpc.com>
Received: (qmail 77640 messnum 3614595 invoked from network[67.138.20.86/67-138-20-86.dr01.tntw.in.frontiernet.net]); 17 Sep 2006 16:50:40 -0000
Received: from 67-138-20-86.dr01.tntw.in.frontiernet.net (HELO lumpur) (67.138.20.86)
by mail16.svc.cra.dublin.eircom.net (qp 77640) with SMTP; 17 Sep 2006 16:50:40 -0000
Received: from ltv
by triumphpc.com with SMTP id yzYtnD6nC0
for <jadee@eircom.net>; Sun, 17 Sep 2006 11:49:43 +0600
From: "Catherine Lake" <Dianew2Hutchins@triumphpc.com>
To: jadee@eircom.net
Subject: Fwd: ..
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Your are ONLY interested in the IP address contained in the first (top) Received: line. Notice that this message was actually sent from 67.138.20.86, which is a computer within the frontiernet.net domain (not triumphpc.com!).
REMEMBER: The only part of the headers that an attacker CANNOT forge are the
Received: lines. The EMAIL ADDRESS in the From: line CAN BE FORGED. This is where the attacker wants you to believe the mail is coming from -- but it is NOT. The From: line in spam is nearly always fake and worthless.

2. Go to SpamID.net, paste the full header (from the spam YOU received, not the example above!) into the The Spam Reporter's Enter email headers: box and click the Prepare email button. In a few seconds, SpamID will tell you exactly who to send an Abuse report to. Follow the instructions on that page.

 

Again, we apologize for the inconvenience and appreciate your assistance in combating this abuse.
The Staff of TriumphPC.com

9541 (1, 5)