Results 1 to 18 of 18
  1.    #1  
    I'm sitting at home, up to my eyeballs in the flu. I just got a ring from our IT manager at work. I run a mailserver which services a whole bunch of treo email users (some using chattermail). One user is generating loads of random spam.

    So I checked the logs. The spam is being generated by an authenticated SMTP login (her name and password), with the source IP being a Vodafone NZ GPRS IP address, even their internal NAT address appears confirming it is from their network.

    Then it turns out she recently (Friday) swapped her Treo 650 out as it was resetting a lot.

    So, I have what appears to be a device on the mobile network we use, logging in with her username and password for an email account she only uses on her treo. If a hacker had her login details it would be unlikely they'd use the Vodafone network to spam from as it would be extremely expensive for them.

    The logical conclusion is that her Treo 650 has been comprimised with some sort of worm, virus, or spyware.

    Has anyone else had unusual reset problems, or spam problems with email accounts recently?

    Or even better identified any Treo spyware?
  2. #2  
    ...when I saw the title of your thread I assumed it was about that "Bluetooth" virus we all heard about a few months ago, and I prepared a sufficiently smart-*** response. After actually reading it? Well, now I'm just scared. Somebody hold me.
    Go here if you're tired of being .
    It'll be fun.
  3. #3  
    If this isn't a true Treo "virus" (generating from the actual Treo unit and not from the server the Treo is connected to), it will only be a matter of time before the virus writers get bored with the PC and head for smartphones.. . . . .

    If so, I hope Norton, MacFee and others are not far behind. . . . . .

    Cheers, Perry



    Vulcan: Please keep us posted as to the source of the problem and whether it truly is an infected Treo.
  4. #4  
    WHERE is my Treo Antivirus software? We've gotta actually HAVE viruses before we get the software to protect us? That sucks.
    Go here if you're tired of being .
    It'll be fun.
  5. BrettS's Avatar
    Posts
    211 Posts
    Global Posts
    214 Global Posts
    #5  
    I would be quite surprised to discover that there really is some sort of malware on this woman's treo, but it is a possibility. I'd first suggest asking her to shut off the phone for a few hours to see if the mail stops. My guess is that it won't, but that would help determine where the problem lies. I have some more thoughts on why I don't believe this is a Treo (or palm) virus, but I'll have to wait until I'm on a PC to type them.

    Good luck,
    Brett
  6. #6  
    IP's are easily spoofed. While it may appear to be from Voda's network with legit internal/external IP's it may really be a spammer tricking your server into sending out their messages.
    .
  7. #7  
    Interesting. The other night I was up late and observed my Treo650 send at 0300 a brief message somewhere. To my knowledge, I have not authorized any such application behavior. Anyone have any idea wht might be going on?
  8.    #8  
    Quote Originally Posted by skillllllz
    IP's are easily spoofed. While it may appear to be from Voda's network with legit internal/external IP's it may really be a spammer tricking your server into sending out their messages.
    Umm yes, but we have some seriously good firewalling. My role is actually involved on the networking security side of things, the Treo mail server is simply a side product of me being an old school treo fan. Its also unusual that the internal vodefone IP was shown in the header, something a spoofer would unlikely to bother replicating.

    We've come to the conclusion its either malware or chattermail crapped out. After further checking it appears that she resync'd her email box and had 900 emails in it. All the spams we got appear to random selections of emails to "all" within our organisation. So I need to followup with the Chattermail writer to see if this is a possibility.
  9. #9  
    I've had a few probelms with new installations of chatteremail. Twice when installing the inbox isn't created correctly and during the first IMAP sync my inbox email from the server is dumped directly into the chatteremail outbox. So then chatteremail sends out *my* received email back out via my SMTP. It fired out 200+ emails the first time and caused some crazy problems. It sounds like something similar could have happened with her.
  10.    #10  
    Quote Originally Posted by breezin
    I've had a few probelms with new installations of chatteremail. Twice when installing the inbox isn't created correctly and during the first IMAP sync my inbox email from the server is dumped directly into the chatteremail outbox. So then chatteremail sends out *my* received email back out via my SMTP. It fired out 200+ emails the first time and caused some crazy problems. It sounds like something similar could have happened with her.

    Thankyou, this is what I believe has happened. Very strange though.
  11. #11  
    Regarding the software to protect the Treo...

    I'm using Symantec Antivirus for wireless devices and it works fine.
    There is also a Norton Antivirus for handhelds that will do the job.

    Just for you're info there are some "viruses" for that platform:

    Palm.liberty.A ( trojan)
    Palm.Phage.A ( virus)
    Palm.Vapor.A (trojan)
    Palm.MtxII.a (Trojan).

    So regarding the idea of creating SPAM. It's easy to use a treo 650 to Spam if a legitimate account is used.
  12. #12  
    just out of curiousity, if my treo was infected by a virus rendering it unusable, would it be covered by sprint's lockline insurance?
  13. #13  
    Idealy,

    viruses only can damage your software, so a new ROM will recover your phone.

    I've said Idealy becouse in theory you can damage any kind of EPROM or Flash ROM by sending to many signals ( voltage power ) repetly.

    PD: sorry if my english is not as good as desired.

  14. #14  
    thanks, that's what i thought...
  15. #15  
    So as of yesterday my beloved Treo 650's battery started draining in 4 hours flat. Out of nowhere. It was working fine on Tuesday, I charged it while I slept all night long. Got up and 1/2 thru the day I got an error on the screen saying battery was almost gone, recharge now. I have no idea how, where, or when, but I do know this is really bizarre.

    Called palm support and they are sending me a new phone since its only 3 months old, but I did ask if there was a virus, because doesn't the Cabir virus have this exact characteristic? Support said they hadn't heard of anything.

    I figured I'd do a quick google and see if anything came up. Sure enough this thread popped right up. Also, for the past month or so, it would lock up and reset itself, or I wouldn't be able to make a call and would get some error message at the top of the screen (initials of some sort) saying it could only be used for emergency call.

    Anyway, just thought I'd throw my story in, and see if anyone else has had this happen.
  16. zorz's Avatar
    Posts
    20 Posts
    Global Posts
    25 Global Posts
    #16  
    Quote Originally Posted by breezin
    I've had a few probelms with new installations of chatteremail. Twice when installing the inbox isn't created correctly and during the first IMAP sync my inbox email from the server is dumped directly into the chatteremail outbox. So then chatteremail sends out *my* received email back out via my SMTP. It fired out 200+ emails the first time and caused some crazy problems. It sounds like something similar could have happened with her.
    Yep, same problem here when setting up POP account for the first time - Chattermail sent out replies to all my messages in the inbox. I thought I didn't set up correctly and blamed myself. The problem never reoccured.
    Ed
    zorz.net
    Palm III > Palm V > palm Vx > Palm m500 > Sony Clie SJ33 > Palm Treo 650
  17. #17  
    Quote Originally Posted by skillllllz
    IP's are easily spoofed. While it may appear to be from Voda's network with legit internal/external IP's it may really be a spammer tricking your server into sending out their messages.
    You can't TCP spoof an interactive session like what is required for SMTP.
  18. #18  
    Quote Originally Posted by Kasmir
    Interesting. The other night I was up late and observed my Treo650 send at 0300 a brief message somewhere. To my knowledge, I have not authorized any such application behavior. Anyone have any idea wht might be going on?
    You have Snappermail and it's "Doing 3 am tasks".

Posting Permissions