Hotmail Account Hijacked - Need Help

Author	All Replies
b_zen Premium join:2002-07-24 Saint Louis, MO clubs: ·TTNet 2 edits	Hotmail Account Hijacked - Need Help Hello all, My friend's hotmail account has been hijacked and the password changed. The culprit keeps sending emails to all members of a mailing list my friend's on. By getting access to hotmail's password and then changing it, my friend's locked out and what's worse, the culprit has and is using his MSN Messenger account to do a little social engineering. You can imagine the mess. However, the culprit's latest message was sent yesterday Jan. 5th, and I asked to have a copy, opened the headers to full and got this. After doing a tracert and using any and all DNS / Whois / tools at my disposal, and my limited knowledge, I am stuck at the IP of the service provider. I know that we can send a mail to the provider's abuse dept. but since we are in Turkey, it can take ages for the provider to respond; service is null here. What we wish is to find out the exact location of the computer these messages are sent from. How can we do this? Here is message header: Message-ID: <BAY16-F74A9F7EF1690429D904B0CA920@phx.gbl> Received: from 85.97.129.79 by by16fd.bay16.hotmail.msn.com with HTTP; Wed, 05 Jan 2005 08:57:09 GMT X-Originating-IP: [85.97.129.79] X-Originating-Email: [(edited for privacy)@hotmail.com] X-Sender: (edited for privacy)@hotmail.com From: "" <(edited for privacy)@hotmail.com> To: (edited for privacy)@hotmail.com (they were many more addresses) Subject: abcdefg (edited for privacy). Date: Wed, 05 Jan 2005 08:57:09 +0000 Mime-Version: 1.0 Content-Type: text/plain; format=flowed X-Stn-Info: (message) This is the IP trace results: % This is the RIPE Whois query server #1. % The objects are in RPSL format. % % Rights restricted by copyright. % See http://www.ripe.net/db/copyright.html inetnum: 85.97.128.0 - 85.97.191.255 netname: TurkTelekom descr: Turk Telekom ADSL-200K_2 country: tr admin-c: TTBA1-RIPE tech-c: TTBA1-RIPE status: ASSIGNED PA mnt-by: as9121-mnt notify: ipg@telekom.gov.tr changed: ipg@telekom.gov.tr 20041214 source: RIPE route: 85.97.128.0/17 descr: TurkTelecom origin: AS9121 mnt-by: AS9121-MNT changed: ipg@turktelekom.com.tr 20041130 source: RIPE role: TT Administrative Contact Role address: Turk Telekom address: Bilisim Aglari Dairesi address: Aydinlikevler address: 06103 ANKARA phone: +90 312 313 1950 fax-no: +90 312 313 1949 e-mail: abuse@ttnet.net.tr admin-c: BADB3-RIPE tech-c: ZA66-RIPE tech-c: ZA196-RIPE tech-c: LA109-RIPE tech-c: NO638-RIPE nic-hdl: TTBA1-RIPE notify: ipg@turktelekom.com.tr mnt-by: AS9121-MNT changed: ipg@telekom.gov.tr 20000608 changed: ipg@telekom.gov.tr 20001020 changed: ipg@telekom.gov.tr 20010615 changed: ipg@turktelekom.com.tr 20040903 source: RIPE I know whoever is doing this is using Turk Telekom ADSL services. As a user myself, I know we have DYNAMIC IP's only, so the IP may have changed already... How can we trace X-Originating-IP: [85.97.129.79] to find the physical location? What are the solutions? Thanks for any help, input you can give, B_ZEN -- UWB over Wire is the future!
	to forum · permalink · · 2005-01-06 06:17:56 ·
Cudni La Merma - Vigilado Premium,MVM join:2003-12-20 Someshire	report it »lc1.law13.hotmail.passport.com/c···info.asp "... If you have received abusive, harassing, or threatening e-mail messages from an MSN Hotmail account, follow the steps below to report it. To report junk e-mail, please see the "Report junk e-mail to MSN Hotmail" section above. 1. Turn on full message headers. MSN Hotmail will need this information to identify the true origin of the abusive message you received: * If you have an MSN Hotmail account, click Options in the upper-right corner of any page. Click Mail on the left side, and then click Mail display settings. Next to Message headers, click Full, and then click OK. * If you do not have an MSN Hotmail account, consult your e-mail program's online Help to determine how to view full message header information. 2. Forward a complete copy of the abusive message (including the full message header) to abuse@hotmail.com...." Cudni
	to forum · permalink · · 2005-01-06 06:23:45 ·
b_zen Premium join:2002-07-24 Saint Louis, MO clubs: ·TTNet	Thanks Cudni, We will report it, however, should we cut the account off, we'd most likely loose any threads or future IP info, hence losing all chances of finding the person. Do you have information on how to find the physical address of the computer used? What we really want is to send the Cops knocking at his/her door. -- UWB over Wire is the future!
	to forum · permalink · · 2005-01-06 06:31:25 ·


Friday, 27-Nov 10:35:08	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com.republican-creole page compression OFF