@Michael Re: Apoligies Re: Dearest

[Michael Schwendt]

On Tue, 04 Oct 2011 15:54:30 +0100, FM (Frank) wrote:

> > in the headers. Another indiciation that the Google Mail web interface
> > has not been abused by someone from Turkey.
> >
> 
> That is true, I did have to "logout all other sessins",
> and do you recoginse all recent activity" or similar words.
> It is also true that 6.02 is the current version of TB I use.

You would need to develop a theory why somebody else would forward a
message from one of your folders at GMail -- the spam message has been
received by you at GMail via your Fedora Project address alias on Oct 2nd
according to its headers -- using exactly the same Thunderbird version and
Linux OS version identifier, the same time-zone, the same machine
hostname, _and_ exactly your IP address at UPC Ireland.

> If you wan't to help.
> Can sonething be sent without me knowing about it?

Sure. With username and password, somebody can abuse your account via
IMAP, SMTP, POP, or even the web interface. Google Mail displays a list of
previous logins in its web interface. And by default, it stores copies of
messages sent via SMTP in the Sent folder.

> Is the fact that my isp email is routed through gmail a factor
> (plain password) pulled every 30\60 min?

Can you explain the setup in detail?

> rkhunter shows nothing.

There is a huge difference between capturing only a Google Mail account
passphrase and an entire Linux machine connected to the Internet.
You would need an even better theory about why somebody ("from Turkey")
with access to your computer would be so stupid and on your computer use
Thunderbird to forward a single spam message to a list you're subscribed
to. Much too big of a risk to be discovered. Rootkits exist in order to
retain access to a remote machine. They try to hide themselves.

-- 
Fedora release 16 (Verne) - Linux 3.1.0-0.rc8.git0.0.fc16.x86_64
loadavg: 0.01 0.05 0.05