Steve Knight spam

Page 1 of 2  
This morning's crop of spam contained one from
(contents: "> Your important document, correction is finished!" accompanied by the usual zip-file)
Is this the result of harvesting on the wreck or of infection? PvR
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Infection. And probably *not* in Steve's computer, either. The most likely source is some third person who has both you and Steve in his Outlook address book, and is infected by a virus that forges From: headers.
-- Regards, Doug Miller (alphageek-at-milmac-dot-com)
Get a copy of my NEW AND IMPROVED TrollFilter for NewsProxy/Nfilter by sending email to autoresponder at filterinfo-at-milmac-dot-com You must use your REAL email address to get a response.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Note to self: before posting responses, check to see if anyone else has written essentially the same thing. Again.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

likely source is some third person who has both you and Steve in his Outlook address book, and is infected by a virus that forges From: headers.

*** Thanks. Assuming that the virus makes random combinations it is quite possible that Steve got one with my address? Just great. PvR
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

not yet anyway (G)
--
Knight-Toolworks & Custom Planes
Custom made wooden planes at reasonable prices
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Sat, 04 Dec 2004 12:20:07 GMT, snipped-for-privacy@milmac.com (Doug Miller) wrote:

And the second most likely source is something that posts spam with to-from addresses based on threading from Useent .
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Andy Dingley wrote:

Wow. Do you know if they do that, yet? That's brilliant, if they do.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

*lots* of virus-type stuff grabs 'random' addresses from anywhere it can find it on the HD of the local computer -- address-books, saved e-mail messages, saved USENET articles, 'temporary' (cached) web-page copies, etc., etc., ad naseum. Literally -anything- that looks like : @. is fair game.
There is a bunch of other stuff that specifically targetts addresses that have been 'harvested' from USENET newsgroup postings. I see, literally, _doesns_ of attempts per day to the 'from' address on this posting. My psychic mail- server, however, lets only those messages that are a 'reply' to the article get through. :)
I havn't seen anything _to_ that address that had a forged sender that was a real address, let alone a forged sender that was an 'in use' address for postings to USENET.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
wrote:

Yes - I only talk about the well-known stuff, not the "exciting new ideas in spam delivery" (as a recent flier flogging spam services put it). There are ideas being offered for sale that the spammers aren't even using yet.
Much of the really annoying spam these days comes from botnets of 0wn3d home-PCs, not from a few huge spamboilers in server bunkers. Rather than the old way of large traded lists of target emails, many of these bots are simply told "send some spam" and left to choose their own targets - this is why you'll often receive many copies of the same spam. Client-side spam targetting can be from a list the 'bot was given, or snooped from a local addressbook. If the client runs OE for Usenet too, they're wide open for hosting a "thread attack" like this.
--
Smert' spamionam

Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

I have seen spam/virus where they get two addresses from a person's compromised computer, and sends a virus to one address with a faked From: using the other address. This increases the changes that the person will fall for the virus, because it increases the chances they know the From: address. I see viruses from names I recognized, send by a third part.
--
Sending unsolicited commercial e-mail to this account incurs a fee of
$500 per message, and acknowledges the legality of this contract.
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
this the result of harvesting on the wreck or of infection?

address
This must be a difficult concept to grasp, as I have to have the above conversation with certain clients over and over.
todd
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

It apparently is. Our first-level helldesk people _still_ don't get it, despite having been told this, over and over and over and over, for years. "...then we scanned (Joe's) system and it had no virus, so we're confused and escalating it to the virus team". Again. and again. and again.
The global statement "A virus is never from who it claims to be from" is true enough that exceptions would be, well, exceptional.
Dave Hinz
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
wrote in message news:XXhsd.1828>

likely
Add to the the dumba^H^H^H^H^Hfools who still configure their corporate email virus scanners to send out the "you sent us an infected attachment" replies. If everyone would just stop that, it would seriously limit the number of times I have this conversation.
todd
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Todd Fatheree wrote:

I've got one I'm having difficulty with :-).
I recently switched ISPs to one where my email address is xxx.intergate.xxx. I started getting spam almost immediately, most of it addressed to xxx.qaccess.xxx. Turns out one is an alias of the other.
But the qaccess address has never been used anywhere. I didn't even know it existed.
How did the spammers get it?
BTW, it's easy for me to filter out anything with qaccess in the headers, so the problem is more one of curiosity.
--
Homo sapiens is a goal, not a description.

Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
"Larry Blanchard" wrote in message

xxx.intergate.xxx.
it
Might want to go here and do some reading, particularly the section on "envelope headers":
http://www.stopspam.org/email/headers.html
--
www.e-woodshop.net
Last update: 11/06/04
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Larry Blanchard wrote:

Generally they'll prune the ones that bounce.

--
--John
Reply to jclarke at ae tee tee global dot net
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

nope not mine. between spamcop and not opening attachments and AVG I am pretty secure. but since I don't mung my email I am all over (G)
--
Knight-Toolworks & Custom Planes
Custom made wooden planes at reasonable prices
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

First thing to realize, is that it's not from Steve. Every outlook-enabled virus in the last several years forges the From: on the email to look like someone else.
So. Someone who reads this group, is running windows, who is probably running Outlook as an email client, and who has Mr. Rijckevorsel and Steve Knight in their address book, and who is behind in their virus updates, needs to go fix that. If you're reading this and have that uneasy feeling that it might be you, please take care of it.
By the way, there's a free antivirus program which is excellent, at http://www.grisoft.com/ - it gets the same virus definitions that the Norton/Macafee folks do, but for personal use it's free. If you're going to choose to run windows, there's no excuse not to use a good antivirus program.
Dave Hinz
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Dave Hinz wrote:

Hrm.
KMail: 1.7 KNode: 0.8.0
I'm clean. :)
--
Michael McIntyre ---- Silvan < snipped-for-privacy@users.sourceforge.net>
Linux fanatic, and certified Geek; registered Linux user #243621
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

I knew it wasn't you, Silvan!

Indeed. I'm more gnomish most weeks, but yeah, it's not either of us, that much is clear.
Dave
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Site Timeline

Related Threads

    HomeOwnersHub.com is a website for homeowners and building and maintenance pros. It is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.