This morning's crop of spam contained one from
(contents: "> Your important document, correction is finished!"
accompanied by the usual zip-file)
Is this the result of harvesting on the wreck or of infection?
Infection. And probably *not* in Steve's computer, either. The most likely
source is some third person who has both you and Steve in his Outlook address
book, and is infected by a virus that forges From: headers.
Doug Miller (alphageek-at-milmac-dot-com)
Get a copy of my NEW AND IMPROVED TrollFilter for NewsProxy/Nfilter
by sending email to autoresponder at filterinfo-at-milmac-dot-com
You must use your REAL email address to get a response.
*lots* of virus-type stuff grabs 'random' addresses from anywhere it can find
it on the HD of the local computer -- address-books, saved e-mail messages,
saved USENET articles, 'temporary' (cached) web-page copies, etc., etc.,
ad naseum. Literally -anything- that looks like : @.
is fair game.
There is a bunch of other stuff that specifically targetts addresses that have
been 'harvested' from USENET newsgroup postings. I see, literally, _doesns_
of attempts per day to the 'from' address on this posting. My psychic mail-
server, however, lets only those messages that are a 'reply' to the article
get through. :)
I havn't seen anything _to_ that address that had a forged sender that was
a real address, let alone a forged sender that was an 'in use' address for
postings to USENET.
Yes - I only talk about the well-known stuff, not the "exciting new
ideas in spam delivery" (as a recent flier flogging spam services put
it). There are ideas being offered for sale that the spammers aren't
even using yet.
Much of the really annoying spam these days comes from botnets of
0wn3d home-PCs, not from a few huge spamboilers in server bunkers.
Rather than the old way of large traded lists of target emails, many
of these bots are simply told "send some spam" and left to choose
their own targets - this is why you'll often receive many copies of
the same spam. Client-side spam targetting can be from a list the
'bot was given, or snooped from a local addressbook. If the client
runs OE for Usenet too, they're wide open for hosting a "thread
attack" like this.
I have seen spam/virus where they get two addresses from a person's
compromised computer, and sends a virus to one address with a faked
From: using the other address. This increases the changes that the
person will fall for the virus, because it increases the chances they
know the From: address. I see viruses from names I recognized, send by
a third part.
Sending unsolicited commercial e-mail to this account incurs a fee of
$500 per message, and acknowledges the legality of this contract.
It apparently is. Our first-level helldesk people _still_ don't get it,
despite having been told this, over and over and over and over, for years.
"...then we scanned (Joe's) system and it had no virus, so we're confused
and escalating it to the virus team". Again. and again. and again.
The global statement "A virus is never from who it claims to be from"
is true enough that exceptions would be, well, exceptional.
Add to the the dumba^H^H^H^H^Hfools who still configure their corporate
email virus scanners to send out the "you sent us an infected attachment"
replies. If everyone would just stop that, it would seriously limit the
number of times I have this conversation.
I've got one I'm having difficulty with :-).
I recently switched ISPs to one where my email address is xxx.intergate.xxx.
I started getting spam almost immediately, most of it addressed to
xxx.qaccess.xxx. Turns out one is an alias of the other.
But the qaccess address has never been used anywhere. I didn't even know it
How did the spammers get it?
BTW, it's easy for me to filter out anything with qaccess in the headers, so
the problem is more one of curiosity.
First thing to realize, is that it's not from Steve. Every outlook-enabled
virus in the last several years forges the From: on the email to look like
So. Someone who reads this group, is running windows, who is probably
running Outlook as an email client, and who has Mr. Rijckevorsel and
Steve Knight in their address book, and who is behind in their virus
updates, needs to go fix that. If you're reading this and have that
uneasy feeling that it might be you, please take care of it.
By the way, there's a free antivirus program which is excellent, at
http://www.grisoft.com/ - it gets the same virus definitions that
the Norton/Macafee folks do, but for personal use it's free. If
you're going to choose to run windows, there's no excuse not to use
a good antivirus program.
HomeOwnersHub.com is a website for homeowners and building and maintenance pros. It is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.