woodcraft spam

Page 1 of 3  
I give every vendor I deal with a new and unique e-mail address.
Well, I started getting spam sent to the address that only I and Woodcraft know about. There are several possibilities
1) spammers used a dictionary to guess the account name, but "woodcraft" isn't a common dictionary word.
2) Spammers hacked my system. That's unlikely. I use a hardened Linux mail system behind a firewall with virus checking, etc.
3) Spammers got into the system that sends out the woodcraft e-mail messages.
I'm betting #3. Anyone else have collaborating evidence?
p.s. Borders also seems to like to help spammers...
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Yes I also assign different return addresses to different vendors and merchants. Just because of the complexity, I've standardized on about a half dozen addresses shared between dozens of vendors. Recently I've started getting spam to the address which Woodcraft and several other (apparently innocent) vendors share for my system. So here's your collaborating evidence. Now I know who sold or lost my address - thanks Woodcraft.
Jerry
--
Posted via a free Usenet account from http://www.teranews.com


Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Maybe. I have an email address that is never given out and is used strictly to send one piece of mail to one other controlled address a day. I still get spam. Could have been a guess by a spammer that knows Polish aircraft from WWII plus a couple of digits.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
wrote in message

Yup, and it's pure coincidence that spam started for Maxwell about the same time as mine. Like I said, I use that address for about a half dozen vendors so I couldn't narrow it down before. It is one hell of a coincidence the spammer is dictionary guessing two guys with Woodcraft accounts simultaneously. And I do monitor the mail logs on my server also, but recently cleaned out the spam trap, so now i'll pay a little more attention to particulars about this addresses spam, which it had gotten none for several years.
--
Posted via a free Usenet account from http://www.teranews.com


Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
wrote:

Severesky?
I'm am not a spammer.
--
LRod

Master Woodbutcher and seasoned termite
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Date: Sat, 25 Aug 2007 13:35:58 -0400 Subject: MarkedSPAM Who is that your with? lol
LMAO, I cant believe you put this video online. Everyone can see your face there. LOL see for yourself...
http://www.youtube.com/watch?v
ppVNLnZad
This youtube link is actually spoofed and goes to 65.167.186.170 a host at cfu.net and no I haven't gone there to see what adware or crap they could put on my computer.
--
Posted via a free Usenet account from http://www.teranews.com


Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

While this spam seems safe....

The HTML shows it as a youtube video, but the raw data has it going to an address that uses numbers instead of a hostname.
This I believe is the Peacomm/Storm virus. When you go there, it asks you to download a "Secure Login Applet" (applet.exe). And when you do, your machine becomes infected with the Trojan/virus. It's been a problem for IT people, because the applet morphs, making detection difficult.
I've seen this youtube virus send out text such as:
Jeez, what were you thinking? this is too crazy, but she was hot If your dad sees this video you made, he is gonna kill you. OMG, what are you doing man. This video of you is all over the net. HAHAHAHAHAHA, man your insane LMAO, your crazy man sheesh man, what are you thinkin Man you have got to tell me where you picked her up where did you hook up with that? You can see your face right in the video. its all over the web dude. You need to take this offline, it is in everyones email.
Checking the spam I got addressed to my woodcraft account, a lot of the spam looks like a virus/trojan attempt. (ecard, Storm), but then I see two stock spams for ERMX.
I guess that someone at Woodcraft or woodcraftnews got infected. Trouble was, the machine that was infected had my email account in the address book. I'm getting virus-based spam, and now stock spams sent to my woodcraft email account.
I'd guess the virus writers are working with the ERMX stock spammers.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Czapla RWD 14 It was a high wing recon plane.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

I'm seeing some words in your post that appear to be a contradictory...
All three of your possibilities seem to place the blame on actions taken solely by the spammers. However, you end your post with "Borders also seems to like to help spammers... "
To me, your use of the word "also" implies that you think Woodcraft helped make your e-mail address available to the spammers.
Are you placing blame on Woodcraft, the spammers, or a combination of the two?
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

If Woodcraft allowed (through incompetence) spammers to hack into their database, then yes, they are responsible as well. If they hired a software company to do this for them then this company deserves a share of the blame.
But this is still just a theory. Perhaps my machine was hacked.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Maxwell Lol wrote:

Given the precautions you've taken, I'm guessing you are exercising some sarcasm in the above statement.
Occam's razor seems to apply here.
--
If you're going to be dumb, you better be tough

Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Random guessing has a lot to do with it. If you want an email that gets little or no spam you need to google the email creation rules. They are similar to creating a good password
1) Letter and numbers 2) Don't use real words

Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

While theoretically true, I watch the logs on my mail server. I see each failed guess (I get a User Unknown). I don't see to many of these, and when I see a dictionary attempt in place, I firewall the server from the attacker, so they can no longer send e-mail.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

I'm seeing some words in your post that appear to be a contradictory...
All three of your possibilities seem to place the blame on actions taken solely by the spammers. However, you end your post with "Borders also seems to like to help spammers... "
To me, the use of the word "also" implies that you think Woodcraft had a hand in making your e-mail address available to the spammers.
Are you placing blame on Woodcraft, the spammers or both?
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Maxwell Lol wrote:

That would be "corroborating" unless you're expecting the collaborator(s) to be wreck readers and to 'fess up if were...
Have you asked Woodcraft?
--
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Oops. Yup. Freudian error. :-)

Yup. I have been completely ignored.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Maxwell Lol wrote:

What forum/technique did you use?
What are their published policies on e-commerce information?
--
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

I just sent them mail again, and added more names to the list of recipients. Perhaps they will answer.
I used the contact e-mail on ther woodcraft.com web site. I also used the whois address for woodcraft, and the abuse@ and postmaster@ address at both woodcraft.com and woodcraftnews.com
BTW - at least 51 attempts were made to send spam to that address - which my server blocked. Some leaked through.
Some of the spam that leaked through looked like the storm virus. Earlier ones looked like the greeting card spam.
I suspect a machine with the list of all of the woodcraftnews e-mail addresses was infected with a virus.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

I don't know that he's still there, but try don snipped-for-privacy@woodcraft.com
He works in the internet department, or did. Don't tell him Charlie Self sent you. As far as I know, since they let me go about 3-1/2 years ago, I'm still on their shit list.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
For some reason you have neglected to list possibility #4: Woodcraft sold their mailing list to whomever is spamming you. No hacking involved. Just a straight cash transaction.
Lee
--
To e-mail, replace "bucketofspam" with "dleegordon"

_________________________________
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Related Threads

    HomeOwnersHub.com is a website for homeowners and building and maintenance pros. It is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.