This morning's crop of spam contained one from
<[email protected]>
(contents: "> Your important document, correction is finished!"
accompanied by the usual zip-file)
Is this the result of harvesting on the wreck or of infection?
PvR
On Sat, 04 Dec 2004 21:45:33 -0800, Tim Douglass
<[email protected]> wrote:
>
>Take another look at Eudora. I just set someone up on Eudora 6 to get
>them away from a marginally functional OE setup. It imported all their
>messages, mailboxes and addresses just fine. I won't guarantee it, but
>the import function has gotten a lot better in the last release or
>two.
Most of my 170 staff were using Eudora but during the past 3-4 months
we have been slowly migrating to Thunderbird: it is a more up-to-date
interface. For example, it provides message threading.
On Sat, 4 Dec 2004 10:20:21 +0100, P van Rijckevorsel <[email protected]> wrote:
> This morning's crop of spam contained one from
><[email protected]>
>
> (contents: "> Your important document, correction is finished!"
> accompanied by the usual zip-file)
>
> Is this the result of harvesting on the wreck or of infection?
First thing to realize, is that it's not from Steve. Every outlook-enabled
virus in the last several years forges the From: on the email to look like
someone else.
So. Someone who reads this group, is running windows, who is probably
running Outlook as an email client, and who has Mr. Rijckevorsel and
Steve Knight in their address book, and who is behind in their virus
updates, needs to go fix that. If you're reading this and have that
uneasy feeling that it might be you, please take care of it.
By the way, there's a free antivirus program which is excellent, at
http://www.grisoft.com/ - it gets the same virus definitions that
the Norton/Macafee folks do, but for personal use it's free. If
you're going to choose to run windows, there's no excuse not to use
a good antivirus program.
Dave Hinz
On Sat, 04 Dec 2004 12:20:07 GMT, Doug Miller <[email protected]> wrote:
> Infection. And probably *not* in Steve's computer, either. The most likely
> source is some third person who has both you and Steve in his Outlook address
> book, and is infected by a virus that forges From: headers.
Note to self: before posting responses, check to see if anyone else has
written essentially the same thing. Again.
Dave Hinz wrote:
> updates, needs to go fix that. If you're reading this and have that
> uneasy feeling that it might be you, please take care of it.
Hrm.
KMail: 1.7
KNode: 0.8.0
I'm clean. :)
--
Michael McIntyre ---- Silvan <[email protected]>
Linux fanatic, and certified Geek; registered Linux user #243621
http://www.geocities.com/Paris/Rue/5407/
http://rosegarden.sourceforge.net/tutorial/
On Sat, 04 Dec 2004 08:07:37 -0500, Silvan <[email protected]> wrote:
> Dave Hinz wrote:
>
>> updates, needs to go fix that. If you're reading this and have that
>> uneasy feeling that it might be you, please take care of it.
>
> Hrm.
> KMail: 1.7
> KNode: 0.8.0
I knew it wasn't you, Silvan!
> I'm clean. :)
Indeed. I'm more gnomish most weeks, but yeah, it's not either of us,
that much is clear.
Dave
On Sat, 4 Dec 2004 08:01:52 -0600, Todd Fatheree <[email protected]> wrote:
> "Doug Miller" <[email protected]> wrote in message news:XXhsd.1828> >Is
> this the result of harvesting on the wreck or of infection?
>>
>> Infection. And probably *not* in Steve's computer, either. The most likely
>> source is some third person who has both you and Steve in his Outlook
> address
>> book, and is infected by a virus that forges From: headers.
>
> This must be a difficult concept to grasp, as I have to have the above
> conversation with certain clients over and over.
It apparently is. Our first-level helldesk people _still_ don't get it,
despite having been told this, over and over and over and over, for years.
"...then we scanned (Joe's) system and it had no virus, so we're confused
and escalating it to the virus team". Again. and again. and again.
The global statement "A virus is never from who it claims to be from"
is true enough that exceptions would be, well, exceptional.
Dave Hinz
Todd Fatheree wrote:
> "Doug Miller" <[email protected]> wrote in message news:XXhsd.1828> >Is
> this the result of harvesting on the wreck or of infection?
>>
>> The most
>> likely source is some third person who has both you and Steve in his
>> Outlook address
>> book, and is infected by a virus that forges From: headers.
>
> This must be a difficult concept to grasp, as I have to have the above
> conversation with certain clients over and over.
>
I've got one I'm having difficulty with :-).
I recently switched ISPs to one where my email address is xxx.intergate.xxx.
I started getting spam almost immediately, most of it addressed to
xxx.qaccess.xxx. Turns out one is an alias of the other.
But the qaccess address has never been used anywhere. I didn't even know it
existed.
How did the spammers get it?
BTW, it's easy for me to filter out anything with qaccess in the headers, so
the problem is more one of curiosity.
--
Homo sapiens is a goal, not a description.
>Thanks. Assuming that the virus makes random combinations it is quite
>possible that Steve got one with my address? Just great.
>PvR
not yet anyway (G)
--
Knight-Toolworks & Custom Planes
Custom made wooden planes at reasonable prices
See http://www.knight-toolworks.com For prices and ordering instructions.
> On Sat, 04 Dec 2004 12:20:07 GMT, Doug Miller <[email protected]> wrote:
> > Infection. And probably *not* in Steve's computer, either. The most
likely source is some third person who has both you and Steve in his Outlook
address book, and is infected by a virus that forges From: headers.
> Dave Hinz <[email protected]> schreef
> Note to self: before posting responses, check to see if anyone else has
> written essentially the same thing. Again.
***
Thanks. Assuming that the virus makes random combinations it is quite
possible that Steve got one with my address? Just great.
PvR
look into thunderbird from Mozilla
Steve Knight wrote:
>
>>Take another look at Eudora. I just set someone up on Eudora 6 to get
>>them away from a marginally functional OE setup. It imported all their
>>messages, mailboxes and addresses just fine. I won't guarantee it, but
>>the import function has gotten a lot better in the last release or
>>two.
>>
> I think I tried it and found a bug that really caused a hassle. it was one
> of the boxes I wanted left blank and it would not let me. no matter what
> number I entered it was not right even though I used the rule it said was
> right. and I could not get it past that point. it was the same on my
> wife's computer and mine.
On Sat, 04 Dec 2004 12:20:07 GMT, [email protected] (Doug Miller)
wrote:
>The most likely
>source is some third person who has both you and Steve in his Outlook address
>book, and is infected by a virus that forges From: headers.
And the second most likely source is something that posts spam with
to-from addresses based on threading from Useent .
"Larry Blanchard" wrote in message
> I recently switched ISPs to one where my email address is
xxx.intergate.xxx.
> I started getting spam almost immediately, most of it addressed to
> xxx.qaccess.xxx. Turns out one is an alias of the other.
>
> But the qaccess address has never been used anywhere. I didn't even know
it
> existed.
>
> How did the spammers get it?
Might want to go here and do some reading, particularly the section on
"envelope headers":
http://www.stopspam.org/email/headers.html
--
www.e-woodshop.net
Last update: 11/06/04
In article <[email protected]>, "P van Rijckevorsel" <[email protected]> wrote:
>This morning's crop of spam contained one from
><[email protected]>
>
>(contents: "> Your important document, correction is finished!"
>accompanied by the usual zip-file)
>
>Is this the result of harvesting on the wreck or of infection?
Infection. And probably *not* in Steve's computer, either. The most likely
source is some third person who has both you and Steve in his Outlook address
book, and is infected by a virus that forges From: headers.
--
Regards,
Doug Miller (alphageek-at-milmac-dot-com)
Get a copy of my NEW AND IMPROVED TrollFilter for NewsProxy/Nfilter
by sending email to autoresponder at filterinfo-at-milmac-dot-com
You must use your REAL email address to get a response.
Love the message threading but I'm missing the right click "open in new
tab" from Netscape. Any way to get that operational?
bob g.
GregP wrote:
> On Sat, 04 Dec 2004 21:45:33 -0800, Tim Douglass
> <[email protected]> wrote:
>
>
>>Take another look at Eudora. I just set someone up on Eudora 6 to get
>>them away from a marginally functional OE setup. It imported all their
>>messages, mailboxes and addresses just fine. I won't guarantee it, but
>>the import function has gotten a lot better in the last release or
>>two.
>
>
> Most of my 170 staff were using Eudora but during the past 3-4 months
> we have been slowly migrating to Thunderbird: it is a more up-to-date
> interface. For example, it provides message threading.
Larry Blanchard wrote:
> Todd Fatheree wrote:
>
>> "Doug Miller" <[email protected]> wrote in message news:XXhsd.1828> >Is
>> this the result of harvesting on the wreck or of infection?
>>>
>>> The most
>>> likely source is some third person who has both you and Steve in his
>>> Outlook address
>>> book, and is infected by a virus that forges From: headers.
>>
>> This must be a difficult concept to grasp, as I have to have the above
>> conversation with certain clients over and over.
>>
>
> I've got one I'm having difficulty with :-).
>
> I recently switched ISPs to one where my email address is
> xxx.intergate.xxx. I started getting spam almost immediately, most of it
> addressed to
> xxx.qaccess.xxx. Turns out one is an alias of the other.
>
> But the qaccess address has never been used anywhere. I didn't even know
> it existed.
>
> How did the spammers get it?
Random generation. Once in a while I get SPAM that is addressed to
[email protected], [email protected],
[email protected], [email protected],
[email protected], [email protected],
[email protected] . . .
Generally they'll prune the ones that bounce.
>
> BTW, it's easy for me to filter out anything with qaccess in the headers,
> so the problem is more one of curiosity.
>
--
--John
Reply to jclarke at ae tee tee global dot net
(was jclarke at eye bee em dot net)
"Brett A. Thomas" <[email protected]> writes:
> Andy Dingley wrote:
>> And the second most likely source is something that posts spam with
>> to-from addresses based on threading from Useent .
>
> Wow. Do you know if they do that, yet? That's brilliant, if they do.
I have seen spam/virus where they get two addresses from a person's
compromised computer, and sends a virus to one address with a faked
From: using the other address. This increases the changes that the
person will fall for the virus, because it increases the chances they
know the From: address. I see viruses from names I recognized, send by
a third part.
--
Sending unsolicited commercial e-mail to this account incurs a fee of
$500 per message, and acknowledges the legality of this contract.
On Mon, 06 Dec 2004 10:02:28 -0800, "Brett A. Thomas" <[email protected]>
wrote:
>Do you know if they do that, yet?
Yes - I only talk about the well-known stuff, not the "exciting new
ideas in spam delivery" (as a recent flier flogging spam services put
it). There are ideas being offered for sale that the spammers aren't
even using yet.
Much of the really annoying spam these days comes from botnets of
0wn3d home-PCs, not from a few huge spamboilers in server bunkers.
Rather than the old way of large traded lists of target emails, many
of these bots are simply told "send some spam" and left to choose
their own targets - this is why you'll often receive many copies of
the same spam. Client-side spam targetting can be from a list the
'bot was given, or snooped from a local addressbook. If the client
runs OE for Usenet too, they're wide open for hosting a "thread
attack" like this.
--
Smert' spamionam
In article <[email protected]>,
Brett A. Thomas <[email protected]> wrote:
>Andy Dingley wrote:
>> And the second most likely source is something that posts spam with
>> to-from addresses based on threading from Useent .
>
>Wow. Do you know if they do that, yet? That's brilliant, if they do.
*lots* of virus-type stuff grabs 'random' addresses from anywhere it can find
it on the HD of the local computer -- address-books, saved e-mail messages,
saved USENET articles, 'temporary' (cached) web-page copies, etc., etc.,
ad naseum. Literally -anything- that looks like : {foo}@{domain}.{standard-TLD}
is fair game.
There is a bunch of other stuff that specifically targetts addresses that have
been 'harvested' from USENET newsgroup postings. I see, literally, _doesns_
of attempts per day to the 'from' address on this posting. My psychic mail-
server, however, lets only those messages that are a 'reply' to the article
get through. :)
I havn't seen anything _to_ that address that had a forged sender that was
a real address, let alone a forged sender that was an 'in use' address for
postings to USENET.
On 4 Dec 2004 12:48:54 GMT, Dave Hinz <[email protected]> wrote:
>By the way, there's a free antivirus program which is excellent, at
>http://www.grisoft.com/ - it gets the same virus definitions that
>the Norton/Macafee folks do, but for personal use it's free. If
>you're going to choose to run windows, there's no excuse not to use
>a good antivirus program.
good program I bought it and replaced norton.
hell I have so few addresses in outlook they would have limited ammo (G)
--
Knight-Toolworks & Custom Planes
Custom made wooden planes at reasonable prices
See http://www.knight-toolworks.com For prices and ordering instructions.
"Dave Hinz" <[email protected]> wrote in message
news:[email protected]...
> On Sat, 4 Dec 2004 08:01:52 -0600, Todd Fatheree <[email protected]> wrote:
> > "Doug Miller" <[email protected]> wrote in message news:XXhsd.1828>
>Is
> > this the result of harvesting on the wreck or of infection?
> >>
> >> Infection. And probably *not* in Steve's computer, either. The most
likely
> >> source is some third person who has both you and Steve in his Outlook
> > address
> >> book, and is infected by a virus that forges From: headers.
> >
> > This must be a difficult concept to grasp, as I have to have the above
> > conversation with certain clients over and over.
>
> It apparently is. Our first-level helldesk people _still_ don't get it,
> despite having been told this, over and over and over and over, for years.
> "...then we scanned (Joe's) system and it had no virus, so we're confused
> and escalating it to the virus team". Again. and again. and again.
>
> The global statement "A virus is never from who it claims to be from"
> is true enough that exceptions would be, well, exceptional.
>
> Dave Hinz
Add to the the dumba^H^H^H^H^Hfools who still configure their corporate
email virus scanners to send out the "you sent us an infected attachment"
replies. If everyone would just stop that, it would seriously limit the
number of times I have this conversation.
todd
"Doug Miller" <[email protected]> wrote in message news:XXhsd.1828> >Is
this the result of harvesting on the wreck or of infection?
>
> Infection. And probably *not* in Steve's computer, either. The most likely
> source is some third person who has both you and Steve in his Outlook
address
> book, and is infected by a virus that forges From: headers.
This must be a difficult concept to grasp, as I have to have the above
conversation with certain clients over and over.
todd
>Take another look at Eudora. I just set someone up on Eudora 6 to get
>them away from a marginally functional OE setup. It imported all their
>messages, mailboxes and addresses just fine. I won't guarantee it, but
>the import function has gotten a lot better in the last release or
>two.
>
I think I tried it and found a bug that really caused a hassle. it was one of
the boxes I wanted left blank and it would not let me. no matter what number I
entered it was not right even though I used the rule it said was right. and I
could not get it past that point. it was the same on my wife's computer and
mine.
--
Knight-Toolworks & Custom Planes
Custom made wooden planes at reasonable prices
See http://www.knight-toolworks.com For prices and ordering instructions.
>nuking outlook is high on the list of things I do in a windows
>installation....
I am stuck with it. I used to use agent for email but I needed more. I had
outlook xp and it did what I needed. but I tried eudora and it never worked
right. though most of the time it could not import email from outlook like I
needed. I have three years worth of emails that would need to move.
outlook xp will not let you open several kinds of attachments. that's good for
virus control but bad of someone emails you a .exe file you need.
--
Knight-Toolworks & Custom Planes
Custom made wooden planes at reasonable prices
See http://www.knight-toolworks.com For prices and ordering instructions.
On Sun, 05 Dec 2004 01:41:00 GMT, Steve Knight
<[email protected]> wrote:
>
>
>>nuking outlook is high on the list of things I do in a windows
>>installation....
>
>I am stuck with it. I used to use agent for email but I needed more. I had
>outlook xp and it did what I needed. but I tried eudora and it never worked
>right. though most of the time it could not import email from outlook like I
>needed. I have three years worth of emails that would need to move.
> outlook xp will not let you open several kinds of attachments. that's good for
>virus control but bad of someone emails you a .exe file you need.
Take another look at Eudora. I just set someone up on Eudora 6 to get
them away from a marginally functional OE setup. It imported all their
messages, mailboxes and addresses just fine. I won't guarantee it, but
the import function has gotten a lot better in the last release or
two.
Tim Douglass
http://www.DouglassClan.com
>Infection. And probably *not* in Steve's computer, either. The most likely
>source is some third person who has both you and Steve in his Outlook address
>book, and is infected by a virus that forges From: headers.
nope not mine. between spamcop and not opening attachments and AVG I am pretty
secure. but since I don't mung my email I am all over (G)
--
Knight-Toolworks & Custom Planes
Custom made wooden planes at reasonable prices
See http://www.knight-toolworks.com For prices and ordering instructions.
On Sat, 04 Dec 2004 18:57:04 GMT, Steve Knight
<[email protected]> wrote:
>On 4 Dec 2004 12:48:54 GMT, Dave Hinz <[email protected]> wrote:
>
>
>>By the way, there's a free antivirus program which is excellent, at
>>http://www.grisoft.com/ - it gets the same virus definitions that
>>the Norton/Macafee folks do, but for personal use it's free. If
>>you're going to choose to run windows, there's no excuse not to use
>>a good antivirus program.
>
>good program I bought it and replaced norton.
> hell I have so few addresses in outlook they would have limited ammo (G)
nuking outlook is high on the list of things I do in a windows
installation....