I posted a question here in this newsgroup several weeks
ago. My email address was a requirement to post the
message (I see it now defaults to "anonymous".) My
address was apparently picked up from here and is now
being used by mail bots to send out spam (I presume.) I
am also getting a flood of messages supposedly from MS
saying "critical update." The attachments are being
stripped because they contain viruses. Is there any way
to stop all this garbage without having to change my
email address?
You can delete, or you can filter, but the email will never stop until
the sending computers, that are infected with Swen, are identified and
disinfected. You need to do your part, and report the infections.
I started reporting each Swen email two weeks ago, when I was getting
75 - 100 / day. This was a fscking nuisance, but I have gotten none
for the past few days. You need to report each infection as soon as
you can; each email you're getting is also going to somebody else who
may become infected and make the problem worse.
There is one and only one valid way to identify the ISP for the
infected computer, which requires that you examine the headers. Here
is an example:
####### Start Example #######
Return-Path: <
[email protected]>
Received: from a.mx.xxxx.net (eth0.a.mx.xxxx.net [208.201.249.230])
by eth0.b.lds.xxxx.net (8.12.10/8.12.9) with ESMTP id
h95L6baQ017487
for <
[email protected]>; Sun, 5 Oct 2003 14:06:37 -0700
Received: from mail-6.tiscali.it (mail-6.tiscali.it [195.130.225.152])
by a.mx.xxxx.net (8.12.10/8.12.7) with ESMTP id h95L6ZF6000997
for <
[email protected]>; Sun, 5 Oct 2003 14:06:35 -0700
Received: from adqy (62.11.181.97) by mail-6.tiscali.it (6.7.019)
id 3F79B1480042D178; Sun, 5 Oct 2003 23:01:27 +0200
Date: Sun, 5 Oct 2003 23:01:27 +0200 (added by
(e-mail address removed))
Message-ID: <
[email protected]> (added by
(e-mail address removed))
FROM: "Security Division" <
[email protected]>
TO: "Commercial Customer" <
[email protected]>
SUBJECT: Latest Network Security Pack
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="vjwtmhybcefqo"
X-Spam-Status: Yes, hits=5.9 required=5.0
tests=ALL_CAPS_HEADER,MICROSOFT_EXECUTABLE,MIME_HTML_NO_CHARSET,
MSG_ID_ADDED_BY_MTA,RCVD_IN_MULTIHOP_DSBL,
RCVD_IN_UNCONFIRMED_DSBL,SPAM_PHRASE_00_01
version=2.43
X-Spam-Flag: YES
X-Spam-Level: *****
X-Spam-Checker-Version: SpamAssassin 2.43 (1.115.2.20-2002-10-15-exp)
Microsoft Customer
this is the latest version of security update, the
"October 2003, Cumulative Patch" update which fixes
all known security vulnerabilities affecting
MS Internet Explorer, MS Outlook and MS Outlook Express
as well as three newly discovered vulnerabilities.
Install now to maintain the security of your computer
from these vulnerabilities.
This update includes the functionality of all previously released
patches.
BLAH BLAH BLAH
####### End Example #######
The infected computer, in the example, is adqy (62.11.181.97).
10/6/2003 10:08:03 whois -h whois.ripe.net 62.11.181.97
remarks: | PLEASE CONTACT OUR ABUSE DIVISION (
[email protected]) |
remarks: | FOR ABUSE and-or SPAM COMPLAINTS. |
Send this complaint, with full headers, to (e-mail address removed).
There are any number of online whois lookup tools. I use All-NetTools
(
http://www.all-nettools.com/tools1.htm ) and Broadband Reports (
http://www.dslreports.com/whois ).
Also, there are several tools which you can install. I use Sam Spade
(
http://www.samspade.org/ssw/ ) and TESP ABouncer (
http://www.tesp.com/abounce/ ). Both contain whois and other tools,
and both help you format and send the complaint.
Chuck
I hate spam - PLEASE get rid of the spam before emailing me!
Paranoia comes from experience - and is not necessarily a bad thing.
