read if you want to fight back against the email virus floodingattack

[webberdog]

you need to report each one to learn how goto:
alt.discuss.clubs.public.other.activist_fighting_spam
Friendly spam fighting help
also take a look at :
http://community-2 webtv.net/cashcobra/WebsitePartlllThe/page2.html
basically you get the headers of the email (different ways to do
this-explained on spamcop site),look in mumbo jumbo to see where from
then forward headers only with html virus file removed to abuse@whatever
the address is say politley this guy flooding virus laden email please
help...once you get hang of it it will get easy.....then instead of
getting the microsoft patch and ex wav audio speaker emails you get a
message from server saying virus detected message stopped and then you
and thousands of others dont get any more .....good luck please try.it
helps
get a free spam reporting accout @ spamcop and report regular spam too
you will help everyone else out too.....

 

[Gabriele Neukam]

On that special day, (e-mail address removed), ([email protected]) said...

you need to report each one to learn how goto:
alt.discuss.clubs.public.other.activist_fighting_spam

There are more groups like that. Germans eg might search through
de.admin.net-abuse.mail and its faqs.

also take a look at :
http://community-2 webtv.net/cashcobra/WebsitePartlllThe/page2.html

Even better, because offering all tools required (even for download):

www.samspade.org

helps with inquiries at the respective Whois servers, but is sometimes
bloacked by Ripe or APNIC for too excessive querying. Will always work
with ARIN (the Americas)

People with some command of German can try
http://www.iks-jena.de/cgi-bin/whois
According to my experience, they are never blocked, because they limit
the queries a bit per IP number. If you are asking for infos on more
than, say 25 IP addresses, they'll tell you to come back later.

basically you get the headers of the email

In Outlook Express, press Ctrl-F3

look in mumbo jumbo to see where from

If you didn't have the message forwarded from a mail provider whom you
trust, only the topmost "Received:" line will be valid, and of that only
the IP number (the four part thing, separated by dots, in brackets). The
"name" can be faked, too, so don't trust any HELO or EHLO. Everything
else below isn't trustworthy at all; some spammers add a long list of
fake "Received" entries in order to confuse spam fighters.

then forward headers only with html virus file removed

Note: "with virus file removed". My ISP would tar and feather me if I
included it in the message.

to abuse@whatever

And pray there is one there... I've already had to notify "info",
"support", "spam", "spamabuse" and whatnot.

say politley this guy flooding virus laden email please
help...

And add some URL links to Symantec/Trendmicro/whatever, it makes them
react faster.

http://www.symantec.com/avcenter/venc/data/[email protected]
http://www.viruslist.com/eng/index.html?tnews=1001&id=88142
http://www.viruslist.com/eng/viruslist.html?=88029
http://www.europe.f-secure.com/v-descs/swen.shtml

is quite impressive.

then instead of
getting the microsoft patch and ex wav audio speaker emails you get a
message from server saying virus detected message stopped

Not *my* ISP. They'll provide filters only at the end of the year (I
hope it is *this* year)

and then you
and thousands of others dont get any more .....good luck please try.it
helps

Ok, my ISP *will* notice an infected machine, because of its sudden
exceeding of the 100 mail/day limit which is active on all home user
accounts. Swen does rounds of the thousands, and an account that starts
spewing, will soon loose access to the mail out server.

Another method, but works as well (at least in this case)

From where do I know this all about my ISP and its special style?
They're running internal newsgroups, too, where the T-online-Team
explained it all to some annoyed customers.


Gabriele Neukam

(e-mail address removed)