Hi-
In regards to one of my e-mail ISP accounts: How do I
remove unsolicited e-mail from Microsoft, such as, MS
Corportation Security, Net Message Service, Microsoft
Security, Critical Update, etc.? In some of these e-
mails I can't find the option to unsubscribe.
If anyone should know how I can eliminate this
problem/bug, please let me know as soon as possible.
Thanks, all, for your help and support.
-Russ
That's the Swen worm - it will eventually go away. But not as long as
there is even 1 idiot in the world who does not have antivirus
protection, and another idiot who believes the phony warnings. And
right now, there are still way more than 2 idiots out there. And each
idiot infects more idiots.
You "subscribed" to it by posting to Usenet without munging your email
address. You can't "unsubscribe" cause your postings are still out
there, and the computers sending it are distributed all over the
world. But you can stop it, by stopping the infection.
You need to report each infection offer as soon as you can. As you
wait, more computers become infected. Also, server logs are not
infinite in size; a report placed later stands less chance of being
properly researched by the abuse support technician.
My Swen went from 57 - 75 / day, to virtually zero now. Why? I spent
most of my free time reporting for a couple days, then regular and
prompt action afterwards.
There is one valid way to identify the ISP for the infected computer,
which requires that you examine the headers. Here is an example:
####### Start Example #######
Return-Path: <
[email protected]>
Received: from a.mx.xxxx.net (eth0.a.mx.xxxx.net [208.201.249.230])
by eth0.b.lds.xxxx.net (8.12.10/8.12.9) with ESMTP id
h95L6baQ017487
for <
[email protected]>; Sun, 5 Oct 2003 14:06:37 -0700
Received: from mail-6.tiscali.it (mail-6.tiscali.it [195.130.225.152])
by a.mx.xxxx.net (8.12.10/8.12.7) with ESMTP id h95L6ZF6000997
for <
[email protected]>; Sun, 5 Oct 2003 14:06:35 -0700
Received: from adqy (62.11.181.97) by mail-6.tiscali.it (6.7.019)
id 3F79B1480042D178; Sun, 5 Oct 2003 23:01:27 +0200
Date: Sun, 5 Oct 2003 23:01:27 +0200 (added by
(e-mail address removed))
Message-ID: <
[email protected]> (added by
(e-mail address removed))
FROM: "Security Division" <
[email protected]>
TO: "Commercial Customer" <
[email protected]>
SUBJECT: Latest Network Security Pack
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="vjwtmhybcefqo"
X-Spam-Status: Yes, hits=5.9 required=5.0
tests=ALL_CAPS_HEADER,MICROSOFT_EXECUTABLE,MIME_HTML_NO_CHARSET,
MSG_ID_ADDED_BY_MTA,RCVD_IN_MULTIHOP_DSBL,
RCVD_IN_UNCONFIRMED_DSBL,SPAM_PHRASE_00_01
version=2.43
X-Spam-Flag: YES
X-Spam-Level: *****
X-Spam-Checker-Version: SpamAssassin 2.43 (1.115.2.20-2002-10-15-exp)
Microsoft Customer
this is the latest version of security update, the
"October 2003, Cumulative Patch" update which fixes
all known security vulnerabilities affecting
MS Internet Explorer, MS Outlook and MS Outlook Express
as well as three newly discovered vulnerabilities.
Install now to maintain the security of your computer
from these vulnerabilities.
This update includes the functionality of all previously released
patches.
BLAH BLAH BLAH
####### End Example #######
The infected computer, in this case, is adqy (62.11.181.97).
10/6/2003 10:08:03 whois -h whois.ripe.net 62.11.181.97
remarks: | PLEASE CONTACT OUR ABUSE DIVISION (
[email protected]) |
remarks: | FOR ABUSE and-or SPAM COMPLAINTS. |
Send this complaint, with full headers, to (e-mail address removed).
There are any number of online whois lookup tools. I use All-NetTools
(
http://www.all-nettools.com/tools1.htm ) and Broadband Reports (
http://www.dslreports.com/whois ).
Also, there are several tools which you can install. I use Sam Spade
(
http://www.samspade.org/ssw/ ) and TESP ABouncer (
http://www.tesp.com/abounce/ ). Both contain whois and other tools,
and both help you format and send the complaint. Identifying and
reporting each infection, when you have a mailbox full of this crap,
is tedious as hell. These tools help cut down some on the tedium.
Chuck
I hate spam - PLEASE get rid of the spam before emailing me!
Paranoia comes from experience - and is not necessarily a bad thing.