OT: pirated email

Ric fhj52ads at yahoo.com
Mon Sep 22 07:58:02 CEST 2003


--- Matthew Weier OPhinney <matthew-lists at weierophinney.net> wrote:
> -- Olivier Fourdan <fourdan at xfce.org> wrote
> (on Friday, 19 September 2003, 06:37 PM +0200):
> > On Fri, 2003-09-19 at 17:14, edscott wilson garcia wrote:
> > >   It seems some #$#$%&%$ is spoofing my email address to send junk mail,
> > > probably to get past mail servers which bounce mail which come from
> > > fictitious source accounts. Anybody have similar problem? What to do?
> > 
> > Yes, I keep receiving delivery errors on mails I've never sent (and the
> > mail agent shows it's been sent with Outlook!!!)
> > 
> > There is not much you can do, AFAIK, just wait for Microsoft and its
> > unsecure tools to disappear from the surface of this planet :)
> 
> Actually, the behaviour you're seeing is likely from the SoBig.F virus

Actually there is a *new* one that started this weekend, 
From: "Microsoft Security Section" , "Security Assistance" , " Microsoft
Corporation Technical Support "  and others with similar "official" names. The
email _looks_ like a MS document that _requests_ the user to download and apply
the "patch"; includes an attachment:

File names: pack.exe , PATCH.exe, upgrade.exe and others
File types:  application/x-msdownload
Scan results: Virus  Worm.Automat.AHB  found
                              ^^^^^^^^^^^^

the attachment is usually ~ 154kB but I got one that was a 14kB .exe file and
the virus scanner did not recognize it as *.exe(i'm thinking/hoping it was
because it was corrupted).

I also have several of those *bogus* returns now and had ~ dozen of them on the
last MS caused problem a couple of weeks ago.  All are going to _this_ email
address.

This is a problem for linux too.  I have been getting  DoS  sometimes because
my FW/Gateway logs are full of martians trying to get into port 135.  Snort and
kernel logs have grown exponentially.   Normallly the logs would be kB in size;
now they are MB!  It's a small drive...

I am more than just a little PO'd by the whole thing as it has taken more time
from my short supply...


> -- it goes through all the mail headers in an Outlook mail store and
> both sends to each and tries to mail as each in order to spread itself.
> Since it happens on the client end, often the server it's using for
> outgoing mail will be configured to accept any mail from any address on
> the internal LAN... which means *you* get the bounceback, even though it
> came from someone else's machine. Yuck.
> 
> I started analyzing the subject lines from the bounce backs, and set up
> some procmail filters to nuke them before they reach my inbox. Since
> they all include the virus as an attachment, you can also look for that.
> 
> Ah, the joys of email... ;-)
> 
> -- 
> Matthew Weier O'Phinney
> http://weierophinney.net/matthew/
> _______________________________________________



=====
Have A Great Day!

Ric
***
Thought for today:
After 10 years writing object-orientated enterprise code, one of the most 
important things I've learned is to code as if the next guy to come along and 
maintain your code is a short-tempered 30-stone gorilla who knows where you 
live.
-- Caspian Rychlik-Prince
-- http://www.puppygames.net/articles/alienflux_postmortem.php

__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com



More information about the Xfce4-dev mailing list