I posted this two days ago. The spam and viruses don't
stop. ALL are sent from a Microsoft site with Microsoft
as the return address.
------------Original Post below------------------------
After posting a question on this group I have been flooded
with spam. I suggest that anyone who tries to get help
from this site not use a real email address. In two days
I have gotten over 100 spam emails! Over twenty of this
morning's 28 emails included a virus. Leave it to
Microsoft! You have been warned...
You're half right. If you post to Usenet, and you don't munge your
address, you WILL receive massive amounts of virus-infected email.
It doesn't come from Microsoft though. It's Swen, and it is coming
from numerous infected computers - folks who don't think to ask
whether Microsoft actually sends out updates by email.
You can filter or ignore these infected computers, but until they're
fixed, they'll keep sending out infections. More folks will fall for
the carp, and become infected. And they'll send you email too. You
have to do your part, and report the infections.
You need to report each infection offer as soon as you can. As you
wait, more computers become infected. Also, server logs are not
infinite in size; a report placed later stands less chance of being
properly researched by the abuse support technician.
My Swen email went from 57 - 75 / day, to virtually zero now. Why? I
spent most of my free time reporting for a couple days, then regular
and prompt action afterwards.
There is one valid way to identify the ISP for the infected computer,
which requires that you examine the headers. Here is an example:
####### Start Example #######
Return-Path: <
[email protected]>
Received: from a.mx.xxxx.net (eth0.a.mx.xxxx.net [208.201.249.230])
by eth0.b.lds.xxxx.net (8.12.10/8.12.9) with ESMTP id
h95L6baQ017487
for <
[email protected]>; Sun, 5 Oct 2003 14:06:37 -0700
Received: from mail-6.tiscali.it (mail-6.tiscali.it [195.130.225.152])
by a.mx.xxxx.net (8.12.10/8.12.7) with ESMTP id h95L6ZF6000997
for <
[email protected]>; Sun, 5 Oct 2003 14:06:35 -0700
Received: from adqy (62.11.181.97) by mail-6.tiscali.it (6.7.019)
id 3F79B1480042D178; Sun, 5 Oct 2003 23:01:27 +0200
Date: Sun, 5 Oct 2003 23:01:27 +0200 (added by
(e-mail address removed))
Message-ID: <
[email protected]> (added by
(e-mail address removed))
FROM: "Security Division" <
[email protected]>
TO: "Commercial Customer" <
[email protected]>
SUBJECT: Latest Network Security Pack
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="vjwtmhybcefqo"
X-Spam-Status: Yes, hits=5.9 required=5.0
tests=ALL_CAPS_HEADER,MICROSOFT_EXECUTABLE,MIME_HTML_NO_CHARSET,
MSG_ID_ADDED_BY_MTA,RCVD_IN_MULTIHOP_DSBL,
RCVD_IN_UNCONFIRMED_DSBL,SPAM_PHRASE_00_01
version=2.43
X-Spam-Flag: YES
X-Spam-Level: *****
X-Spam-Checker-Version: SpamAssassin 2.43 (1.115.2.20-2002-10-15-exp)
Microsoft Customer
this is the latest version of security update, the
"October 2003, Cumulative Patch" update which fixes
all known security vulnerabilities affecting
MS Internet Explorer, MS Outlook and MS Outlook Express
as well as three newly discovered vulnerabilities.
Install now to maintain the security of your computer
from these vulnerabilities.
This update includes the functionality of all previously released
patches.
BLAH BLAH BLAH
####### End Example #######
The infected computer, in this case, is adqy (62.11.181.97).
10/6/2003 10:08:03 whois -h whois.ripe.net 62.11.181.97
remarks: | PLEASE CONTACT OUR ABUSE DIVISION (
[email protected]) |
remarks: | FOR ABUSE and-or SPAM COMPLAINTS. |
Send this complaint, with full headers, to (e-mail address removed).
There are any number of online whois lookup tools. I use All-NetTools
(
http://www.all-nettools.com/tools1.htm ) and Broadband Reports (
http://www.dslreports.com/whois ).
Also, there are several tools which you can install. I use Sam Spade
(
http://www.samspade.org/ssw/ ) and TESP ABouncer (
http://www.tesp.com/abounce/ ). Both contain whois and other tools,
and both help you format and send the complaint. Identifying and
reporting each infection, when you have a mailbox full of this crap,
is tedious as hell. These tools help cut down some on the tedium.
Chuck
I hate spam - PLEASE get rid of the spam before emailing me!
Paranoia comes from experience - and is not necessarily a bad thing.
