Oprah Spam

[OldGuy]

Anyone know the source of the eMail spam going around?

"One of the best lessons from Oprah here (some http:\\ address) "

It is from a person I know (several from different people I know)
It has CC: to some people I know (i.e. in my contact list) and some I
do not know.

Malwarebyes shows no problems.
What else might I run?

 

[Barry Schwarz]

Anyone know the source of the eMail spam going around?

One or more people who have you in their address book have had their
system corrupted.

"One of the best lessons from Oprah here (some http:\\ address) "

It is from a person I know (several from different people I know)
It has CC: to some people I know (i.e. in my contact list) and some I
do not know.

Malwarebyes shows no problems.
What else might I run?

You can judiciously exercise the delete key.

 

[(PeteCresswell)]

Per OldGuy:

Anyone know the source of the eMail spam going around?

"One of the best lessons from Oprah here (some http:\\ address) "

It is from a person I know (several from different people I know)
It has CC: to some people I know (i.e. in my contact list) and some I
do not know.

I've been thinking maybe it's from the recent hack of Yahoo's servers
via the Shellshock (whatever that is...) vulnerability.
(http://www.forbes.com/sites/thomasbrewster/2014/10/06/yahoo-hacked-by-bash-bug-attackers/)

Yahoo seems to be denying that Shellshock was part of it - instead
saying that some malicious code was made to run in search of the
Shellshock vulnerability, but not exploiting it. But all they're
talking about in the post in the link below is their "Sports API servers
(whatever *they* are... but they don't sound like mail servers.
(https://news.ycombinator.com/item?id=8418809)

I've gotten at least a dozen of the "Oprah" spams over the past week and
the three people I checked with (whose names were in "From:") all said
that their email accounts were with Yahoo.

 

[OldGuy]

Some of you are missing the implication that my PC may have a virus
that is generating this spam! Or some friends PC has a virus that is
generating it. OR as Pete suggests it is coming from ...

 

[Nil]

I've gotten at least a dozen of the "Oprah" spams over the past
week and the three people I checked with (whose names were in
"From:") all said that their email accounts were with Yahoo.

Me, too. Actually the wave seems to have receded now, but all of the
many such spams I received came from Yahoo addresses.

 

[Mayayana]

| Some of you are missing the implication that my PC may have a virus
| that is generating this spam!

You don't have a virus sending yourself spam.

| Or some friends PC has a virus that is
| generating it.

That's always a good possibility when the email is
from someone you know. You should confirm they
didn't send it and tell them, so that they can check
their systems. If they're using webmail rather than real
email then they may not have a local infection but
rather a breach of their account. They should change
their password in that case. Unfortunately, many
people consider that out of the question. People I
know typically have one password for everything that
they've used for decades. They're simply not willing
to remember a new one.

Then, of course, there's the possibility that you
actually have several friends who like Oprah. There
are people who think she's wise and who might want
to spread her wisdom to their friends.... no accounting
for taste.

Another possibility is corporate spam. People might
get an Oprah newsletter that's stolen their address
book, for instance. I've had spam in the past from
LinkedIn that was like that. LinkedIn steals address
books and then sends out emails, seemingly from the
person you know, saying that they want you to join
them on LinkedIn. But the email is not actually from
that person. It's just LinkedIn spam. (It amazes me
that so many people who should know better actually
sign up with such a sleazeball operation.)

 

[R.Wieser]

David,

I'll write it once again...

Repeating something does not make it any more right (or wrong) than it is.

And pardon me, but there really has been malware known which caused you to
recieve spam (some resulted in true, others generated fake emails). Which
is at an straight angle to your claim.

Even if you did not encounter any such malware yourself, you should be able
to, as the author(?) of that "Multi-AV Scanning Tool" and thus presumably
being a programmer yourself, acknowledge the *possibility* of such programs.
I must say I'm therefore a bit miffled by your blunt (and somewhat
agressive) denial.

Regards,
Rudy Wieser


-- Origional message:

 

[(PeteCresswell)]

Per OldGuy:

Some of you are missing the implication that my PC may have a virus
that is generating this spam! Or some friends PC has a virus that is
generating it. OR as Pete suggests it is coming from ...

Or, to put a finer point on the virus angle, your PC may have been
co-opted as what they call a "Zombie" wherein a central computer in a
botnet is using it to send spam.

I'd download MalwareBytes, run it on your PC, and see what it reports.

 

[(PeteCresswell)]

Per (PeteCresswell):

Or, to put a finer point on the virus angle

Oops!... careless reading on my part.

Re-reading the thread, it seems like you are receiving spam, not being
accused of sending it.... so my last post should be ignored.

OTOH, I do feel better when I run MalwareBytes every so often....no
matter what.

 

[Mayayana]

| > I must say I'm therefore a bit miffled by your blunt (and somewhat
| > agressive) denial.
| >
| Rudy, I thnk my experience in this subject matter gives me a better
| perspective.
|

You seem to be right, though I don't see what it has
to do with your being privy to "special secret discussions"
about malware.

On the other hand, he does make a relevant point: There's
no need to be rude and condescending, hitting people over
the head with your "competitive expertise". Tech is the only
field I know of where it's considered "cool" to be Aspergers-
abusive toward others, especially over mere technical
information.
(Which is lucky for us. We don't have to worry about a store
clerk scorning us for asking the price of an item, or our
doctor laughing derisively because we suggest that we might
be sick, or a waiter who shouts "WRONG!" because we just
decided to order a dish that the restaurant has run out of.
.....Though, come to think of it, most doctors I've dealt with
have been rather condescending.


| Not only did I write the Multi-AV, I am a past Malwarebytes' employee
where
| I was Malware Rsearcher and I have directly studied malware for almost 25
| years. Having analyzed malware and have discussed malware....

Yet you offer a scanning package that is so technical and
idiosynchratic it can only be used by people who know better
than to need AV and anti-malware software in the first place,
much less multiple versions...much less needing to run them
in a console window and allow the software to go online.
Again, by sticking close to the technical details that you're
comfortable with, you've missed the human element of the
situation.

 

[R.Wieser]

David,

Rudy, I thnk my experience in this subject matter gives me
a better perspective.

Even assuming that that is true, don't you think that bluntly stating "that
does not happen!" isn't all that ... smart (don't know a better word for it)
? The absense of proof isn't really equal to the proof of absense you
know.

Receiving spam is NOT a function of malware on one's computer.

So, what is ? It seems to range from "just tracking" your webbrowsing,
thru injection of advertisements into webpages, thru fake virus warnings,
thru ransomware, upto targetly stealing certain data (like passwords to
specific games). I could very well imagine that spamming would fit into
that, quite broad, range of functioning.

With ISP level spamfilters being more common nowerdays (making delivery of
spam quite a bit harder) it even leads to the "why *isn't* it part of that
range?" question.

Receiving spam is NOT a function of malware on one's computer.
I say it bluntly because to think otherwise is a Red Herring.

My apologies, but you sound too sure of yourself. And in my experience that
makes you dangerous, as you cause yourself to be willingly blind for certain
possibilities.

Also think of Murphy's law: Stuff will mostly go wrong where you least
expect it -- and thus takes you the longest to discover the cause (have been
bitten by that myself a few times :-\ )

Right off, the first required fact, the Full Header and Body of one or
more spam emails have NOT been provided and thus all responses
are speculative.

Including your own (premature) *conclusion* I suppose.

And I hope you do realize that if the spam is actually locally spoofed those
headers would mean exactly nothing to you/us, as the spoofing malware could
be putting *anything* into them, even something copied from other messages
in the inbox.

And to honor my own stance: There is, due to your 25 year experience in this
field, a good chance you are right (and to be true its quite likely that
something else, like something Pete Cresswell mentioned, caused the spams),
but there certainly is a chance you're not.

Regards,
Rudy Wieser


-- Origional message:

 

[Bert]

It is from a person I know (several from different people I know)

I've seen just one of those, and while the visible name of the sender
matches someone my wife knows, the actual email address of the sender is
from Japan, as is the originating IP address.

So, are you sure the email is actually from the person you think it is?

 

[Bert]

I've seen just one of those, and while the visible name of the sender
matches someone my wife knows, the actual email address of the sender
is from Japan, as is the originating IP address.

Correction: The originating IP address is in Bangladesh. They used a
server in Japan as their first relay.

 

[micky]

Malwarebytes' Anti-Malware is NOT an anti spam application and can do
nothing about spam.

I think he had in mind that since it was unsolicited, it might contain a
virus or be referring him to a webpage with a virus. (I still don't
understand how webpages deliever viruses, but I hear they do.)

 

[micky]

Me, too. Actually the wave seems to have receded now, but all of the
many such spams I received came from Yahoo addresses.

I didnt' get any, and I don't think I know anyone who uses Yahool as the
ISP. Did you know that Yahoo was originally a character in
Gulliver's Travels? (which I never read). They said that on Kid's
Jeopardy this week, iirc.

 

[(PeteCresswell)]

Per micky:

Did you know that Yahoo was originally a character in
Gulliver's Travels?

Plural. Yahoos were the animalistic human-looking inhabitants of the
island. The intelligent, civilized inhabitants were the Houyhnhnms,
which looked like horses.

viz: http://en.wikipedia.org/wiki/Houyhnhnm

 

[micky]

Some of you are missing the implication that my PC may have a virus
that is generating this spam! Or some friends PC has a virus that is
generating it.

The friend's PC wouldn't have to have a virus, even though his address
is in the from- field

Ten or 15 years ago, addressbots were gathering addresses and sending
viruses to one of them, apparently from another one. I got one which
appeared to be from someone else who posted to same newsgroup, but he
hadn't sent it and his computer and his email account were not involved
at all. They just used his name and address to make it more likely I'd
open the virus. Somone might be doing that again.

IME that seems to have stopped now. Even though there are two newsgroups
where I don't even mung my address, I don't get any of those I just
described since a month or two after I got the first one. And I don't
get much spam either. 1 to 3 a day, so they don't seem to be collecting
addresses, at least not from those two newsgroups.

 

[micky]

I've seen just one of those, and while the visible name of the sender
matches someone my wife knows, the actual email address of the sender is
from Japan, as is the originating IP address.

AIUI, there is a lot of that from Japanese WWII soldiers who have not
yet surrendered and are hiding in caves in south pacific islands. They
don't get much support from Japan anymore, but they are allowed to use
Japanese mail servers, and IP and email addresses. This is the only
way they can still make war on us.

 

[R.Wieser]

David,

The objective of malware its the release and execution of payload.

Isn't that the definition of a virus/trojan horse ? Malware is just that,
malware. Or, if you want to put it that way: (The) Malware is what a trojan
horse or virus plants into someones computer (also known as "the payload").

Ofcourse, that is a definition which excludes programs that *are* the
malware, but just keeps displaying something else to hide that fact (no
release or deployment -- the well known "purple monkey" of a few years back
for example).

Malware sending spam to the PC where it is being generated would
a semaphore of its existence.

Just like any kind of malware "rooting" your box, turning it into a "zombie"
and making it part of a "botnet". Still, that is what quite a few of those
malware programs do with a good deal of success.

And thats not even speaking of malware which sends a sh*tload of spam into
the world, which is quite detectable by a/the spam filter (on outgoing mail)
at ones ISP (like mine has/does).

It is counterproductive for a spam bot to bring attention to its self.

Quite true. So, pray tell: how does finding spammail into ones inbox draw
a straight line to malware ? Thats right, it doesn't. In that effect its
mimicking of a valid mail hides its presence/it being the point of origin
quite nicely.

In this case you, with 25 years of experience, are quick to point the finger
elsewhere. Effectivily helping such a strain of malware to hide itself
(thats why I called you dangerous).

Thus the last thing a spam bot intends to happen is make
its host a traget recipient.

Nope. The *last* thing a spambot intends to let happen is that it can't
send spam. If that happens its not worth its name.

But yes, it will try to keep itself outof the focus of the users attention.
But than again, if the locally injected email looks like it coming from an
outside source, doesn't it do just that ?

Regards,
Rudy Wieser

P.s.
I noticed that your current reply did not respond in any way to my previous
one. Thats not really accepted in a face-to-face conversation (where more
often than not the conversation partner will simply put his attention
elsewhere), any reason why it should be in a newsgroup ?


-- Origional message:

 

[micky]

Per (PeteCresswell):

Oops!... careless reading on my part.

Re-reading the thread, it seems like you are receiving spam, not being
accused of sending it.... so my last post should be ignored.

OTOH, I do feel better when I run MalwareBytes every so often....no
matter what.

I think he said in his first post that "Malwarebyes shows no problems."

That looks like the problem. Malwarebyes is the virus-laden forged
version of Malwarebytes.