Oprah Spam

[Mayayana]

| Nope. The *last* thing a spambot intends to let happen is that it can't
| send spam. If that happens its not worth its name.
|
| But yes, it will try to keep itself outof the focus of the users
attention.
| But than again, if the locally injected email looks like it coming from an
| outside source, doesn't it do just that ?

I don't understand how you imagine that happening. A
spambot on your PC could send you spam simply because
your email address is on the list of addresses it receives
or carries with it. In that case it would be sending it out,
just like all the other spam it sends out, with it's own SMTP
server, a remote private server, or your ISP server.
But I don't see how such a spambot might "inject" email
locally. You get your email by calling the POP server.
(Assuming you're using real email and not corporate
webmail.) Spoofing that by somehow hooking into your
email program would be quite a trick, with little if any profit.
And as David points out, it's not in the interest of the
malware writers to do anything that might risk discovery.

I've been noticing that the little spam I get seems to
rarely be coming from someone I know anymore. (Except
in the case of sleazy corporate spam like LinkedIn.) Most
of it seems to be due to bots online that look for email
addresses. And it's very systematic, apparently a big
operation. Lately I've been getting one or two daily from
the same source, but always from a different domain and IP.

I wonder if the approach of taking over PCs might be
getting phased out. In any case, I don't see any reason
to suspect any kind of local infection just because one
starts to receive new spam.

 

[R.Wieser]

Mayayana,

But I don't see how such a spambot might "inject"
email locally.

Several posibilities. A crude one would be to write to the mail storage
itself directly. A more generic method could be to reroute certain
networking functions (several methods available for that) thru the malware,
making it act as a kind of proxy.

Spoofing that by somehow hooking into your email program
would be quite a trick

Not really, the "several methods" I mentioned in the above are all quite
old.

with little if any profit.

Thats something to be seen. Spam in itself is something that has *very*
little profit. Its the sheer ammount ammount that makes it a viable kind of
buisiness.

And as David points out, it's not in the interest of the
malware writers to do anything that might risk discovery.

While thats true, its also not. If the malware wants to put the "mal" into
"malware" it has to do *something". Otherwise its just a replication
engine, and thus quite harmless. The only thing we could debate about is
what the writer of the malware would find an acceptable risk.

I also think I explained it into detail to David. If you think I made a
mistake in it than please bring it forward. I'm not infallible.

I wonder if the approach of taking over PCs might be
getting phased out.

Based on what exactly ? You still get 2 spams a day, I get about 4.

According to wikipedia there are currently about 2 billion computers in the
world. Even if only a quarter of them is a target of spam and only 65% is
generated by zombies (again, wikipedia) the ammount of them needed to have a
sustained 3 spams a day (the middle between your and my number) to 500
million computers is quite a lot.

When I assume each zombie sends 10 mails to 5 recipients once each 2 days
(numbers taken as to not to trigger an ISPs spam traps) the ammount needed
would be 39 million zombies. That not nothing.

And if zombifying PCs gets phased out, how else will those spammers get
their junk into our inboxes (with "inboxes" ment in the broadest sense, from
email thru all the current social media) ?

In any case, I don't see any reason to suspect any kind
of local infection just because one starts to receive new
spam.

That wasn't the OPs question. He asked if it was *possible*. As David
here venomly denies that possibility I responded to david.

And for the record, do *you* think its possible ? If so than we are on the
same line.

Regards,
Rudy Wieser


-- Origional message:

 

[Mayayana]

| > But I don't see how such a spambot might "inject"
| > email locally.
|
| Several posibilities. A crude one would be to write to the mail storage
| itself directly. A more generic method could be to reroute certain
| networking functions (several methods available for that) thru the
malware,
| making it act as a kind of proxy.
|
I'm afraid you're grasping at straws. Even if a malware
writer wanted to insert spam locally, they would need to
know your email program and handle the format. I use
OE, for instance. Malware inserting spam would have
to know how to write to a .dbx database file. But it still
needs to go online to get the spam content, so why go
to so much trouble reverse-engineering email programs?

| > I wonder if the approach of taking over PCs might be
| > getting phased out.
|
| Based on what exactly ? You still get 2 spams a day, I get about 4.
|

I only started getting the two recently. I've had
nearly zero for years, depending only on a setting
with my webhost to use Spaminator to delete known
spam from the server. This new one has somehow
got past that filter, and they're using different IPs
every time. There's nothing distinctive in the content
or headers that I can block.

Spam originating from someone I know is another
story. I can't remember the last time I received any.
It used to be somewhat common and I'd always
contact the person to warn them.
(I get little enough spam that I can afford to check
all headers.) I think it must be years since I had to
warn someone they may be affected. I don't know
why. I still know many people using XP, so it's not
an improvement due to increased Vista/7 restrictions.
So, while I don't know of any studies or statistics I'm
speculating that maybe the focus has shifted, perhaps
to phishing emails or online malware that installs things
like keyloggers to steal credit cards rather than trying
to dupe people into supporting a Nigerian prince.

| And if zombifying PCs gets phased out, how else will those spammers get
| their junk into our inboxes (with "inboxes" ment in the broadest sense,
from
| email thru all the current social media) ?

I don't know about social media. I've barely even seen
a Facebook or Twitter page. In terms of email, you make
a good point. One would think that bot farming would
still be worthwhile. Maybe PCs are cheap enough these
days, and networks fast enough, that spammers just run
their own systems. Maybe bot farmers are targetting
3rd-world countries where it's easier to infect. Who knows?
All I know is that friends of mine are not having those
kinds of problems anymore.
I would be interested to see an in-depth study of the
history and current status of these things.

|
| > In any case, I don't see any reason to suspect any kind
| > of local infection just because one starts to receive new
| > spam.
|
| That wasn't the OPs question. He asked if it was *possible*. As David
| here venomly denies that possibility I responded to david.
|

As I understood it, the OP thinks the most likely cause
is a local infection and wants to know what tests to run
besides MalwareBytes. I think the OP misunderstands and
is wasting his time looking for a malware culprit.

Unless OldGuy posts some headers I don't think there's
much else anyone can do to figure it out. (And headers
may not necessarily tell the story.) But I don't think he's
listening to the answers he's getting. He just wants a
list of further frivolous "nukes" like MalwareBytes so he
can feel that he's blasting bad guys. It's ironic that he and
David are at odds, given that David is offering a free tool
to combine every bloated, useless AV nuker available into
one nerd-pleasing console window to provide hours of
enemy-hunting combat thrills.

| And for the record, do *you* think its possible ? If so than we are on
the
| same line.

I agree with David that it's so unlikely as to be a
red herring issue, which will only confuse things
unnecessarily. On the other hand, I also agree with
you that dogmatists are not to be counted on
because they value winning arguments more than
they value knowledge itself.

 

[R.Wieser]

Mayayana,

Even if a malware writer wanted to insert spam locally,
they would need to know your email program and
handle the format.

Thats true. Its also why I mentioned a "more generic" method.

I use OE, for instance. Malware inserting spam would
have to know how to write to a .dbx database file.

Years ago I found a description of it on the web. With it I wrote my own
..DBX viewer.

I only started getting the two recently.

I've been getting them for over a decade, on an acount I've not been using
for that same decade (my ISP does not allow me to drop that (default) email
account, claims "its not possible")

and they're using different IPs every time.

Same here. I do often get them in batches (spanning weeks) all with the
same sender name and subject line, but from accounts all over the world.

Maybe PCs are cheap enough these days, and networks
fast enough, that spammers just run their own systems.

Well, although some of them do, if they do use one IP block long enough
organisations like "spamhaus" make sure every ISP knows that they can
blackhole anything coming from such an IP range. They therefore are always
"on the run" hopping from one louche domain jocky to another. But those
tend to get known too ...

As I understood it, the OP thinks the most likely
cause is a local infection and wants to know what
tests to run besides MalwareBytes. I think the OP
misunderstands and is wasting his time looking for
a malware culprit.

The way I read it is that the OP wants to make sure that he can exclude such
a possibility. I think he should. If only to reassure himself.

Unless OldGuy posts some headers I don't think
there's much else anyone can do to figure it out.

As I said before, if the emails have been generated locally those headers
will not be worth anything.

As for the case they are really from an outside source ? Than only the
very latest/top "Received:" line is worth anything, and that one always indi
cates the mailprovider and the IP of the "hop" just before it. Very little
info can be gained from that -- my ISP doesn't even dare to put anything
stronger than "(may be forged)" to its own (top) "Received:" addition.

But I don't think he's listening to the answers he's getting.
He just wants a list of further frivolous "nukes" like
MalwareBytes so he can feel that he's blasting bad guys.

Lol. Now who's "grasping at straws" here. You have no way of knowing
that.

For all *I* know he has been put-off by davids response, realizes that
disagreeing with such a "I know beter and you *must* listen to me" -moloch
doesn't benefit him in the least, and just "has left the building".

But than again, something quite different could be going on, like he's
laughing his head off at the ruckus he started with his question.

It's ironic that he and David are at odds, given that David
is offering a free tool to combine every bloated, useless
AV nuker available into one nerd-pleasing console window
to provide hours of enemy-hunting combat thrills.

Shucks, I did not even think of that. But yes, thats ironic. Hmmm.

On the other hand, I also agree with you that dogmatists
are not to be counted on because they value winning
arguments more than they value knowledge itself.

Yep. And I was dumb enough to think I could shake davids shoulders a bit
so he would snap out of it. It looks like I had no such luck. Oh well.

Regards,
Rudy Wieser


-- Origional message:

 

[J. P. Gilliver (John)]

In message <[email protected]>, David H.

Yes., I still believe what I have stated to limit the misinformation
factor and the OP delving into a Red Herring.

The objective of malware its the release and execution of payload. The

The _main_ objective, _nowadays_.

longer it is in action, the longer its intended purpose is in effect.
Malware sending spam to the PC where it is being generated would a
semaphore of its existence. It is counterproductive for a spam bot to
bring attention to its self. It must hide its presence and protect its
execution for the maximum benefit of its purpose. Thus the last thing
a spam bot intends to happen is make its host a traget recipient.

All very true. However, you cannot prove a negative; I'd say saying
spamware could _never_ spam its host is not logical. The best you can
say is that you've never seen it happen (and the members of your secret
society haven't either).I think your main intent is to say that it's sufficiently _unlikely_
that considering it could divert limited resources (mainly people's
time) away from areas where they could be more productive. And I
wouldn't disagree with that.

 

[DKahn]

I got that virus, the one that sent out the oprah email. I think I got it by clicking on a "background check" ad. It may also have been responsible for hacking my facebook account; I suppose by recording keystrokes. How do I get rid of it? Specifically, I'm not looking for general instructions on virus removal. How do I get rid of this specific virus?