Worm Attack

  • Thread starter Thread starter Arthur Entlich
  • Start date Start date
A

Arthur Entlich

I want to apologize to anyone who has been trying to contact me via my
e-printerhelp email address. My ISP has cut my service for incoming
mail on and off over the last several days due to a "dictionary attack"
using my email address. I am currently trying to find the cause which
is very possibly a worm in my system.

I do not keep address books as a further safeguard, so hopefully the
emails sent out have been randomized and not directed at members here or
people who have requested my manual.

It may take a few days to clear this up, so please be patient.

The good news is I have contacts with people in the industry who have
offered to help me to track down my source of this worm, so if it was
sent to me accidentally, I can inform that person that they are
infected, but if it was sent from a malicious source, they'll help me to
prosecute the person responsible.

Art
 
Sorry for the annoyance Art. Hope you track down the problem soon. It's bad
enough dealing with the visual worms that bug us.
 
Thanks for your empathetic message. Much appreciated. We have a
suspect, but more forensics will be necessary to confirm if they were
the source.

It is very annoying because people rely upon me to help them when they
are in a tight spot and I try to be as proactive as possible in
assisting. These sorts of things just cause unnecessary pain for people.

Art
 
Sorry about your difficulties.
You are an invaluable help to many in this group.

Hope you can continue providing your manual.
Good Luck!!
 
Arthur said:
I want to apologize to anyone who has been trying to contact me via my
e-printerhelp email address. My ISP has cut my service for incoming
mail on and off over the last several days due to a "dictionary
attack" using my email address. I am currently trying to find the
cause which is very possibly a worm in my system. Maybe you should go fishing.

I do not keep address books as a further safeguard, so hopefully the
emails sent out have been randomized and not directed at members here
or people who have requested my manual.
If you posted your manual on a website then you would not have this
problem. Of course you would loose the holier than thou control but the
requesters would be better served at the expense of your ego.
 
Arthur Entlich said:
I want to apologize to anyone who has been trying to contact me via my
e-printerhelp email address. My ISP has cut my service for incoming mail
on and off over the last several days due to a "dictionary attack" using my
email address. I am currently trying to find the cause which is very
possibly a worm in my system.

I do not keep address books as a further safeguard, so hopefully the
emails sent out have been randomized and not directed at members here or
people who have requested my manual.

It may take a few days to clear this up, so please be patient.

The good news is I have contacts with people in the industry who have
offered to help me to track down my source of this worm, so if it was sent
to me accidentally, I can inform that person that they are infected, but
if it was sent from a malicious source, they'll help me to prosecute the
person responsible.

Art

Art - sorry to hear about your attack. It is beyond my understanding why
people do these random malicious acts.
 
Art - sorry to hear about your attack. It is beyond my understanding why
people do these random malicious acts.

Not to cast aspersions, but I have to wonder whether it actually was
random.
 
Well, that is one reason I am working with the "experts" on getting to
the bottom of this. One thing anyone in "the public eye", even in a
small way, know is that they are a target. It is one of the reasons I
have not agreed to run for public office in spite of several grassroots
attempts on my behalf over the years.

We'll see where this all goes, and I will report back, if people are
interested.

Art
 
Thanks for your concern, it's for money!

If anyone is interested here's the story as it currently stands:

My ISP is now investigating. My email address that I use for
e-printerhelp is not the email address I actually send or ultimately
receive from. The mvps(dot)org account is a free perk I get for being a
Microsoft MVP. I use it in case I change my ISP at some point, because
in the past when I did so, people would lose me until my new address got
well publicized. In fact, I still get people complaining that they
tried may old address and it bounced (and those addresses have been out
of serve for at least 5 years). So, all email goes through the
mvps(dot)org account and is automatically forwarded to my ISP account.
What is known is that private email and the Epson Yahoo mail which both
go to that same ISP mailbox was bouncing at their server, and I was
lucky to receive a couple of those bounced message forwarded to me from
people when the mailbox started to accept email again, and the problem
is definitely a block at my ISP mailbox. The mvps(dot)org "Postmaster"
indicated 38 attempts to forward on email before it gave up.

So, what we know at this point is the bounce was generated at my ISP. I
even sent an email to myself using another mailbox and it also bounced
during one of those period, so that's confirmed.

The other clue is when my mailbox started working again, I received
another postmaster generated message from another ISP which indicated an
email I had sent was bounced on a "policy-related" issue (probably a
spam filter). They did not return the message, only the subject and the
email was not sent by me. It had a subject of "Pharmacy Online March
70% OFF". I've received these myself, since I don't filter any spam.

That email was sent to an address that started with "eprintable".
Apparently, there are worms that start with the address they are mailing
from as the route name, and then use dictionary words to morph the
address and send those emails out. Obviously, that makes for a lot of
nonsense addresses which bounce, but some also get though. I guess one
way to avoid this is to use an email address that doesn't use any
dictionary words.

Now, here is where it gets interesting to those of us who have too much
time on their hands (ho-ho)... I placed the full subject phrase in
quotes into Google, and got several hits of websites that post captures
of spam emails, and determined the company name. I also was able to
check the url link in their spam, and went to their website, which is an
on-line pharmacy (obviously). I then went to their posted spam policy,
where they make all the usual claims that they do not support
unsolicited email (spam) and that they expect all their distributors to
use an opt-in service, and that those who do not will be (eventually,
after like 6 warnings) be terminated.

I then went to their "spam complaints" section, and told them basically
what happened to date, and they claim on their website that they are
very proactive about these matters and will respond to all claims within
a day. I also told them I will be placing a formal complaint to their
ISP and to law enforcement once it is verified it has anything to do
with them. It may just be a coincidence that I received that bounced
email, and the actual source of the problem may be another source.

Of course, they didn't get back to me (yet). Now, its up to the experts
at my ISP abuse division to figure this all out. They currently don't
agree what exactly happened, and each level seems to have access to
different information in terms of their server traffic, reminding me of
the classic three blind men and the elephant story, or why one should
never see a surgeon about medical symptoms, because to a hammer,
everything is a nail (how about that for mixed metaphors). So, I will
let the geniuses there to try to figure this out, since it definitely is
NOT my department.

Anyway, I know this is long winded, and very off topic, but perhaps my
experience might help someone else with similar problems.

Art
 
Arthur Entlich said:
I want to apologize to anyone who has been trying to contact me via my
e-printerhelp email address. My ISP has cut my service for incoming
mail on and off over the last several days due to a "dictionary attack"
using my email address. I am currently trying to find the cause which
is very possibly a worm in my system.

I do not keep address books as a further safeguard, so hopefully the
emails sent out have been randomized and not directed at members here or
people who have requested my manual.

It may take a few days to clear this up, so please be patient.

The good news is I have contacts with people in the industry who have
offered to help me to track down my source of this worm, so if it was
sent to me accidentally, I can inform that person that they are
infected, but if it was sent from a malicious source, they'll help me to
prosecute the person responsible.

Art


Art
So sorry to hear about this unwelcome intrusion into your busy life.
I recently experienced a similar problem which my ISP was able to "immunize"
within a day. They tracked the culprit to "somewhere in the USA" but then the
trail got lost in a mire of spoofs and other methods of hiding the origin. I
think I got lucky, it seems the perpetrator was not too skilled. I hope that
you and your contacts can find the source and that justice is done. What is not
explicitly stated in your post is the enormous waste of time that victims are
forced to endure in order to get their lives back into a normal routine.
I wasted about 3 minutes trying to determine whether these people are worse
than Internet trolls and decided that none of them are worth my time.
Good luck and keep up the good work.
Regards
Tony
 
|I want to apologize to anyone who has been trying to contact me via my
| e-printerhelp email address. My ISP has cut my service for incoming
| mail on and off over the last several days due to a "dictionary attack"
| using my email address. I am currently trying to find the cause which
| is very possibly a worm in my system.
|
| I do not keep address books as a further safeguard, so hopefully the
| emails sent out have been randomized and not directed at members here or
| people who have requested my manual.
|
| It may take a few days to clear this up, so please be patient.
|
| The good news is I have contacts with people in the industry who have
| offered to help me to track down my source of this worm, so if it was
| sent to me accidentally, I can inform that person that they are
| infected, but if it was sent from a malicious source, they'll help me to
| prosecute the person responsible.
|
| Art

Art,

I'm getting bounced messages from your account (as of yesterday) but the
offer stands for back up.
 
Back
Top