Email Harvesting

Discussion in 'Ruby' started by Nikolai Weibull, Oct 19, 2003.

  1. I've been receiving a lot of Swen emails to my ruby-talk address lately.
    This mailing alias is rather new and so my guess is that this list is
    actively being harvested for emails. Is there something we can do to
    fix this? This is getting boring, my email bandwidth quota is being
    eaten by these goddam 150kb emails.
    nikolai

    --
    ::: name: Nikolai Weibull :: aliases: pcp / lone-star / aka :::
    ::: born: Chicago, IL USA :: loc atm: Gothenburg, Sweden :::
    ::: page: www.pcppopper.org :: fun atm: gf,lps,ruby,lisp,war3 :::
    main(){printf(&linux["\021%six\012\0"],(linux)["have"]+"fun"-97);}
     
    Nikolai Weibull, Oct 19, 2003
    #1
    1. Advertising

  2. Nikolai Weibull

    daz Guest

    "Nikolai Weibull" <> wrote:

    > This is getting boring, my email bandwidth quota is being
    > eaten by these goddam 150kb emails.
    > nikolai
    >



    See ...
    http://www.rubygarden.org/ruby?SoBigPopper (for Swen)

    Just replace three parameters with your local details.

    POP3Filter.new("server", "user", "pass").process
    (near end of script)

    It offers to delete Swen-alikes from your mail-server.
    e.g. Run it before starting your mail reader.

    ( Continues to be very useful to me. Thanks, guys. )


    daz
     
    daz, Oct 20, 2003
    #2
    1. Advertising

  3. Nikolai Weibull

    Dan Sugalski Guest

    On Sun, 19 Oct 2003, Nikolai Weibull wrote:

    > I've been receiving a lot of Swen emails to my ruby-talk address lately.
    > This mailing alias is rather new and so my guess is that this list is
    > actively being harvested for emails.


    That turns out not to be the case.

    Swen, like a number of other windows trojans, viruses, and worms,
    automatically scrapes a system's address book, mailboxes, web cache, and
    in some cases general files looking for anything that looks like an e-mail
    address. There's no list that's distributed, or any Master Evil Spammer
    sending these things out--just a depressingly large number of folks who
    actively infected their machines (swen *required* the user to run the
    infecting attachment by hand) and now have a widget installed that does
    the local scraping and mailing.

    If your email address is on someone's local machine for any
    reason--they're subscribed to the ruby-talk list, read a message via
    google groups, you sent them mail, someone sent them mail with you on the
    CC line, someone installed software with your email address in the docs,
    or is subscribed to a newsgroup with a local newsreader--you're going to
    get a swen if they get infected. Possibly many of them.

    Obfuscating email addresses on the web pages may help a bit, at least for
    a while, for the virus mail. Won't stop the spammers as much, as they're
    more likely to put a bit more effort into the deobfuscation, but it will,
    for now, slow swen and its ilk.

    Note that once *anyone* with your email address legitimately in their
    inbox or outbox gets infected you *will* get swens and their like--since
    these viruses all forge the from: as well as the to:, other people will
    get mail that looks like it's from you, which puts your address in the
    inbox, which makes it fair game for the automated scanners on more
    machines. And even if they avoid immediate infection, it may well be
    around for the next round of infection.

    Dan
     
    Dan Sugalski, Oct 22, 2003
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Patrick Meuser

    Tomcat Hybrid/Viral Harvesting

    Patrick Meuser, Aug 16, 2003, in forum: Java
    Replies:
    2
    Views:
    478
    bznutz
    Aug 17, 2003
  2. InfoDevGuy
    Replies:
    1
    Views:
    305
    red floyd
    Feb 2, 2007
  3. Humanass
    Replies:
    0
    Views:
    342
    Humanass
    Jun 22, 2007
  4. Humanass
    Replies:
    0
    Views:
    328
    Humanass
    Jun 22, 2007
  5. Adam Lipscombe

    How to stop google harvesting URL's

    Adam Lipscombe, Oct 26, 2007, in forum: Java
    Replies:
    2
    Views:
    345
    Roedy Green
    Oct 26, 2007
Loading...

Share This Page