spam

[Roedy Green]

That's the part where I'm surprised you are so naive.

There are a number of possible ways a brat could produce the effects
in my mailbox.

Many of the messages were of the form "your message bounced" with
nothing much else, but in a zillion variants.

That could have been the result of a spammer or virus using my good
name to break through antispam filters. One side effect is mail from
me to AOL customers no longer gets through.

I have not seen volumes like this since the Kosovo war when I upset
some people with my political views. I received 80,000 emails.

The pattern now is many of the messages that standard scam "install
this security update from Microsoft".

I used the term spam loosely to mean "unwanted email". I did not mean
to imply those thousand of messages were trying to sell me anything.

Imagine if telephones had this susceptibility, and if even a few
subscribers failed to disinfect their phones daily the whole system
could come to a crashing halt. That is no way to design a system. You
can't depend on ignorant users to do things necessary to protect the
entire community. That has to be taken over by the ISPs.

 

[Chris Smith]

Excellent suggestions. Also checkout spamcop.net which has free tools to
analyze headers and notify correct authorities.

Whoa, there! The mail Roedy is getting is almost certainly not spam,
but rather one of the several viri/worms going around. I'm in exactly
the same boat. Reporting this to SpamCop is unlikely to do any good,
and is likely to get the folks at SpamCop a bit miffed at you for
reporting virus email as spam.

--
www.designacourse.com
The Easiest Way to Train Anyone... Anywhere.

Chris Smith - Lead Software Developer/Technical Trainer
MindIQ Corporation

 

[Chris Smith]

do any of the spam filters deal with this? It annoys me to filter out
every sort of bounce message, because sometimes messages I send
bounce, and that I do want to know about.

Roedy,

The same thing is happening to me right now. I looked, and could not
find a better solution. So, I'm just filtering any mail that contains
phrases like "Undelivered mail to .*@.*" and several other variants. I
figure I won't have to do it for too awfully long before the whole thing
goes away.

--
www.designacourse.com
The Easiest Way to Train Anyone... Anywhere.

Chris Smith - Lead Software Developer/Technical Trainer
MindIQ Corporation

 

[Roedy Green]

Every one of them with your email address in an address book of some
correspondent of yours is cheerfully including you in the recipients of
the next generation of the virus, who knows how many times.

I got a phone call from my ISP. They are shutting down my email
account. 5 gigabytes of this crap arrived overnight.


He figures someone is targeting me specifically since no other
customers are this affected. I think it is just that I am in many
people's email address books.

 

[Mark Thornton]

I got a phone call from my ISP. They are shutting down my email
account. 5 gigabytes of this crap arrived overnight.


He figures someone is targeting me specifically since no other
customers are this affected.

I think it is just that I am in many
people's email address books.

That is certainly the reason. Some of these virus also check newsgroup
postings and you are certainly in a few of those. I'm getting about 60
an hour at the moment (~9MB/hour), while my mail box at the ISP has a
limit of 10MB. So if I don't check at least once an hour genuine mail is
likely to be lost.

Mark Thornton

 

[Chris Smith]

Many of the messages were of the form "your message bounced" with
nothing much else, but in a zillion variants.

There are a couple possible reasons for that. The ones I know of are:

1. The viruses that are sending other people these messages choose From
and Sender addresses from people's address lists. The only place
receiving SMTP servers have to send their bounces is the From or Sender
address, so you get the bounce.

2. Virus writers have noticed that bounce messages often attach the
original mail, and that receivers of bounce messages often open the
attachment instinctively to see what bounced. They therefore send fake
bounce messages with the virus directly attached, in hopes that you'll
run it before you notice that something's odd.

Most of the "bounce messages" I am getting right now seem to fall into
the latter category; they are obviously faked.

Imagine if telephones had this susceptibility, and if even a few
subscribers failed to disinfect their phones daily the whole system
could come to a crashing halt. That is no way to design a system. You
can't depend on ignorant users to do things necessary to protect the
entire community. That has to be taken over by the ISPs.

I can't imagine this will continue too much longer before something
happens. The last go-round, my ISP (EarthLink) modified their SMTP
servers so that if you actually got infected and tried to send an
infected email message, it would temporarily suspend your ability to
send email through an Earthlink dial-up account. I thought that was
pretty creative and helpful of them.

--
www.designacourse.com
The Easiest Way to Train Anyone... Anywhere.

Chris Smith - Lead Software Developer/Technical Trainer
MindIQ Corporation

 

[Chris Smith]

That is certainly the reason. Some of these virus also check newsgroup
postings and you are certainly in a few of those. I'm getting about 60
an hour at the moment (~9MB/hour), while my mail box at the ISP has a
limit of 10MB. So if I don't check at least once an hour genuine mail is
likely to be lost.

I'm in the same boat here (though a bit more mail). Luckily, I have a
cable modem, and I can just leave my email program open, set to check
every 5 minutes and automatically delete anything that looks like a
bounce message or a "Microsoft security patch".

--
www.designacourse.com
The Easiest Way to Train Anyone... Anywhere.

Chris Smith - Lead Software Developer/Technical Trainer
MindIQ Corporation

 

[Sudsy]

I got a phone call from my ISP. They are shutting down my email
account. 5 gigabytes of this crap arrived overnight.


He figures someone is targeting me specifically since no other
customers are this affected. I think it is just that I am in many
people's email address books.

I'm getting hit as well. Thank goodness it's only going to my
Hotmail account. Of course that's why I used that account in
the first place...let someone else take care of the garbage.
I'm fairly certain that the compromised e-mail address was
harvested from the newgroup; I don't use it for any "serious"
work.

 

[Sudsy]

I got a phone call from my ISP. They are shutting down my email
account. 5 gigabytes of this crap arrived overnight.


He figures someone is targeting me specifically since no other
customers are this affected. I think it is just that I am in many
people's email address books.

I'm getting hit as well. Thank goodness it's only going to my
Hotmail account. Of course that's why I used that account in
the first place...let someone else take care of the garbage.
I'm fairly certain that the compromised e-mail address was
harvested from the newgroup; I don't use it for any "serious"
work.

 

[Carl G.]

A mindless sort of spam is filling my mailbox up with 200+ pieces of
junk every time I look. Many of these are appear to be bounced
messages I never sent. What tools do you use to deal with this. I am
using SpamDetective, but it is overwhelmed by this.

I have also been getting hundreds of virus-laden messages each day. I
changed the e-mail address given on my web-site, and in a couple of hours I
was getting messages sent to the new address. Apparently the new batch of
worm/virus programs get their "From" addresses out of certain files (e.g.,
*.htm) on the infected computer's system. Since visitors to my web-site
load the *.htm files into their system cache, the virus programs were
finding my e-mail address in the "mailto:" fields inside of the cached
files. To stop this, I no longer put my e-mail addresses in text format,
but only show them inside of an image file (*.gif). This makes it less
convenient for my visitors (they can't send e-mail by just clicking on a
mailto: field).

Carl G.

(Reply by converting the words to digits)

 

[Kent Paul Dolan]

I got a phone call from my ISP. They are shutting down my email
account. 5 gigabytes of this crap arrived overnight.

He figures someone is targeting me specifically since no other
customers are this affected. I think it is just that I am in many
people's email address books.

Yep, you have the right of it. I saw the storm start when it was only
two hours old, due to my weird sleep habits, so when my ISP opened for
business five hours later, there was a message from me telling them "a
virus storm is starting" (I didn't know it was really a worm at the
time).

They came back to me with the same answer you got: "it must be you, no
one else is having this problem".

Okay, so I have around 5000 correspondents around the world.

Now they are trashing any email to anyone on the site sized over 150K, a
shame since that's right in the middle of the worm email size
distribution; I'm now getting about the same rate of worms arriving as
before, but none of them 150K or larger. I've sent emails to let them
know they need to set their filter at 130K, but it's the weekend...

However, at least they know it isn't "just me" any more. Probably your
ISP will also catch a clue sometime soon.

I have responses from around the planet confirming the problem, everyone
seeing it at some proportion to the number of their regular email
correspondents.

It is a bit frustrating to have told my ISP about coming problems so
many times and been dismissed so many times; they seem not to learn from
my record of being right in the end.

With 42 years of computer experience, I can almost _smell_ problems
coming.

Oh, well, it's the same problem that costs me so many jobs; Casandra is
a very unpopular lady.

xanthian, who was a bit stunned to find you have three times as many
articles archived on google as me.

 

[Gary M]

Reporting this to SpamCop is unlikely to do any good,
and is likely to get the folks at SpamCop a bit miffed at you for
reporting virus email as spam.

Joe jobs can be spam, but your point is well taken in the light of current
virus.