 
cableties
Premium
join:2005-01-27
Levittown, PA
| Useless Legislators Spammers= 10(nth power)
CanSpam Act= 0
And our ISPs are so helpful and preventative. 
(I must say, kudos to the BBR security forums for their Faq and helpful supporters...Like CJ, etc...)  | |
|
 | firewire9999
join:2004-07-11
Livonia, MI | Re: Useless Legislators How are ISP suppose to responible for this?
More like dumb people whom open these attachments no matter how many times they have been told about it. | |
|
| 
InGreenwood
@garettes-store.com | My ISP, CableOne, is blocking these emails if you have their myspam setting on. (It is on by default, you would have to turn it off yourself) | |
|
| | 
TK Junk Mail
Go ahead, make my day
Premium
join:2002-03-03
Margate City, NJ
clubs:
 ·Comcast
edit:
April 13th, @09:49AM
| Re: Useless Legislators My several Comcast accounts emails 1st go thru the Comcast filters and then automatically forward to Gmail for consolidation and offsite archiving. And Gmail spam filters usually catch 99.9% of what is left. So, maybe 1 a week makes it thru all the filters. So this flood doesn't overly concern me.
P.S. I have seen none of the messages mentioned in this new item.
--
--
My BLOG
My Web Page | |
|
W8ASA
Tieng gi vay?
join:2000-07-31
Dayton, OH
clubs:  | I have received several.... of these. All but one got past ATT/Yahoo and McAfee e-mail scans/filters. If only there were a way to "nuke" those farthing bastidges who sent them.
--
Microwave and RF Components at www.ohiomicrowave.com | |
|
|
| 
jstep73
join:2004-02-28
Rock Island, IL | Re: I received one this morning I got one yesterday morning. I really like how the messages are always so cryptic and use very poor english.
It surprises me that people still open these attachments. | |
|
LordFlux
join:2005-04-20
Warner Robins, GA
·Cox HSI
 ·Alltel Axess
| I don't understand... I don't understand how anyone with a shred of common sense can open this e-mail. It's a very simple formula... if you don't know the person = delete the e-mail.
As for the particular spam e-mail at hand... I got one yesterday. My ISP used to have a decent SpamFilter in place. They upgraded their mail server software and the filter broke and no one has bothered to fix it. I love getting 400 e-mails a day from Ñ.Ñ. Ãîðøåíèí and Ô.Ô. Áóéëîâ... it makes me feel so special. | |
|
| 
GamerGeek
join:2003-07-26
Fortuna, CA
| Re: I don't understand... said by LordFlux  :I don't understand how anyone with a shred of common sense can open this e-mail. It's a very simple formula... if you don't know the person = delete the e-mail. As for the particular spam e-mail at hand... I got one yesterday. My ISP used to have a decent SpamFilter in place. They upgraded their mail server software and the filter broke and no one has bothered to fix it. I love getting 400 e-mails a day from Ñ.Ñ. Ãîðøåíèí and Ô.Ô. Áóéëîâ... it makes me feel so special. I think one thing you folks don't understand is that there are new computer users every day. They've had their computer for a whole week and are just getting their first run of emails, so they're going to open them thinking, "Maybe this is important!" I see them all the time, and I do tell them that if it's not an expected email, just delete it, but that doesn't always work, you see. | |
|
|
antiphishing
Nigerian 419 Scam Baiter
Premium
join:2004-06-09
Wilkes Barre, PA
| largest "spam blasts" in the past twelve months From: "Postmaster"
User-Agent: Thunderbird 1.5.0.9 (Windows/20061207)
MIME-Version: 1.0
To: sgtpepper_1967@yahoo.com
Subject: Virus Detected!
File name: patch_92657.zip
File size: 38kb
From: "Support Team Robot"
User-Agent: Thunderbird 1.5.0.9 (Windows/20061207)
MIME-Version: 1.0
To: html_edit@yahoo.com
Subject: Virus Alert!
File name: bugfix_16471.zip
File size: 38kb
From: "Support Team"
User-Agent: Thunderbird 1.5.0.9 (Windows/20061207)
MIME-Version: 1.0
To: html_edit@yahoo.com
Subject: Virus Activity Detected!
File name: hotfix_25203.zip
File size: 38kb
From: "Customer Support Center"
User-Agent: Thunderbird 1.5.0.9 (Windows/20061207)
MIME-Version: 1.0
To: html_edit@yahoo.com
Subject: Virus Detected!
File name: patch_1482.zip
File size: 38kb
--
Specializing in "takes downs" of phishing and advance fee scams
Send your Phishing/Advance fee scams to: phish@antihotmail.com
»/profile/1021645
| |
|
| kpatz
MY HEAD A SPLODE
Premium
join:2003-06-13
Manchester, NH
edit:
April 13th, @02:05PM
| Re: largest "spam blasts" in the past twelve months Most recent one I got is:
quote:
From: "Support Team" <***@cfl.rr.com>
User-Agent: Thunderbird 1.5.0.9 (Windows/20061207)
MIME-Version: 1.0
To: (my wifey's address)
Subject: Virus Detected! ***VIRUS DETECTED: (encrypted)***
X-Orig-Subject:Virus Detected!
Attachment: removal-66943.zip
My Linux firewall/email server box adds the ***VIRUS DETECTED*** message to the subj. line when it detects nasties.
Seems like the headers are consistent, particularly the User-Agent header. It's always that particular build of Thunderbird.
--
Windows Vista has detected that your mouse was moved. In order to enhance your user experience, Vista needs to contact Microsoft to re-activate the software. Please make sure you are connected to the Internet, have your credit card handy, then click OK. | |
|
| | d0nni3q
join:2006-11-05
Meadville, PA | Re: largest "spam blasts" in the past twelve months It's as simple as denying *.zip files for me. :-D | |
|
| |
antiphishing
Nigerian 419 Scam Baiter
Premium
join:2004-06-09
Wilkes Barre, PA
| said by kpatz :Most recent one I got is: Seems like the headers are consistent, particularly the User-Agent header. It's always that particular build of Thunderbird. I noticed that particular point also regarding the Thunderbird build number.
I thought the junk email along with the Trojans where coming from a single zombie machine with the Thunderbird email software installed.
After looking at all the emails again, at three of the spams infected with the malware had different IP numbers associated with them, which leads me to believe that the information is forged.
X-Originating-IP: [189.169.127.165]
X-Originating-IP: [201.79.68.55]
X-Originating-IP: [162.39.116.180]
--
Specializing in "takes downs" of phishing and advance fee scams
Send your Phishing/Advance fee scams to: phish@antihotmail.com
»/profile/1021645
| |
|
| | | kpatz
MY HEAD A SPLODE
Premium
join:2003-06-13
Manchester, NH
| Re: largest "spam blasts" in the past twelve months They're using a botnet to distribute these, so chances are every copy you see will come from a different IP.
The Thunderbird header is likely hard-coded in the template used to construct the emails.
Some other things I've noticed: every one has two Received: headers. This makes it look like each email is being relayed through another SMTP server, but in my limited testing, the IP address that sent the spam didn't respond on port 25, so the second Received: is likely spoofed with a random IP.
The GIF files containing the message are formatted uniquely. The name of the GIF varies, as well. The width varies from one to next, causing the text to wrap/format differently across different samples. Of course, the attachment name and password are always different, too. The passwords seem to always be three letters, two numbers, so this is probably a fixed random password generator algorithm.
--
Windows Vista has detected that your mouse was moved. In order to enhance your user experience, Vista needs to contact Microsoft to re-activate the software. Please make sure you are connected to the Internet, have your credit card handy, then click OK. | |
|
| | | |
antiphishing
Nigerian 419 Scam Baiter
Premium
join:2004-06-09
Wilkes Barre, PA
edit:
April 13th, @03:10PM
| Re: largest "spam blasts" in the past twelve months said by kpatz :Some other things I've noticed: every one has two Received: headers. This makes it look like each email is being relayed through another SMTP server, but in my limited testing, the IP address that sent the spam didn't respond on port 25, so the second Received: is likely spoofed with a random IP. I am starting to notice that the IP number in the "X-Originating-IP" line doesn't respond to port 25, 137,139 or 443.
I am thinking the Trojan infected machine (66.8.213.116) is being used to send the junk email at a much higher port number.
canonical name cpe-66-8-213-116.hawaii.res.rr.com.
aliases
addresses 66.8.213.116
----------
X-Apparently-To: sgtpepper_1967@yahoo.com via 216.252.121.75; Fri, 13 Apr 2007 00:48:54 -0700
X-YahooFilteredBulk: 66.8.213.116
X-Originating-IP: [66.8.213.116]
Return-Path:
Authentication-Results: mta257.mail.re4.yahoo.com from=wsc.edu; domainkeys=neutral (no sig)
Received: from 66.8.213.116 (HELO cpe-66-8-213-116.hawaii.res.rr.com) (66.8.213.116) by mta257.mail.re4.yahoo.com with SMTP; Fri, 13 Apr 2007 00:48:52 -0700
Received: from ijg ([149.104.110.89]) by cpe-66-8-213-116.hawaii.res.rr.com with Microsoft SMTPSVC(6.0.3790.0); Thu, 12 Apr 2007 21:48:18 -1000
Message-ID:
Date: Thu, 12 Apr 2007 21:48:18 -1000
From: "Postmaster"
User-Agent: Thunderbird 1.5.0.9 (Windows/20061207)
MIME-Version: 1.0
To: sgtpepper_1967@yahoo.com
Subject: Virus Detected!
----------
--
Specializing in "takes downs" of phishing and advance fee scams
Send your Phishing/Advance fee scams to: phish@antihotmail.com
»/profile/1021645
| |
|
| | | | | AdamD
join:2002-01-09
Maspeth, NY | Re: largest "spam blasts" in the past twelve months We don't have a spam problem. We have a stupidity problem. Actually, stupidity epidemic... A dog or cat can be taught not to do something, yet there are people stupid enough to open those attachments.
A. | |
|
| | | | | |
antiphishing
Nigerian 419 Scam Baiter
Premium
join:2004-06-09
Wilkes Barre, PA
| Re: largest "spam blasts" in the past twelve months said by AdamD :We don't have a spam problem. We have a stupidity problem. Actually, stupidity epidemic... A dog or cat can be taught not to do something, yet there are people stupid enough to open those attachments. A. I couldn't say it any better. 
--
Specializing in "takes downs" of phishing and advance fee scams
Send your Phishing/Advance fee scams to: phish@antihotmail.com
»/profile/1021645
| |
|
Devanchya
Smile
Premium
join:2003-12-09
Pickering, ON
 ·Bell Sympatico
| Infected Gif? Anyone know if the gif it's sending is Infected with the recent Image bug in Sun Microsystems Java.
Just nasty part of my brain thinking of a way to attack some Java based e-mail clients...
--
»www.codecipher.com - Marking the way to tomorrow's solutions | |
|
Britt
@covad.net
| Spam as Text Well here's one.... I received not one... but two text messages on my cell phone last night (1 am... I was NOT happy)
Both were the text of this email and both came from spoofed domains.
Man I was annoyed... not only does if cost me to receive texts... but it also interrupted my beauty sleep :P
and Verizon told me "sorry, there's nothing we can do about that." grrrrrr | |
|
Chax
join:2007-04-25
Lincoln, NE
edit:
April 25th, @09:44AM
| A tiny change -----Original Message-----
From: Customer Support [mailto:ccn@public1.sta.net.cn]
Sent: Tuesday, April 24, 2007 6:33 PM
To: XXXXXX
Subject: Spyware Alert!
------------
Only difference from the gif above is the password is now tub88
EDIT* tub88 was capitalized | |
|
| Chax
join:2007-04-25
Lincoln, NE
edit:
April 25th, @09:43AM
| Re: A tiny change Not used to these forums yet. | |
|
|
|
|
'Support Center Robot' Spam Blast
I received one this morning
·