O.T. Re: Worm Attack
- From: Arthur Entlich <e-printerhelp@xxxxxxxx>
- Date: Thu, 06 Mar 2008 03:39:26 GMT
Thanks for your concern, it's for money!
If anyone is interested here's the story as it currently stands:
My ISP is now investigating. My email address that I use for e-printerhelp is not the email address I actually send or ultimately receive from. The mvps(dot)org account is a free perk I get for being a Microsoft MVP. I use it in case I change my ISP at some point, because in the past when I did so, people would lose me until my new address got well publicized. In fact, I still get people complaining that they tried may old address and it bounced (and those addresses have been out of serve for at least 5 years). So, all email goes through the mvps(dot)org account and is automatically forwarded to my ISP account. What is known is that private email and the Epson Yahoo mail which both go to that same ISP mailbox was bouncing at their server, and I was lucky to receive a couple of those bounced message forwarded to me from people when the mailbox started to accept email again, and the problem is definitely a block at my ISP mailbox. The mvps(dot)org "Postmaster" indicated 38 attempts to forward on email before it gave up.
So, what we know at this point is the bounce was generated at my ISP. I even sent an email to myself using another mailbox and it also bounced during one of those period, so that's confirmed.
The other clue is when my mailbox started working again, I received another postmaster generated message from another ISP which indicated an email I had sent was bounced on a "policy-related" issue (probably a spam filter). They did not return the message, only the subject and the email was not sent by me. It had a subject of "Pharmacy Online March 70% OFF". I've received these myself, since I don't filter any spam.
That email was sent to an address that started with "eprintable". Apparently, there are worms that start with the address they are mailing from as the route name, and then use dictionary words to morph the address and send those emails out. Obviously, that makes for a lot of nonsense addresses which bounce, but some also get though. I guess one way to avoid this is to use an email address that doesn't use any dictionary words.
Now, here is where it gets interesting to those of us who have too much time on their hands (ho-ho)... I placed the full subject phrase in quotes into Google, and got several hits of websites that post captures of spam emails, and determined the company name. I also was able to check the url link in their spam, and went to their website, which is an on-line pharmacy (obviously). I then went to their posted spam policy, where they make all the usual claims that they do not support unsolicited email (spam) and that they expect all their distributors to use an opt-in service, and that those who do not will be (eventually, after like 6 warnings) be terminated.
I then went to their "spam complaints" section, and told them basically what happened to date, and they claim on their website that they are very proactive about these matters and will respond to all claims within a day. I also told them I will be placing a formal complaint to their ISP and to law enforcement once it is verified it has anything to do with them. It may just be a coincidence that I received that bounced email, and the actual source of the problem may be another source.
Of course, they didn't get back to me (yet). Now, its up to the experts at my ISP abuse division to figure this all out. They currently don't agree what exactly happened, and each level seems to have access to different information in terms of their server traffic, reminding me of the classic three blind men and the elephant story, or why one should never see a surgeon about medical symptoms, because to a hammer, everything is a nail (how about that for mixed metaphors). So, I will let the geniuses there to try to figure this out, since it definitely is NOT my department.
Anyway, I know this is long winded, and very off topic, but perhaps my experience might help someone else with similar problems.
Art
Burt wrote:
"Arthur Entlich" <e-printerhelp@xxxxxxxx> wrote in message news:satzj.44920$w94.17208@xxxxxxxxxxxx.
I want to apologize to anyone who has been trying to contact me via my e-printerhelp email address. My ISP has cut my service for incoming mail on and off over the last several days due to a "dictionary attack" using my email address. I am currently trying to find the cause which is very possibly a worm in my system.
I do not keep address books as a further safeguard, so hopefully the emails sent out have been randomized and not directed at members here or people who have requested my manual.
It may take a few days to clear this up, so please be patient.
The good news is I have contacts with people in the industry who have offered to help me to track down my source of this worm, so if it was sent to me accidentally, I can inform that person that they are infected, but if it was sent from a malicious source, they'll help me to prosecute the person responsible.
Art
Art - sorry to hear about your attack. It is beyond my understanding why people do these random malicious acts.
- References:
- Worm Attack
- From: Arthur Entlich
- Re: Worm Attack
- From: Burt
- Worm Attack
- Prev by Date: O.T. Re: Worm Attack
- Next by Date: Re: HP LJ1100 edges streaking grey
- Previous by thread: O.T. Re: Worm Attack
- Next by thread: Re: Worm Attack
- Index(es):
Relevant Pages
|
