Porn virus targets spam stoppers (Don't look at the pictures, sonny!)

BBC News ^

[Happy2BMe]

Anti-spam organisations are coming under attack from a virus written to bombard their websites with junk data.

The Mimail-L Windows virus poses as an e-mail from a woman called Wendy who writes about a sexual encounter and offers readers nude photographs.

Opening the message's attachment rewards users with a virus that forwards itself to everyone in their e-mail address book.

It also turns infected machines into junk mail relays that can be used to forward thousands of messages to one of eight anti-spam websites.

Porn offer

Like most other viruses, Mimail-L is aimed at users of Microsoft Windows and its Outlook e-mail program.

The Mimail-L virus also tries to harm anti-spam websites by sending an e-mail to infected users claiming that their credit card has been debited to pay for a CD full of images of child pornography.

The fake message gives a billing address that people can complain to if their card has been wrongly debited. However, this e-mail address is for the Spamhaus Project which is fighting spam rather than a child porn peddler.

"So many Internet users are flooding us with complaints about these child porn CDs that we supposedly ordered for them," said Steve Linford, founder of the Spamhaus Project.

Mr Linford said he was co-operating with the police to find out who was behind the Mimail-L virus.

He suspects that it is the work of an irate spammer, irritated at the success Spamhaus and other organisations are having defeating junk mail messages.

"They are angry with us because we try to stop the spamming cycle," said Mr Linford.

Organisations such as Spamhaus find and circulate lists of known spam organisations that helps net service firms block junk messages before they make it on to the web.

"It's the third Mimail variation to come after us," said Mr Linford, "except this one is trying to do more."

Anti-virus firms said Mimail-L was not widespread but warned people to be on their guard and keep anti-virus software up to date.

Other variants of Mimail target other websites with junk data attacks. Previous versions of the virus tried to steal credit card information.

[alwayzright]

I'm a computer security consultant. I have a friend that runs a large ISP and tracks spammers for a living. It is trivial to spoof those headers. If you're relying on headers then you're getting bad information...guaranteed.

[Keith in Iowa]

>>I'm a computer security consultant. I have a friend that runs a large ISP and tracks spammers for a living. It is trivial to spoof those headers. If you're relying on headers then you're getting bad information...guaranteed.

I've used headers to track and kill sources of spam - so don't tell me it can't be done, becuase I know otherwise.

[devane617]

templar, You are joking right? You did not really buy Life Insurance via a spam note, did you?

[alwayzright]

>> I've used headers to track and kill sources of spam - so don't tell me it can't be done, becuase I know otherwise.

Define "kill sources of spam." I'm sorry but headers are nothing to spoof. Do a google search. Not to mention the fact that most spammers use relays in countries that don't give a crap about spam, so I am highly doubtful that you did anything more than annoy someone running an open relay.

[Tree of Liberty]

I like Eudora, personally.

Same here. Been using it since '95.

[Hacksaw]

templar, You are joking right? You did not really buy Life Insurance via a spam note, did you?

Next you'll be saying my Nigerian investment partner is a scam.

[Keith in Iowa]

>>Define "kill sources of spam." <<

Is an ISP terminating service to someone good enough for you?

[alwayzright]

That doesn't kill a source of spam. You probably just got an open relay shut off. I assure you it takes much more to stop a spammer. If you're interested enough to go that far, do some research on the Internet. Tracking spammers is fascinating because it never ends. The spammers always find some new way to progagate their trash.

[Keith in Iowa]

Let me say it in plain, simple English: Yes - SOURCES of spam have been killed as a result of tracing headers. I have personal knowledge of ISPs applying their terms of service agreements and terminating services to customers for violations of the TOS agreements. Need I explain any more?

[arasina]

My latest adventures in spam have MY name in the "From" area. It's creative and innovative on the sender's part but I just delete them with the rest.

Why would spammers think that I would be fooled by a mail from myself and that anyone would BUY their krap anyway?

[templar]

You are joking right?

Not joking. 10 year level term for 100,000. Into third year in January. Through Tansamerica Life. The spam wasn't from Transamerica, it was a canvas from an independant agent. He offered me several choices to choose from.

I have a friend who refinanced his house as a result of a spam e-mail. Said he got a significantly better deal than any of the companies he had called directly. Spam is like any other solicitation. Some are good deals, others are bad deals, most is unrelated to anything I am interested in but I just delete those without bothering to read them.

[alwayzright]

I honestly don't think that you're understanding me. So why don't you explain to me, in technical terms, exactly how you tracked this spammer down using email headers. And then I will explain to you, in technical terms, how all you did was close an open relay that spammers use to forward their messages through.

[Keith in Iowa]

How hard is it? You look at an IP address source, do a whois, contact people - they verify crapola is flowing from said source. They kill said source. Simple enough for you?

[Keith in Iowa]

And, before you pop off any more about closing open relays...I'm talking about instances where sysadmins verified that no open relays are/were involved.

[alwayzright]

>> How hard is it? You look at an IP address source, do a whois, contact people - they verify crapola is flowing from said source. They kill said source. Simple enough for you?

Exactly. THE IP SOURCE IS SPOOFED!!!!!! Do a google search!!! There is TONS of FREE software out there to let you do this. So you call up the ISP of the IP address and tell them you're getting spam from the IP. The ISP shuts off the service of Joe User who has no idea what is going on. Simple enough for YOU? That's why this is a bad idea, because there is no way to tell when you've reached the ACTUAL source of the spam.

[alwayzright]

>> And, before you pop off any more about closing open relays...I'm talking about instances where sysadmins verified that no open relays are/were involved.

It is practically impossible to verify that no open relays were involved...not to mention unheard of. Spammers ALWAYS use open relays because they don't want to get caught. If you have actually received spam that was not routed through an open relay then you must have received spam from the dumbest, poorest spammer on the Internet.

[Keith in Iowa]

>> THE IP SOURCE IS SPOOFED!!!!!

I know spoofing is widespread. I'm not talking about that. I'm talking about specific instances where sysadmins have verified the source(s) of spam, and acted upon violations of TOS, and terminated service. Why is that so hard for you to understand?

[Keith in Iowa]

>> It is practically impossible to verify that no open relays were involved.

How? I's pretty damn easy when you personally know the people.

[tubebender]

I only get 5 to 15 a day and try to filter them with Eudora Lite. I've noticed more and more showing overseas addresses. I know people that get hundreds of spams a week. I'm wondering if the new Eudora 6 has more features for blocking spam...

[dubyagee]

I have used MS Outlook express for over a year now. I have received only one e-mail from someone I wasn't familiar with. I also have a hotmail address that I use as my e-mail address when registering for anything over the internet.

My hotmail account constantly receives spam...I only recieve mail from friends and relatives in my outlook account. That's my answer to spam. For those who must publicize their e-mail account...I have no answer.