[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: (TFT) Re: No Subject -- Ty's Windows box is a virus infested zombie.



Hi Martin - it's true that the problem of forged senders happens a lot for
the reason you state (using a real address is a way to trick some spam
filters). However, I'd argue this is a case of a compromised account because
the spam was sent to people most likely in the address book (contacts). It
was not just the TFT list who got the spam (look at the "To:" field of the
original spam).

Rick probably has the SMTP log to see the IP address of where the message
originated. I suspect it didn't come from Ty's machine or even his domain. I
can't see the connections beyond the brainiac.com network when I look at the
Received lines in the email I get from the TFT list (unless I'm missing
something).

When I've researched these things in the past (it's related to my day job),
it's a botnet that sends out the spams, but in small numbers, probably to
keep below the anti-spam radar. I have over 700 contacts in my Gmail
account, and I get at least one of these kinds of emails from someone per
week.

http://www.spamlaws.com/email-account-theft.html explains some ways email
accounts get stolen (it's usually a trojan virus or key logger).
https://ssl.scroogle.org/cgi-bin/nbbwssl.cgi?Gw=scbglobal+account+compromised
shows
that others with scbglobal.net accounts have had them compromised and used
to send similar spams unbeknownst to the real owners of the accounts.

On Wed, Dec 22, 2010 at 10:21, Martin Gallo <martimer@mindspring.com> wrote:

> Even more likely is that they discovered that he has a valid email address
> and are using it to send spam. It is a simple thing to use somebody else's
> valid email address in the 'reply to' field and it helps bypass many ISP
> spam filters. This has happened to me and it is annoying and it is identity
> theft and it does not seem to get prosecuted much by the legal authorities.
> My ISP recommended that I just change my email address (the one I have been
> using since 1994).
>
>
> On Dec 22, 2010, at 8:30 AM, Cris Fuhrman wrote:
>
>  Actually I suspect it's more than a virus. Hackers likely have (at least)
>> his account and password used for sending emails.
>>
>> Sent from my imitation iPhone.
>>
>> On 2010-12-22, at 7:44, Rick Smith <rsmith@lightspeed.ca> wrote:
>>
>>  Hi Ty,
>>> You are running windows and have been infected
>>> with viruses which are sending out spam to your
>>> contact lists.
>>>
>>> You may want to fix this.
>>>
>>> Warm regards, Rick.
>>>
>>> On Wed, 2010-22-12 at 03:03 -0800, Ty Beard wrote:
>>>
>>>> http://www.infocatania.it/territory.php
>>>> =====
>>>> Post to the entire list by writing to tft@brainiac.com.
>>>> Unsubscribe by mailing to majordomo@brainiac.com with the message body
>>>> "unsubscribe tft"
>>>>
>>> =====
>>> Post to the entire list by writing to tft@brainiac.com.
>>> Unsubscribe by mailing to majordomo@brainiac.com with the message body
>>> "unsubscribe tft"
>>>
>> =====
>> Post to the entire list by writing to tft@brainiac.com.
>> Unsubscribe by mailing to majordomo@brainiac.com with the message body
>> "unsubscribe tft"
>>
> =====
> Post to the entire list by writing to tft@brainiac.com.
> Unsubscribe by mailing to majordomo@brainiac.com with the message body
> "unsubscribe tft"
=====
Post to the entire list by writing to tft@brainiac.com.
Unsubscribe by mailing to majordomo@brainiac.com with the message body
"unsubscribe tft"