Why the surge?

Barb Pelton

SGF, Supreme Grumble Framer
Joined
Apr 14, 2002
Posts
2,823
Loc
The Show Me State
In virus infected e-mails? Postini is suddenly catching 35-40 of them a day which is more than I usually get in a year! What's up with that and is there anything I can do to head these off?
 
Hi Barb

By any chance, was your email address recently posted on a public forum like this one, or on a web site?

It sounds like it was harvested. :(

Mike
 
I wonder if it corresponds with the sudden surge of responses I'm getting to emails I never sent.

Most of them have subject lines like, "Your email was rejected by our spam police" but some of them say, "Thank you for requesting information" or "Here is your new password."

It takes all my self-control not to respond to the responses.
 
That is really wierd. My wife just called and said she had like 60 new messages this weekend. They sounded like Ron was saying, allthough a lot of them were from people in her address book. Is there something new out there? She has a yahoo account.

Jeff
 
My guess would be: W32.Mydoom.BO@mm

It came out over the weekend

"W32.Mydoom.BO@mm is a worm that uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer. The worm also opens a back door on TCP port 6677."
 
It's not new.

Somebody wants to distribute some spam, or maybe a virus, but they certainly don't want their return address on it, so they borrow mine, or your wife's.

What's new is I'm getting 30-35 of these back each day.

They all go into my bulk mail folder, where they get deleted, so it's a minor annoyance. I'd be a little more concerned if, like your wife, I thought these bogus emails were going to people in my address book.
 
I opened one up in Postini and it confirmed that it is the sober virus variation. I'm thankful it isn't actually reaching my computer, but they generate a warning e-mail for each and every incident, which is a lot.

Thanks, Dermot for the link.

I purchased something on e-bay recently, so maybe it got picked up from there.

How will this thing get stopped? It seems to be worse every day, and this is the 4th day I've gotten these! It makes me mad that people don't have anything better to do with their lives than this! :mad:
fire.gif
 
It'll get stopped as the people infected update their virus definition files and clean the infections off their computers.

Someone (or several people) on your contact list are probably infected, which is why you're seeing familiar names coming in. They have each other in their contact lists and share some of the same friends.

Mike
 
I keep getting the "your registration was not completed, please refile" type of thing or "your new password is..."

about 50 per day
Patrick Leeland
 
I got about 30 emails during the weekend. I don't usually get 30 in 2 weeks!

Curious thing, though, ALL my emails were "Your email was returned, blah, blah, blah" And not a single one that I supposedly 'sent' that was 'returned' was anybody in my address book, or anybody's email address I even recognized.

But, between McAfee, Norton and a couple of other ones, I don't think I actually SENT a virus. And I don't think my computer Got a virus...Got a virus...Got a virus...Got a virus...Got a virus...(although the keys have finally started sticking, resulting in doubling some letters)
 
More than likely, one of your friends DID get a virus. They're spreading it in your name to everyone in their own contact list, and the bounced emails (old email addresses that dont work) are being returned to the "real" you.

Mike
 
I have received many like Dermot described.

I use Mozilla as a back up browser. I would use it as my main browser but it is a bit slower than NS. Those with newer computers might like Firefox which is a newer version of Mozilla. In case you don't know, both Firefox and Mozilla are freeware.
 
I've just begun receiving a bunch of messages similar to Charles... Subject lines like "your email was rejected", "your email account has been cancelled", "email password rejected" and ALL of those contain

W32.mytob.gen.MM

All of them are being sent to different alias email addresses @ rockeby's dot com. Even with McAfee virus scan disabled, they're being caught; though they were suspicious enough not be be opened.

I have to say that since enabling "Spam Assassin" (default settings) on the email server, Spam has decreased from triple digits to single digits. Reviews of trapped spam show that thus far 0% of the items flagged as spam have been legitimate, which was also suprising but welcome.
 
I use spam assassin heavily on all of my sites, and love it. I have also added filters of my own to zap messages that have specific words (prescription drugs spelled wrong, mortgage offers, etc) It works!

I think this is the one:

W32.Mydoom.BQ@mm Discovered on: May 09, 2005

aka: Net-Worm.Win32.Mytob.au [Kaspersky Lab], W32/Mytob-AU [Sophos], WORM_MYTOB.EG [Trend Micro]

W32.Mydoom.BQ@mm is a mass-mailing worm that uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer and has back door capabilities.

Subject: (One of the following)
Notice: **Last Warning**
Your email account access is restricted
Your Email Account is Suspended For Security Reasons
Notice:***Your email account will be suspended***
Security measures
Email Account Suspension
*IMPORTANT* Please Validate Your Email Account
*IMPORTANT* Your Account Has Been Locked

It terminates antivirus software, blocks access to a/v update sites, emails itself to any address it finds on the infected computer with its own email engine, connects to IRC and sends personal info to a server there.
 
I used to get about 100 pop-ups/spam messages per day at work - I switched to FireFox and get about 1 pop-up per month and very very few spam messages.
 
Back
Top