Another Worm Targets Anti-Spam Sites 538
kevinvee writes "Yahoo! is reporting about the next battle of Spam Houses versus Spamhauses. This time, its W32/Mimail-L receiving the attention. "It's the third Mimail variation to come after us, except this one is trying to do more," said Steve Linford, founder of The Spamhaus Project. Apparently this reincarnation comes as an attachment offering naked photographs. Once infected, a follow-up e-mail is sent to the user stating that a CD containing child pornography will be delivered to their postal address. "These guys write trojan (viruses), they carry out DDOS attacks and they get their money through selling stolen credit cards and spamming," Linford said."
Re:They should've known better (Score:2, Informative)
Re:baseball bat (Score:1, Informative)
I looked it up for you:
Microsoft Corporation
One Microsoft Way
Redmond, Washington 98052
Re:A honeypot credit card for spammers.... (Score:5, Informative)
Mastercard, wait, even better AmEx issues a card with the same idea. The card is used once in response to a single spam. The card is then cut up but not cancelled. Hand the card numbers and the billing address over on a platter.
Something similar to what you describe is already available via Sneakemail [sneakemail.com]. The concept is that they create a sneakemail.com email aliases to your real email account. So you create a label for each company who requests your email. So you would create a label called "Amazon.com" would be a good example. Sneakemail generates a unique @sneakemail.com email address for you to give Amazon.com. Sneakmail will then forward all mail to your real email address unless you tell it not to. You can easily see who is sending you spam by looking at who an email is addressed to (the foo@sneakemail.com address). You can also block an email alias so the sender gets a bounce notice when they try to spam you. There are other more complex rules you can use but that's the basic idea.
-Pato
I hate spam just as much as the rest of you... (Score:4, Informative)
<rant>
MAPS is one of them, and unfortunately I've been dealing with this problem first hand. I just installed a new server and out of the box Apache2 was setup to be an open proxy. It didn't take more then an hour or two before the IP was listed on MAPS-OPS. This is fine. However I promptly closed the proxy and notified them. What did they tell me, they sent me some canned email that told me to close the proxy.
Alright, so I double check again, I search google for open proxy testers, run them, they all return negative, I look at the MAPS "test report", all it says is:
IP: closed
IP: test finished.
Looks to me like the proxy is closed. I email them again, to say the proxy is closed, unless you can give me other details, your own test results seem to confirm this, whats going on?! They reply back saying their open proxy test is robust, advanced, and proprietary, therefore they can not give me any information regarding the test. Not only that, they want me to show what I did to close the proxy, and prove to them that I am the server administrator! Oh, and the best part, they want the email to come from abuse@<blocked_IP> or postmaster@<blocked_IP>.
Well, for one I can't email them from those addresses because THEY BLOCKED ME! For two, how can I prove I'm the server administrator? The email address I'am using to contact them is listed in the whois record for the domain as the "admin contact". Thats not good enough though apparently. What do they want, a digital photo of me standing beside the server with a big "anti-spam" sticker on it?
Thats the last I heard from them, they blocked me from filling out there "remove me from the list" form. Nice.
If every open relay and proxy in the world was closed at this minute, MAPS would go out of business, therefore they have absolutely no interest in removing people from their list.
</rant>
sure we can blame M$. (Score:2, Informative)
As others have pointed out, this attack vector isn't persea the software that user is running. The attack vector is the user, the old PEBKAC (Problem Exists Between Keyboard and Chair), which has been showing up as the resolution to many tickets in our troubleticket system.
I'd hate to be resolved by your company.
The problem is no matter what we do, we can't prevent our users from shooting themselves in the foot.
Do you have exploits available for mutt, kmail, mozilla mail or pine? Bill Gates would pay you good money for that. No? Oh well. A small amount of user education, the variety of free software and free software's far superior security models would stop the wholesale abuse of the internet that M$ crap enables. Users have to go therough lots of trouble to set up the kinds of junk that M$ enables without ANY user intervention.
Of course a big admin like you would never have to wipe an reload a machine, now would you? Ha, blame the user for having abused the poor little box. Give me a break. Clicking widgets on the world wide web should not be able to destroy a users machine.
Re:They destroyed Usenet a long time ago... (Score:3, Informative)
Methods to get spammed when you know better:
If none of these things had happened to me since 1998, my current address would probably be spam free.
Explaining the problem to people beforehand is only so effective. Telling off your friends after the fact is not a solution. Eventually you just have to give up. My work address has been quite safe, I generally don't use it to correspond with the outside world, especially non-technical people and it is reasonably cryptic, but my personal address is ceaselessly bombarded.