Sudden surge of spam through 3 of my mail addresses

Malware detection, cleaning and prevention

Sudden surge of spam through 3 of my mail addresses

Postby John W on Thu Dec 02, 2010 6:50 pm

Hi,

Over the last few days, I've started receiving spam, 3 today coming through 3 (so far!) of my 4 mailboxes.

All from gobbledegook names at yahoo or hotmail, simply telling me how much money the sender has made at home and with a link to Business Week Journal. There are only two names (always different) on the recipient list, so Firefox apparently isn't seeing this as spam. The subject line is simply "Re "

I'm getting fed up with this. What concerns me is that since more than one of my Exetel addresses is involved it suggests a problem at Exetel itself.

Any suggestions?

Cheers

John W
John W
John W
 
Posts: 16
Joined: Fri Sep 22, 2006 5:56 pm

Re: Sudden surge of spam through 3 of my mail addresses

Postby Dazzled on Thu Dec 02, 2010 7:19 pm

You can't get a list of email addresses from the mail server from outside, and it would be suicidal for an ISP to make and release one. Perhaps if you include a header from one of the spam messages someone can add something useful about this case (but remove or change your address, leaving only the "@exemail.com.au part intact in a public forum.)

If your email address is a dictionary word, or a Christian name, or indeed any name in the phone book, you are wide open to spammers - they simply read long lists and send out thousands from zombie machines until they hit a real recipient. A poor success rate doesn't matter as the zombie owner is paying. Once they get a live address, you can be fairly sure that more will follow.

Malware also reads the address books of infected computers to harvest real addresses, and spammer robots constantly scan websites and forums looking for more targets, so no matter how careful you are, you can be selected for this special attention. All you can do is make it harder for these pests. A good filter will learn when it is told an email is spam.
User avatar
Dazzled
Volunteer Site Admin
 
Posts: 6525
Joined: Mon Nov 13, 2006 1:16 pm
Location: Sydney

Re: Sudden surge of spam through 3 of my mail addresses

Postby John W on Thu Dec 02, 2010 8:13 pm

Thanks Dazzle. Appreciate your prompt response.

Some of my email addresses are based on real words and names, so maybe I am exposed as you say. I'll look into training Firefox to recognise such stuff. Any suggestions will be very welcome :P
The following is the source from one of the emails. :

From - Thu Dec 02 17:15:40 2010
X-Account-Key: account4
X-UIDL: 000014b8457f967b
X-Mozilla-Status: 0011
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-path: <olatzoj@hotmail.com>
Envelope-to: ****@exemail.com.au
Delivery-date: Thu, 02 Dec 2010 17:08:24 +1100
Received: from chestnut2.exetel.com.au ([220.233.0.75])
by chestnut.exetel.com.au with esmtp (Exim 4.71)
(envelope-from <olatzoj@hotmail.com>)
id 1PO2LA-0007jr-Q6
for ****@exemail.com.au; Thu, 02 Dec 2010 17:08:24 +1100
Received: from 146.2.233.220.static.exetel.com.au ([220.233.2.146] helo=mscip02.mailsentry.net.au)
by chestnut2.****.com.au with esmtp (Exim 4.71)
(envelope-from <olatzoj@hotmail.com>)
id 1PO2LA-000298-OX
for ****@exemail.com.au; Thu, 02 Dec 2010 17:08:24 +1100
Received: from snt0-omc2-s8.snt0.hotmail.com ([65.55.90.83])
by mscip02.mailsentry.net.au with ESMTP; 02 Dec 2010 17:08:24 +1100
Received: from SNT141-W23 ([65.55.90.71]) by snt0-omc2-s8.snt0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675);
Wed, 1 Dec 2010 22:08:23 -0800
Message-ID: <SNT141-w230182D76A1F56A9B6408DA6270@phx.gbl>
Content-Type: multipart/alternative;
boundary="_cdf24417-66cf-4869-863c-def7d7ca26b6_"
X-Originating-IP: [164.100.255.241]
From: "Olatz Ojanguren Aizpurua" <olatzoj@hotmail.com>
To: <nicole16@sympatico.ca>
Subject: re:
Date: Thu, 2 Dec 2010 06:08:23 +0000
Importance: Normal
MIME-Version: 1.0
X-OriginalArrivalTime: 02 Dec 2010 06:08:23.0121 (UTC) FILETIME=[534CDC10:01CB91E7]
X-Antivirus: AVG for E-mail 10.0.1170 [426/3291]
X-AVG-ID: ID5286AB32-11817EB9

--_cdf24417-66cf-4869-863c-def7d7ca26b6_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable


I just made =24553 in a few days in my spare time=21 Made it from - Busines=
s Week Journal friends help friends=21


-----
No virus found in this message.
Checked by AVG - www.avg.com
Version: 10.0.1170 / Virus Database: 426/3291 - Release Date: 12/01/10

--_cdf24417-66cf-4869-863c-def7d7ca26b6_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<html>
<head>
<style><=21--
=2E.hmmessage P
=7B
margin:0px;
padding:0px
=7D
body.hmmessage
=7B
font-size: 10pt;
font-family:Tahoma
=7D
--></style>
</head>
<body class=3D'hmmessage'>
I just made =24553 in a few days in my spare time=21 Made it from - <A href=
=3D=22http://x.co/KmMO=22> Business Week Journal</A> friends help friends=21=
<BR> </body>
<hr noshade=3D=22noshade=22 size=3D=221=22><p class=3D=22avgcert=22 align=3D=
=22left=22 color=3D=22=23000000=22>No virus found in this message.<br>
Checked by AVG - <a href=3D'http://www.avg.com'>www.avg.com</a><br>
Version: 10.0.1170 / Virus Database: 426/3291 - Release Date: 12/01/10</p></=
html>

--_cdf24417-66cf-4869-863c-def7d7ca26b6_--
John W
John W
 
Posts: 16
Joined: Fri Sep 22, 2006 5:56 pm

Re: Sudden surge of spam through 3 of my mail addresses

Postby Dazzled on Sun Dec 05, 2010 7:02 am

I got some of this model this morning on two email addresses. The encouragement to press a link is a strong hint that a Windows malware scheme lurks at the other end.

Both had my address in the Envelope field as usual, with guessed names in the To field. The From field contained Chinese characters, and the links in the body of the email were falsified. One actually went to Godaddy's URL shortener (ie obfuscator) x.co and the other to Google's shortener service goo.gl. Google claims to eliminate spammers from using their servers, but it's easy enough to Google up indications to the contrary.

Most email malware depends on HTML, which is not meant to be used in email, even if Microsoft foolishly encourages it. If you don't display HTML in your email client, you won't see a dangerous link.
User avatar
Dazzled
Volunteer Site Admin
 
Posts: 6525
Joined: Mon Nov 13, 2006 1:16 pm
Location: Sydney

Re: Sudden surge of spam through 3 of my mail addresses

Postby John W on Sun Dec 05, 2010 8:12 am

Thanks again Dazzle. Looks a if ???@exetel.com.au is being targetted at the moment. Fortunately the subject line makes them easy to identify. Just a nuisance provided we don't click the link. One wonders at the motivation of some people. I don't see any way of getting Firefox to filter them.

Cheers

John W.
John W
John W
 
Posts: 16
Joined: Fri Sep 22, 2006 5:56 pm

Re: Sudden surge of spam through 3 of my mail addresses

Postby Dazzled on Sun Dec 05, 2010 11:33 am

I looked into it a little further - the goo.gl account has been deleted, so the spam is a complete waste of time now, and the x.co site resolved to an attempt to sign you up for a get-rich-quick scheme, with an expiry date, natch--
Step 1
Go to this link, get more info and fill out a basic online form at Home Cash Flow Solution
They are still giving a 50% Discount

Step 2
After you sign up- you are given instant access to the Members Area to begin the Program. And the Support is Great!

Step 3
Deposit your earnings into your bank account! Enjoy Life!

Warning: The Discount offer is going to Expire 12/5/2010


It would be very nice if Godaddy and Google closed these spammers' toolkits to the public. Honest traders don't need link obfuscation, and not much modern software does either.
User avatar
Dazzled
Volunteer Site Admin
 
Posts: 6525
Joined: Mon Nov 13, 2006 1:16 pm
Location: Sydney

Re: Sudden surge of spam through 3 of my mail addresses

Postby JamesR on Sun Dec 05, 2010 11:36 am

I'm getting these emails too, not to my *@exemail.com.au addresses, but my externally hosted domain name email addresses.
Regards,

JamesR
Customer since 2005
JamesR
 
Posts: 569
Joined: Sun May 06, 2007 11:20 am


Return to Virus / spam / spyware issues

Who is online

Users browsing this forum: No registered users and 1 guest

cron