Professional Web Applications Themes

Spam Attacks - SCO

I have received hundreds of emails from a single IP address with forged names since yesterday. The subject is usually something like "Re: Approved" or "That Movie", etc. Initially there was an approx. 100K attachment (what is a PIF file anyway?) but now they refer to an attachment that isn't there. First, my set up: Firewall: MultiTech RF550VPN with only port 25 open Mail Server: UnixWare 7.1.0 with ptf7130e installed (I had to use my old sendmail.cf file as the new one would not allow inbound mail and I don't speak sendmail.) The domains are sometimes those of companies I ...

  1. #1

    Default Spam Attacks

    I have received hundreds of emails from a single IP address with forged
    names since yesterday. The subject is usually something like "Re: Approved"
    or "That Movie", etc. Initially there was an approx. 100K attachment (what
    is a PIF file anyway?) but now they refer to an attachment that isn't there.

    First, my set up:
    Firewall: MultiTech RF550VPN with only port 25 open
    Mail Server: UnixWare 7.1.0 with ptf7130e installed
    (I had to use my old sendmail.cf file as the new one
    would not allow inbound mail and I don't speak sendmail.)

    The domains are sometimes those of companies I have received mail from in
    the past with bogus user names, e.g., [email]bogussupplier.com[/email]. While I do have a
    M$ system on my LAN, it is never allowed to touch email; that is entirely
    done from my UW7 and OSR5 systems. I do occasionally use it for browsing
    when IE is required due to backwards web sites I must sometimes access;
    otherwise I use Mozilla from SCO Linux or M$.

    I have successfully put a stop to the messages showing up by adding a
    Received: line in my .maildelivery file with the single IP address.

    Question: Is this a fluke and I am the "winner" chosen to receive this ilk
    or is this a coordinated attack? (The messages are not "normal" spam in that
    they do not attempt to sell anything or lead me to their web site; it just
    slows my systems down processing the trash.)

    I also have a much smaller number of delivery failed messages where it uses
    my return address in the From: line with the same bogus email addresses in
    the
    To: line. (This bothers me more than the in bound garbage; I do not want my
    system used to inundate any one else' system. Perhaps low bandwidth does
    have its benefits!)

    Thank you,
    Lucky

    Lucky Leavell Phone: (800) 481-2393 (US/Canada)
    UniXpress - Your Source for SCO OR: (812) 366-4066
    1560 Zoar Church Road NE FAX: (812) 366-3618
    Corydon, IN 47112-7374 Email: [email]luckyUniXpress.com[/email]
    WWW Home Page: [url]http://www.UniXpress.com[/url]

    Lucky Leavell Guest

  2. #2

    Default Re: Spam Attacks

    On Thu, 21 Aug 2003 15:18:06 GMT, Lucky Leavell <luckyunixpress.com>
    wrote:
    >I have received hundreds of emails from a single IP address with forged
    >names since yesterday. The subject is usually something like "Re: Approved"
    >or "That Movie", etc. Initially there was an approx. 100K attachment (what
    >is a PIF file anyway?) but now they refer to an attachment that isn't there.
    >
    >First, my set up:
    > Firewall: MultiTech RF550VPN with only port 25 open
    > Mail Server: UnixWare 7.1.0 with ptf7130e installed
    > (I had to use my old sendmail.cf file as the new one
    > would not allow inbound mail and I don't speak sendmail.)
    >
    >The domains are sometimes those of companies I have received mail from in
    >the past with bogus user names, e.g., [email]bogussupplier.com[/email]. While I do have a
    >M$ system on my LAN, it is never allowed to touch email; that is entirely
    >done from my UW7 and OSR5 systems. I do occasionally use it for browsing
    >when IE is required due to backwards web sites I must sometimes access;
    >otherwise I use Mozilla from SCO Linux or M$.
    >
    >I have successfully put a stop to the messages showing up by adding a
    >Received: line in my .maildelivery file with the single IP address.
    >
    >Question: Is this a fluke and I am the "winner" chosen to receive this ilk
    Nope, we're all winners :-)
    [url]http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SOBIG.F[/url]
    >or is this a coordinated attack? (The messages are not "normal" spam in that
    >they do not attempt to sell anything or lead me to their web site; it just
    >slows my systems down processing the trash.)
    >
    >I also have a much smaller number of delivery failed messages where it uses
    >my return address in the From: line with the same bogus email addresses in
    >the
    >To: line. (This bothers me more than the in bound garbage; I do not want my
    >system used to inundate any one else' system. Perhaps low bandwidth does
    >have its benefits!)
    >
    >Thank you,
    >Lucky
    >
    >Lucky Leavell Phone: (800) 481-2393 (US/Canada)
    >UniXpress - Your Source for SCO OR: (812) 366-4066
    >1560 Zoar Church Road NE FAX: (812) 366-3618
    >Corydon, IN 47112-7374 Email: [email]luckyUniXpress.com[/email]
    >WWW Home Page: [url]http://www.UniXpress.com[/url]


    Scott McMillan

    Scott McMillan Guest

  3. #3

    Default Re: Spam Attacks

    On Thu, Aug 21, 2003, Lucky Leavell wrote:
    >I have received hundreds of emails from a single IP address with forged
    >names since yesterday. The subject is usually something like "Re: Approved"
    >or "That Movie", etc. Initially there was an approx. 100K attachment (what
    >is a PIF file anyway?) but now they refer to an attachment that isn't there.
    >
    .....

    This is just the latest in a long line of worms that feed on the Microsoft
    virus, Windows. It's been hitting big-time all over the 'net. All the
    messages have forged headers so they appear to come from people you may
    know (I'm getting large numbers of bounce messages saying my mail couldn't
    be delivered, and anybody who knows me knows that I don't do M$ Windows in
    any way shape or form :-).

    Bill
    --
    INTERNET: [email]billCelestial.COM[/email] Bill Campbell; Celestial Systems, Inc.
    UUCP: camco!bill PO Box 820; 6641 E. Mercer Way
    FAX: (206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676
    URL: [url]http://www.celestial.com/[/url]

    There is no distincly native American criminal class save Congress
    -- Mark Twain
    Bill Campbell Guest

  4. #4

    Default Re: Spam Attacks

    Bill;
    Thanks to your reply and Scot McMillan's, I am apparently ONLY on the
    recieving end of this one. I checked my Win95B system and found no trace of
    the virus files (I don't have antivirus software) which is probably not too
    surprising as I do not allow it anywhere near email, not even as a reader.
    I was concerned as it apparently picked up some familiar domain names from
    my system but then there were domain names that were also unfamiliar. I use
    Pine exclusively as my MUA and doubt many virii read Pine's address book
    though it be a plain text file. Guess I'll just sit tight until 9/10...

    Thank you,
    Lucky

    Lucky Leavell Phone: (800) 481-2393 (US/Canada)
    UniXpress - Your Source for SCO OR: (812) 366-4066
    1560 Zoar Church Road NE FAX: (812) 366-3618
    Corydon, IN 47112-7374 Email: [email]luckyUniXpress.com[/email]
    WWW Home Page: [url]http://www.UniXpress.com[/url]

    Lucky Leavell Guest

  5. #5

    Default Re: Spam Attacks

    Lucky Leavell <luckyunixpress.com> wrote:
    >I have received hundreds of emails from a single IP address with forged
    >names since yesterday. The subject is usually something like "Re: Approved"
    >or "That Movie", etc. Initially there was an approx. 100K attachment (what
    >is a PIF file anyway?) but now they refer to an attachment that isn't there.

    And you think you are the only one?

    :-)

    We're ALL getting them: [url]http://aplawrence.com/Blog/B394.html[/url]

    --
    [email]tonyaplawrence.com[/email] Unix/Linux/Mac OS X resources: [url]http://aplawrence.com[/url]
    Get paid for writing about tech: [url]http://aplawrence.com/publish.html[/url]
    ~
    ~

    tony@aplawrence.com Guest

Similar Threads

  1. please ignore - testing for source of spam attacks
    By Derek Clarkson in forum IBM DB2
    Replies: 3
    Last Post: September 23rd, 10:14 PM
  2. dogma ...without the personal attacks
    By hudson in forum PERL Miscellaneous
    Replies: 13
    Last Post: August 21st, 05:56 AM
  3. Preventing SQL Injection Attacks
    By Hans Spaans in forum PHP Development
    Replies: 19
    Last Post: August 18th, 07:21 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139