[TowerTalk] Spam update

[David Robbins]

everyone should know there are at least 4 different ways you can be seen as sending spam and not know about it... and not all of them can be fixed by changing passwords!

1. virus on your machine - in this case the virus probably has access to your local address book and mail client if you use a program like outlook to send email.  the virus in this case could send mail that looks just like you, complete with stolen subject lines and even message text so that it looks like something you would say.  these may be found by virus or malware scanners, and can also be spotted by periodic slowdowns in the machine response or high network activity when you aren't doing anything.  you may also get back bounce messages and get cursed at by friends and relatives.  of course if you have this the virus could also steal credit card or other financial information, log keystrokes to get other passwords, etc.  this one can not be fixed by just changing passwords since the program is running on your computer and you login for it every time you get your mail.

2. hijack of pop/smtp password - if you use a mail service that uses a remote pop/smtp server the password for it can be guessed or stolen by a keylogger or other virus or hack of the isp's login or brute force.  in this case the password is given to a remote machine that sends mail through your isp that may or may not look like it is coming from you.  some isp's prevent this by only accepting logins from their own ip address ranges, but not all of them do this as it can prevent you from using their service while you are on the road.  This one will not be found by any scans on your computer, though your isp may be able to detect it by a series of failed logins or abnormal mail volume or strange ip addresses logging in as you.  the hijacker would not have access to your address book, but could intercept incoming email to get addresses and other information.  this one can be fixed by changing the password you use to retrieve/send mail through the isp.

3. forging return or reply-to address - this is one that you can not detect or stop.  it is often only noticed because you get a rash of bounced email notices from people you don't know.  how this works is that someone gets your email address, probably in a list bought or stolen for this purpose, or just scraped off a web page or discussion forum where you use your real address for replies.  the address is then used to forge the headings on spam the sender is generating so that it looks like you  sent the mail, though if you look at the details of the headers you will see it actually comes from some server other than the one you send mail from.  these servers are often quickly blacklisted because of the volume of spam they generate so are changed regularly, as are the addresses being used.  the recipients probably have no relation to you as they are also probably from some big list of addresses to be spammed.  often in messages sent like this the 'to' addresses will be hidden by using bcc or if not there will be a whole series of alphabetically sorted addresses.  again, there is nothing you can do to stop this one.  fortunately the spammers that do this have LOTS of addresses to work from so it is likely that yours will only be used for a short time.

4. hijack of webmail account - this is likely the source of many of the recent spam attacks, someone has hacked yahoo and some other places and got a bunch of passwords.  though it can also be someone who has just brute force guessed common passwords, or used some other exploit like phishing messages to get your password... ever get one of those 'your mailbox is full' or 'your account has been hacked' messages that asks for your email address and password so the administrator can fix it before you get cut off???  if you respond then you have just given the spammer another account to send their stuff from.  this could also compromise other accounts if you use it to collect mail from other services as it would have login/password information for other services you use.  for this reason i prefer to use outlook running on my computer to collect mail from the different accounts i use.  when this happens again the spammer gets access to your on-line address book (but not one you may have on your local pc only), and all the mail you may store on the server, so they can send mail that looks like it comes from you.  if you can still login you can change the password and it 'should' stop this one, unless the hacker intercepts the password change request and cancels it, or changes it so you can no longer log in.  this can be particularly bad if you have abandoned an account since you won't see replies to the accounts or notices from the provider so the spammer has free run of it until the provider cuts it off.



Aug 16, 2012 12:45:09 PM, dearborn9 at sbcglobal.net wrote:

I have received 14 direct messages that say "Just change your password" 
Thanks to all but..................when this junk started over 8 months 
ago that was the first thing I did was change my email password. I'm 
retired from a federal Law enforcement agency, identified by three 
letters . I know how to make up passwords using lots of mixed up letters 
etc, the govt is full of those!.......so far nothing has helped but 
thanks to all for the idea. Also to the one that said 'try changing your 
feedline to a better coax!!!! I admit that one did get to me. 73

Jim- WA9FPT
_______________________________________________



_______________________________________________
TowerTalk mailing list
TowerTalk at contesting.com
http://lists.contesting.com/mailman/listinfo/towertalk