A flood of spams - another virus on the way?

From: Paul Sture (p_sture_at_elias.decus.ch)
Date: 09/19/03 

Date: 19 Sep 03 07:34:20 +0200

More spams. Is this another virus / worm on the loose?

Since 13:44 CET yesterday I have received some 114 spam messages (oops, another
one just came in) in this account.

Normally I just get 3 or 4 per day. Spam filters are in place and the last
time they were adjusted was for the last round of email attacks - SoBig.F

I don't have time to analyze the contents of any at the moment, but here's
a summary for the rest of you:

$ mail

You have 112 new messages.

MAIL> dir
                                                                         NEWMAIL
    # From Date Subject

    1 MX%"rcfgam-svmrgrq@n 18-SEP-2003 new microsoft patch
    2 MX%"amailprogram@roc 18-SEP-2003 Returned Message
    3 MX%"eknlmalraq_57934 18-SEP-2003 Network Security Pack.
    4 MX%"rob@mirr.demon.n 18-SEP-2003 Newest Microsoft Critical Patch
    5 MX%"qmailengine@amer 18-SEP-2003 failure message
    6 MX%"smtpautomat@yaho 18-SEP-2003 Failure Announcement
    7 MX%"kuraokmiignvzm@n 18-SEP-2003 New Internet Critical Patch
    8 MX%"checkme2003@yaho 18-SEP-2003 Absolutely FREE!!! Time:12:38:55 PM
    9 MX%"tixqspiniqtek_fm 18-SEP-2003 Latest Internet Upgrade
   10 MX%"tlgthochrtra-nzb 18-SEP-2003
   11 MX%"cmailprogram@yah 18-SEP-2003 Failure Letter
   12 MX%"kmailengine@aol. 18-SEP-2003 Abort Advice
   13 MX%"yqhmxezrgggdvci@ 18-SEP-2003 new microsoft critical patch
   14 MX%"conch49@bellsout 18-SEP-2003 Latest Update
   15 MX%"mailerrobot@free 18-SEP-2003 abort advice
   16 MX%"mailroutine@bigf 18-SEP-2003 Undelivered Message User unknown
   17 MX%"MAILER-DAEMON@bo 18-SEP-2003 Virus warning
Press RETURN for more...

MAIL>
                                                                         NEWMAIL
    # From Date Subject

   18 MX%"MAILER-DAEMON@bo 18-SEP-2003 Virus warning
   19 MX%"srwmuivjriglae@f 18-SEP-2003 Net Critical Update
   20 MX%"emailbot@aol.com 18-SEP-2003 Message
   21 MX%"xnfirkakou@newsl 18-SEP-2003 newest net patch
   22 MX%"gbivjcjvmebyoz-o 18-SEP-2003 Current Security Patch
   23 MX%"masterdaemon@fre 18-SEP-2003 Mail: Returned To Sender
   24 MX%"jfdpecdd-zqoklwg 18-SEP-2003 Newest Internet Security Upgrade
   25 *** valid message here ***
   26 MX%"postservice@micr 18-SEP-2003 Failure Announcement
   27 MX%"mcbroom5@teluspl 19-SEP-2003 Abort Message
   28 MX%"spdtydmvqwdcrkx@ 19-SEP-2003 New Security Upgrade
   29 MX%"quceoiuevmhfnm-l 19-SEP-2003 Latest Net Patch
   30 MX%"mimi-6@comcast.n 19-SEP-2003 Internet Update
   31 MX%"emailprogram@roc 19-SEP-2003 Bug Notice
   32 MX%"Antivirus-Daemon 19-SEP-2003 Recipient Virus-alert (sender: wibi@sybe
   33 MX%"tpbjvsxt-psvzeyw 19-SEP-2003 Latest Network Upgrade
   34 MX%"mailerservice@ro 19-SEP-2003 Undeliverable Message: Returned To Maile
Press RETURN for more...

MAIL>
                                                                         NEWMAIL
    # From Date Subject

   35 MX%"wvzaampltzt@tech 19-SEP-2003 Newest Internet Update
   36 MX%"sjolmws_mmsfa@yy 19-SEP-2003 Current Internet Security Update
   37 MX%"aeskfojazs@advis 19-SEP-2003 Latest Internet Patch
   38 MX%"amaildaemon@amer 19-SEP-2003 Report
   39 MX%"fqaxksowjxe_cxri 19-SEP-2003 New Security Pack
   40 MX%"dennismonk@adalp 19-SEP-2003 advice
   41 MX%"vrcxctaxxskau@co 19-SEP-2003 Last Security Update
   42 MX%"jsjssekggesmh@up 19-SEP-2003 Newest Microsoft Critical Pack
   43 MX%"masterbot@yahoo. 19-SEP-2003 Undelivered Message: Returned To Mailer
   44 MX%"webroutine@rocke 19-SEP-2003 Undeliverable Mail: Returned To Sender
   45 MX%"zmailautomat@mic 19-SEP-2003 Announcement
   46 MX%"fdjiybui@bulleti 19-SEP-2003 New Internet Critical Patch
   47 MX%"postdaemon@micro 19-SEP-2003 Undelivered Mail: Returned To Sender
   48 MX%"vfdujxlayoougai_ 19-SEP-2003 Last Internet Critical Pack
   49 MX%"tmdyvsf@newslett 19-SEP-2003 last microsoft critical pack
   50 MX%"mailerform@purem 19-SEP-2003 Returned Message User unknown
   51 MX%"noinjbqxfomyiz_h 19-SEP-2003 Last Internet Security Upgrade
Press RETURN for more...

MAIL>
                                                                         NEWMAIL
    # From Date Subject

   52 MX%"emailprogram@aol 19-SEP-2003 Bug Notice
   53 MX%"ccumfrmlhsvezne_ 19-SEP-2003 Net Security Update
   54 MX%"xvhehc@newslette 19-SEP-2003 Internet Critical Upgrade
   55 MX%"webform@yahoo.co 19-SEP-2003 Bug Notice
   56 MX%"lnlhqdqvk-nncvtq 19-SEP-2003 Latest Microsoft Critical Upgrade
   57 MX%"pvlqyz@confidenc 19-SEP-2003 Latest Network Update
   58 MX%"emailautomat@roc 19-SEP-2003
   59 MX%"ktztcmnppffyjhz@ 19-SEP-2003 Newest Internet Critical Pack
   60 MX%"postdaemon@purem 19-SEP-2003 message
   61 MX%"vjjnawljmkk-avqm 19-SEP-2003 Latest Network Security Update
   62 MX%"mailservice@rock 19-SEP-2003 notice
   63 MX%"MAILER-DAEMON@cn 19-SEP-2003 message
   64 MX%"hqjgmmna@updates 19-SEP-2003 Last Microsoft Security Upgrade
   65 MX%"webautomat@ameri 19-SEP-2003 Message: User unknown
   66 MX%"jfzaopfimsuj-qfl 19-SEP-2003 New Net Critical Update
   67 MX%"azncwgoj_osqtv@u 19-SEP-2003 Latest Network Security Update
   68 MX%"zmmcclfkfqvande- 19-SEP-2003 Latest Internet Upgrade
Press RETURN for more...

MAIL>
                                                                         NEWMAIL
    # From Date Subject

   69 MX%"mailprogram@bigf 19-SEP-2003 Failure Notice
   70 MX%"vkckdghoseko@new 19-SEP-2003 Internet Critical Pack
   71 MX%"smtpautomat@netm 19-SEP-2003
   72 MX%"twestzrshxsl_qbb 19-SEP-2003 Latest Internet Critical Update
   73 MX%"eagabohf_wvopm@n 19-SEP-2003 New Update
   74 MX%"emailform@netmai 19-SEP-2003 Undelivered Message: Returned To Sender
   75 MX%"fdwetxnrikiatn_z 19-SEP-2003 Last Upgrade
   76 MX%"webprogram@freem 19-SEP-2003 error message
   77 MX%"owypdvkvddffd_hp 19-SEP-2003 Latest Critical Update
   78 MX%"mailerengine@aol 19-SEP-2003 Error Message
   79 MX%"shposik@wpube.co 19-SEP-2003 latest microsoft critical update
   80 MX%"gdadlgc_lhvwztzr 19-SEP-2003 Latest Internet Pack
   81 MX%"masterrobot@free 19-SEP-2003 failure advice
   82 MX%"mailerdaemon@aol 19-SEP-2003 Notice
   83 MX%"vyqlltijy@newsle 19-SEP-2003
   84 MX%"vapxjfszdo@suppo 19-SEP-2003 Latest Patch
   85 MX%"mwoxbkemhk@updat 19-SEP-2003 Newest Microsoft Critical Pack
Press RETURN for more...

MAIL>
                                                                         NEWMAIL
    # From Date Subject

   86 MX%"postdaemon@ameri 19-SEP-2003 returned message
   87 MX%"postrobot@rocket 19-SEP-2003 Error Letter
   88 MX%"qfhormtdlsqfku@t 19-SEP-2003 Network Upgrade
   89 MX%"bjugiww@bulletin 19-SEP-2003 Pack
   90 MX%"haashk@netvigato 19-SEP-2003 Undelivered Mail: User unknown
   91 MX%"mcnjbhpc-oafi@bu 19-SEP-2003 Current Security Patch
   92 MX%"webbot@america.c 19-SEP-2003
   93 MX%"qdgonoc-rgrb@new 19-SEP-2003 New Microsoft Patch
   94 MX%"cpuguqqidnjvg_or 19-SEP-2003 New Internet Security Update
   95 MX%"fnzusou_cvnhcso@ 19-SEP-2003 New Net Security Patch
   96 MX%"postdaemon@yahoo 19-SEP-2003 bug message
   97 MX%"bmailrobot@ameri 19-SEP-2003 Bug Report
   98 MX%"pxrjnr_lgmzyg@bu 19-SEP-2003 Last Microsoft Update
   99 MX%"reoyqoj_gcrutohu 19-SEP-2003 Security Patch
  100 MX%"webautomat@rocke 19-SEP-2003 Bug Advice
  101 MX%"xovfjaqjm_opjtif 19-SEP-2003 Latest Net Security Patch
  102 MX%"mailerengine@fre 19-SEP-2003 Announcement
Press RETURN for more...

MAIL>
                                                                         NEWMAIL
    # From Date Subject

  103 MX%"mplrco-tmmppz@co 19-SEP-2003 Current Microsoft Critical Patch
  104 MX%"mailerprogram@am 19-SEP-2003 Notice
  105 MX%"eqokxhwcarcj@new 19-SEP-2003 New Network Security Update
  106 MX%"mailbot@yahoo.co 19-SEP-2003 Undelivered Message: Returned To Sender
  107 MX%"imdupgds_bbsvdrl 19-SEP-2003 Latest Net Patch
  108 MX%"mailservice@yaho 19-SEP-2003 Mail: Returned To Sender
  109 MX%"ekjlwjephctmtx_h 19-SEP-2003 new net critical update
  110 MX%"szjdrqhozxmy-lhc 19-SEP-2003 last internet critical pack
  111 MX%"smtprobot@freema 19-SEP-2003 error notice
  112 MX%"maildaemon@netma 19-SEP-2003 Undeliverable Message: User unknown

MAIL>

And another just arrived.

Now, these appear to be junk addresses, but allegedly coming from valid
domains - msn.com, msn.net, yahoo.com, microsoft.com, support.com and other
well known ones.

99% seem to be coming from .net and .com addresses, so I also wonder
whether this could be a side effect of the VeriSign change -
reverse lookups and RBLs not functioning properly anymore ??

Meanwhile on checking another email account, I see my spam filter there
caught one entitled "PayPal Account Security Measures". This one is
inviting me to verify my account details. Nope. Not going there...

And they are still rolling in by the minute. Definitely not a good day
for email.

Relevant Pages

  • Re: SPAM
    ... Munge your e-mail address. ... That way, the spammer's mail server can't even begin to send their crap because there will be no receiving mail host by that name to which they can connect. ... There are some NSPs that require you use the same e-mail address as is recorded in your registration to use their service, so you're screwed with those NSPs that are forcing you to deliberately divulge a valid e-mail address (and why you might try using an alias or disposable account to register with that NSP). ... You would define a filter that looks for a special string (or passcode) in the Subject of any e-mail delivered to that account: if that string is *not* in the Subject header then the e-mail gets deleted. ...
    (microsoft.public.outlook)
  • Re: Creating False Email Address-Spam
    ... that method will work in OE as well as in Entourage. ... Please "Reply To Newsgroup" to reply to this message. ... Make it a POP account (even if you ... > recommend putting your real email address (masked with NO SPAM or, better, ...
    (microsoft.public.mac.office.word)
  • News Flash: C&S to publish book
    ... The best way to do it is to perform a spam. ... write a script that posts your message to every newsgroup. ... Get an account with some other internet account providers. ... Unleash the posting program. ...
    (rec.humor.funny.reruns)
  • Re: e-mail address mining tool?
    ... > this is noisy, since if you hit an admin account, the admin will be ... > able to see your IP address and your return address in headers. ... actually sending e-mail which looks like spam - people will, ... > default-account strategy and all your mail will end up on one account, ...
    (Pen-Test)
  • Re: OE and Hotmail
    ... > many other ISPs are doing, use corporate SPAM ... > which would include any messages for HotMail services. ... > Please keep in mind that MSN/Hotmail is still a free email account. ... > All MSN/Hotmail accountholders also have access to MSN Calendar ...
    (microsoft.public.windows.inetexplorer.ie6_outlookexpress)