Really Getting Upset – Spam Under My Name

It’s no secret that much, possibly most, of the spam today originates from infected PC’s. Instead of spammers renting 3rd world server space (China and Taiwan had been the leaders in this field), they just buy access to zombified PC’s and let loose&#185.

I’m not sure why, but most of these spam programs try to get a bit of legitimacy by forging quasi-real return addresses. That, unfortunately, is where I come in. The last 48 emails I’ve received, and 147 of the last 148 have been spam!

Most of those have actually been bounced mails – spam sent to non-existent mailboxes, or refused for other reasons. They come to me because I own their return address.

Here’s an example:

Return-Path:

Received: from cernmxlb.cern.ch (cernmx06.cern.ch [137.138.166.160])

by mail7.cern.ch (8.12.1-20030924/8.12.1) with ESMTP id i5K0jq1g010036

for ; Sun, 20 Jun 2004 02:45:55 +0200 (MET DST)

X-Authentication-Warning: mail7.cern.ch: Host cernmx06.cern.ch [137.138.166.160] claimed to be cernmxlb.cern.ch

X-External: man_on_the_moon_ex

Keywords: CERN SpamKiller Note: 43 Charset: west-latin

X-Filter: CERNMX06 SMTPGW CERN Spam Sink v1.0

Received: from ipvpn102098.netvigator.com ([203.198.211.98]) by cernmxlb.cern.ch with Microsoft SMTPSVC(6.0.3790.0);

Sun, 20 Jun 2004 02:45:08 +0200

Received: from h2ot.com (HELO seminoleequipment.com) (33.148.68.142); Sun, 20 Jun 2004 10:42:27 -0700

Message-ID:

Reply-To: “Rhoda Gill” juqbvtxvx@geofffox.com

From: “Rhoda Gill” juqbvtxvx@geofffox.com

To: cristina.lara@cern.ch

Cc: iztok.ropotar@cern.ch

Subject: get your die t me ds here

The originator of the emails claims to be: “Rhoda Gill” . Of course, there is no Rhoda Gill and no email address juqbvtxvx@geofffox.com. The return email addresses are an alphabet soup, always ending with “@geofffox.com,” and each a random combo.

Netvigator.com seems to be an Internet Service Provider in Hong Kong.

PCCW-HKT Datacom Services Limited (NETVIGATOR-DOM)

39/F PCCW Tower Taikoo Pl. 979 Kings Rd

Taikoo Place

Hong Kong

Quarry Bay 00000

HK

This isn’t Netvigator’s fault (though they certainly could and should stop it). It is someone’s home or office computer that’s become infected.

It is driving me nuts. And, if it’s driving a little guy like me crazy – imagine the strain on a large business or ISP whose accounts have been forged this way.

We can’t continue like this. I have said before, the proliferation of spam will be the death of email. We need to do something sooner, rather than later. It’s going to have to be a total change from our current method of mail service, where everyone is trusted to be who they say they are.

Since I began this blog entry I have received 7 more spams!

&#185 – This is the topic for another day, but some virii or malware, often downloaded with what seems like an innocent program, can also install unwanted software on your machine. All of a sudden, your PC is a zombie, doing the bidding of someone else – probably sending spam or infected email.

Leave a Reply

Your email address will not be published. Required fields are marked *