Is There A Subtext in Spam Bounces?

The Worm.Sober.U has been running rampant over the past few days. People everywhere are getting emails carrying the virus.

Hey, what can you do? If people are going to open attachments, how can I stop them?

What bothers me as much, maybe more, are the virus notices I’m getting. I’m attaching one after the jump, though it’s really not necessary to look at it if you don’t want to.

These notices are sent even though it’s commonly known Worm.Sober.U falsifies the return address! In other words, it’s being sent, even though the company responsible knows it’s not going to the originator of the virus laden email.

Why?

I can’t know for sure, but this seems like a sneaky method to allow mailwatch.com to advertise their service. It’s defensible spam… until you realize they know they’re sending it to innocent bystanders, not involved in any way.

If mailwatch.com really wanted to help, they’d send notices to the service providers for the IP addresses that are sending the virus. The IP addresses are included with each email.

Service providers have the ability to inform their customer (who most likely don’t know they’ve become Typhoid Mary) or cut off their attempts to use the email port.

Since there’s a ‘handshake’ at the time the email is sent, mailwatch.com has access to a real IP address. They can be part of the solution, though it’s less likely to get them new customers.

Continue reading “Is There A Subtext in Spam Bounces?”