I don't know where to ask or report this, but I received an email today with a "bagel" virus attached. My firewall caught it first & cleaned it, but what gets me is it was addressed to me from "management" at my domain name (pickmygift.com). OF course, I don't have that email account set up and don't know who sent it, though I did trace the IP address and contacted the abuse section of the hosting company. They're investigating it. I also reported to my local police - that don't have a clue what to do with the info. If it's so easy to just use someone's domain name in an email, what can be done to protect ourselves? Anyone have a clue on developing a program to stop this nonsense? Is there an "agency" to report this to? If anyone can give me some clues, I'd appreciate it.
Thanks,

Uh...sorry to be the first to tell you but "sentfrom" and "replyto" data is very easily spoofed. It is never easy to determine who exactly sent an email (esspecially if being sent from a spam server). Only IP routing info can give you an idea of wence the message came.

I could send you an email from george.bush@whitehouse.gov if you'd like. :)

If you get an email with a virus attached I would not be too concerned WHO sent it, but what your system is doing to stop them.

Jim

http://spf.pobox.com/

Go to that web site. Read it do it.
Yeah, the use of your name was illegal. But spam is to.
If you are really po'ed take it up with United States Attorney for your judicial district.

Well, I wish I had your problems! 1 email causing all this...

My story started when the email viruses boom began earlier this year. I kept receiving them, PRETENDING to come from various different address and sometimes from my own! Well, we all know how they work... Someone who got this virus had my address in his address book and there we go, his virus was spreading itself in my name...

This virus thing is nothing that I would consider a big deal. Few emails can't make me angry. But 2 months ago some sp@mer decided to use my email address to spam thousands of people. Of course every time he sent to invalid email address, mail was bounced back to "sender" and ended up in my mailbox. I wish you never had to go through what I had to... I was receiving few thousand bounced-back emails a day, for 3 days!!! At some stage I believed I'd have to get rid of that mailbox... Well, luckily it stopped, but it wasn't nice experience at all...

So, did you say you saw "your domain" as sender? LOL, lucky you!

Motyl

http://spf.pobox.com/
Go to that web site. Read it do it.
Yeah, the use of your name was illegal. But spam is to.
If you are really po'ed take it up with United States Attorney for your judicial district.

The sooner people jump on the spf bandwagon, the faster this spoof problem will go away.

I move to second this idea, and everybody should read what spf (Sender Protection Framework) is all about. Especially the email admins out there. Don't waste your time with Microsoft's "Sender ID" as I understand that it is going to be scrapped soon.

I have played this game once or twice with some people.

The best thing you can do is check the headers in the email. At times you can find who the ISP is of the person sending the email.

Then you can contact the senders ISP and report them. Be ready to send 3-4 examples of emails being sent and always keep the original header information.

Good Luck

The sooner people jump on the spf bandwagon, the faster this spoof problem will go away.

I got advice to use them when I had problems and someone was spamming in my name. I'm small hosting reseller (not my main-stream job though) and to be honest with you, SPF really confused me. When I say really, I mean REALLY!! They are asking for too much tech details I never heard about bofore...

Well, I think they should somehow update their help sections to let most of us understand what's going on, not just hard-core techies :-)

Motyl

I don't even sweat the spam, but when I, or one of my clients, has this problem I send them the following Email:


Dear CLIENT:

As the immortal Douglas Adams once said: "Don't Panic".

A few things about viruses:

1- If you're getting lot's of infected Email you're not the one who's infected! Someone else is infected, and because your Email address is on their hard drive someplace (probably their address book) the virus is mailing itself to you in an attempt to infect you.

2- You can't tell who's sending you the virus by looking at the "from" field. Modern viruses "spoof" the from field. Just like they loot the victims address book to mail itself out, it also uses the same addresses to fill in the "from" field.

3- This is probably not a deliberate or personal attack. You are being messed with by some adolescent loser with enough brains to make 250k a year and lacking the social skills to hold down a job at Burger King. Never the less viruses do pose a real security threat and must be treated with respect.

What to do:

Copy and paste the following letter into your E-Mail client and send it to EVERYONE in your address book.

Thanks
Ken Marshall
CPA-Site-Solutions
800-896-4500 x101
ken@clientsource.com



Hi:

I'm afraid it's come to my attention that someone amongst us is currently infected with a virus or "worm". Because of the nature of modern virus' it's impossible to tell who it is, but whomever it is should be aware that a viral infection poses a very real security risk. They've even been known to search out personal financial information and post it to the authors! Most just open ports and exploit holes in your operating system to allow hackers to come help themselves to your data (including your personal financial information) or use your computer to send spam.

Needless to say this is a fairly serious situation.

What to do:

1- Update your virus definitions manually: Some viruses will disable your anti-virus or operating systems "auto update" functions.

2- Run your anti-virus program.

3- Update your operating system manually. This will help close any holes that these virus' may be exploiting.

If you do not have anti-virus get some! There is an excellent application available free for home use at:

www.grisoft.com

If you find an infection and need help removing it there's a number of sites that can help. I use:

www.mcafee.com

4- If you have noticed an influx of spam with attachments foreward this letter to EVERYONE in your address book.

Thanks
SIGN HERE

Thanks
Kenny


KEEP YOUR VIRUS DEFINITIONS UP TO DATE!!!!!!!!!!!

Hmmmn. Interesting. I like this spf thing.

2- You can't tell who's sending you the virus by looking at the "from" field. Modern viruses "spoof" the from field. Just like they loot the victims address book to mail itself out, it also uses the same addresses to fill in the "from" field.


May I add a useful observation that has allowed us to ride out every major virus wish wash that has struck the IT user.

I would suggest you ALSO make sure you are using a good anti spam software at the same time as you are using good virus software. We use AVG (grisoft.com) to keep our personal computers at bay, and add to that SpamAssassin (or a similar software on your server.

We use SpamAssassin as it can be configured and set to "learn mode", which means you can specify which of the "dubious" emails in spam folder are actual spam and which are valid emails (such as an email received from WebProWorld for example).

You then tell SpamAssassin "learn from content" and you have suddenly cut a large pile of junk out of your inbox. Include in that at emails containing viruses and then SpamAssassin knows to reject any emails containing .exe or .pif or any other usual virus extensions.

One snag (or maybe not) is that you have to have a Linux system to use SpamAssassin, but that's only a loss to a certain Mr G's pockets. Linux looks at viruses as "text files" which means that you have the added bonus of being one of the few who can actually send anti-virus companies the source code of viruses with the compliments of the writer and combat (or help to combat) the virus problems from onset.

Another comment I wish to make, is about spoofing emails. You that if you are good are "reading" header files, you CAN find out the real originating IP address of the sender. Well, at least in most cases in my personal experience.

What does disturb me about Mr Marshall's letter that he sends is that it does not seem that he (as the hosting company) is taking up any responsibilities to protect clients against viruses and spam. We were doing the above stuff with virus software and spam software about 5 years ago BEFORE people like Yahoo, AOL and so on included that sort of protection to their users. And in comparison we are a flea and they are the elephant (to compare company size). Mr Marshall, if you add SpamAssassin in the manner I suggest, you can cut out over 95% of spam received by you or your clients thus saving enormous time for you and them!

Yes, I said 95% because I get about 600Mb of mail a day personally, and without the spam software, that would be an average of 1.2Gb a day. Between all users and clients we have here, this small measure of putting up SpamAssassin on our server, managing it about 2-3 times a week and keeping it updated, it saving us an estimated 60Gb of spam, viruses, and the like per week!

Also do not treat this as a personal attack, Mr Marshall, but as someone who has been on the receiving end of "I'm afraid it's come to my attention that someone amongst us is currently infected with a virus or "worm"." type emails, I recommend AGAINST that sort of letter to ANYONE. That sort of behaviour can be classed as viral spamming, whether intentionally or not, and just aggrevates the already massive spam issues ISP administrators are dealing with and it may cause a less informed recipient calling their ISP in a panic. If there is a problem with virus or spam coming from YOUR systems, then the buck stops with YOU! It is your responsibility to rectify any problems and do the necessary damage control. That's what your clients pay you for after all.

Nathalie

For a novice or newbie, this is an interesting subject. I too have received a lot of mighty strange emails in the last two months, including a few virus loaded emails sent from my domain name to myself in the name of someone else. My virus protection works and my ISP message center is very effective at catching both the virus and spam emails, but just to see them sitting there was disturbing and very annoying, and I didn't know how to stop it, what to do. After talking to my ISP and my web host provider it was determined that I probably had some sort of spyware on my machine. Spyware? never heard of it.

I guess this meant someone had hacked into my machine via the spyware. I'm sure they didn't find leads to millions of dollars sitting there, but they managed to play havock with my time and email addresses for a while. I scanned using Norton, no viruses or spyware were detected. Someone suggested using Trend Micro and Spybot's Search and Destroy and Lavasoft Adware to search out and destroy spyware. For a couple of weeks I scanned my computer every day with three or four different programs! Silly, I know. But I did find some spyware, and one scumware file called the Vbouncer which I deleted with the help of Microsoft's helpful security discussion forum. I also took all the various emails off my website, and use only one now using what someone told me were tricks or tools to fool the robots which I didn't know about before. Maybe I am the fool.

When I discovered my machine was free of viruses, I emailed all my contacts telling them I had been receiving virus emails - simply to warn them to scan their own machines in case it had spread. Not to accuse, but to warn. I think that is common computer courtesy - CCC for all you IT techies. But beware, no one will want to commuicate with you once you do this!

I also downloaded the new Windows XP - which is supposedly more secure, but it continues to cause my system to fail now and then. I don't know which is worse - lack of security or sure and secure system crashes.

And most recently, I've received a lot of spam from one particular Czeck Republic company. I found their parent company by looking up the IP address, and sent them a notice that someone at their domain was abusing the email system and sending a lot of spam to me. Knock on wood, so far I have not received any more from that domain. So making a complaint helps, but make it a nice "requestful" complaint! Don't anger them.

I could swear there's been something in the ether these last few months. That's my two bits - about all the hacker got out of me.

We offer full anti-spam and anti virus, and it's very effective. The problem is that when this happens (and it's never through MY server, but my clients frequently chose to host their own dns and redirect their A record to us), it's not the client that's infected.

And BTW, accusing someone of not taking responibility for their clients IS a personal attack. Next time you might want to do some homework before making an accusation like that.

Sorry, back. There was something else I wanted to address but I had a pile of work on my desk and incoming calls all bloody day... Looks like the post is dead but I wanna address it anyway...


Also do not treat this as a personal attack, Mr Marshall, but as someone who has been on the receiving end of "I'm afraid it's come to my attention that someone amongst us is currently infected with a virus or "worm"." type emails, I recommend AGAINST that sort of letter to ANYONE. That sort of behaviour can be classed as viral spamming, whether intentionally or not, and just aggrevates the already massive spam issues ISP administrators are dealing with and it may cause a less informed recipient calling their ISP in a panic. If there is a problem with virus or spam coming from YOUR systems, then the buck stops with YOU! It is your responsibility to rectify any problems and do the necessary damage control. That's what your clients pay you for after all.

And your suggestion is what? My clients should just sit on their hands and snicker while a virus eats away at their clients PC? They should just switch their Email onto my server. But if for some reason (usually, I suspect, professional confidentiality) they dont, well I'm not just gonna say "tough luck bud". I feel sorry for the poor ISP admins ~dripping with sarcasm~ but my clients have a duty to protect their own. There's nothing viral or spammy about trying to clean a virus out of your mail circle. And the sad truth is a lot of people don't have any anti virus at all. These letters are the cyber version of passing out condoms. And in the LONG run they REDUCE the amount of mail traffic your poor overworked ISP admins have todeal with.

Canas, the fact that a spammer or virus does not indicate your machine was hacked. It could be any machine that has your Email address on it. It probably came out of the address book of one of your friends or associates. Take a look at the "viral spam" in my previous post.

Oops. Shoulda read yer whole post.

:-\

I agree. It's common courtesy to tell people that they may have a bug.