Malware deception

[LumenLux]

Today I have received numerous "returned mail" notices for mail I never sent. Best I can understand, some insidious infection has been set up which is using my pc to propagate trash solicitations and make them appear as if they come from me. I bring up the subject here for a couple of reasons. 1. I know and trust any help that will come through this forum. 2. My email address that is on the deviously generated mailings is my email address that is mainly used only for correspondence related to this forum and Beechbrook. So I am wondering if my machine picked up the problem via one of these sites. Have any of you had similar trouble? Or have any of you received extreme junk as if it came from me? And most importantly, how can I eliminate the problem? At the moment, I have disabled my outgoing server for that mail account, but I do want to actually get rid of the infection and eliminate any future recurrences.

[cjdnzl]

Today I have received numerous "returned mail" notices for mail I never sent. Best I can understand, some insidious infection has been set up which is using my pc to propagate trash solicitations and make them appear as if they come from me. I bring up the subject here for a couple of reasons. 1. I know and trust any help that will come through this forum. 2. My email address that is on the deviously generated mailings is my email address that is mainly used only for correspondence related to this forum and Beechbrook. So I am wondering if my machine picked up the problem via one of these sites. Have any of you had similar trouble? Or have any of you received extreme junk as if it came from me? And most importantly, how can I eliminate the problem? At the moment, I have disabled my outgoing server for that mail account, but I do want to actually get rid of the infection and eliminate any future recurrences.

I also receive many emails of that kind, sometimes more than a dozen on some days. I have tried to make some sense out of the headers, without much success, except that the apparent paths these emails take vary from copy to copy, as does the timing. From what I can decipher, most of them are propogated at times when my computers are not turned on - I never leave a machine running after I have finished with it, which lets my computers off the hook, so to speak.

My best guess at this stage is that some machines with access to my email address (legitimately or not) out there are infected with some sort of virus that propagates these annoying posts, numbers of which appear to come from Russian sources. Some of them contain cyrillic characters. There are millions of computer users who are not computer literate or 'savvy', who wouldn't know if they were infected, who constitute a pool of infection that is impossible to eradicate.

I have a number of relatives for whom I more or less regularly have to cast an eye on their machines. The best to date was one machine with so many malwares installed it would not boot. After unshipping the drive and fitting it as D: on my machine I ran several anti-malware programs and removed, from memory, about 70 various problems. On refitting the drive into its own machine, it was able to boot and run. The owner was totally ignorant about the build-up of nasties ubtil they actually stpooed the computer. There are literally millions of users out there like him.

Colin

[fh1805]

I haven't experienced that level of "junk" mail for over three years. I don't know exactly which action has eliminated them all but over the space of two or three weeks various actions were taken. I suspect the outcome was as a result of the combination of events, which were:

- I upgraded my Norton Internet Security suite to one that included "anti-spam" filtering

- I implemented a weekly "cleansing" routine using Spybot Search and Destroy

- my ISP (Virgin Media here in UK) implemented a service upgrade that included improved filtering of e-mail content to eliminate unwanted "hitch-hikers" at source.

Over the space of the next couple of months the level of "junk" items fell away to its present level of no more than one or two per day - and some of these are newletters that I did once subscribe to but now would like to stop but can't because the embedded stop link isn't having the desired effect!

The key player in getting rid of unwanted emails from the end-user's Inbox is, in my opinion, the ISP. They are the only ones that can stop it getting into the Inbox. I suspect that differences in the legal situation across the world will mean that in some countries the ISPs cannot interfere with the passage of emails. I suppose it could be argued that what seems to be happening in the UK is a form of censorship . If that is so, its a form that I'm all in favour of!

Just to bring the story up to date; when I bought my new desktop system (which runs Vista) I discovered that Vista would not let me install my then current versions of Norton and Spybot. I bought the latest version of Norton and, following some recommendations on this forum at the time from Brian.Conflow, I added the freeware version of Advanced Windows Care Personal to replace SpyBot.

The answer for all PC owners is, undoubtedly, to implement a layered defence. Any part of it that cannot be fully automated must be carried out manually on a very regular basis. On my system Norton is set run a full scan of all drives automatically overnight Saturday to Sunday. Each weekend I run Advanced Windows Care manually, looking for any updates before I get it to do its scan.

As I said earlier, I now get no more than one or two items of junk mail each day - and often go several days between junk items. I took a 4-day weekend break away from home recently. On my return I had 59 mail items - only six of which were junk (and two of these were the ones I'm trying to get stopped!).

[Ken Cox]

Last month i received letters that my ISP was going to do maintenance on the line and they required confirmation of my email addie and password.

these letters would come in 2's

i forwarded the complete letters including headers to all my isp contacts that i had on record. They manager of complaints called me and was appreciative of my action - the business community had been hit and now the consumer business was getting hit -they had several departments working the problem - with the header info they can zero in on the source.

They must have located source as the letters have ceased

so I would advise you to fwd the complete letters to your ISP abuse division ASAP

ken

[Conflow]

Hi All,

I had already Posted this in another 'thread' and though it was worthwhile re-posting it here,viz:-

Each and every time you go 'On-Line' your Computer is automatically broadcasting your unique 'IPS-Number'

assigned to you by your IPS-Provider. Their Server and the Interconnects issue 64,000 Copies of that Number

each and every time you go on Line. Unfortunately there is no other way of letting the World know you are 'On-Line'.

For a determined Hacker or Spammer or Auto-Keylogger ~ thats all they need ~ Your IPS Number, and if you

have a Line-Router it will be that number they get, not your genuine IPS Number. There is little you can do about that.

Perhaps you are wise enough to use a 'Proxy-Server, makes no difference, they get its number also and because

its connected to you (one way or another) their "junk" will get through ~ Unless you use an 'Anti-Spam Utility' which

removes the junk from your EMail In-Box on your PC or you use a very special 'EMail Server Program' which removes

the rubbish from your IPS Server before it even gets to you and even that can cause problems with the Web Spamhaus

Organisation. (More Later)

Concerning the 'Invision-Board' Forum Utility ~ Invision Board Worldwide have excellent Anti-Spam utilities and interconnect

scanning for known IPS abusers. But they can't police all the worldwide connections and from time to time we have had

some 'spammers' and a number of 'auto-keyloggers' hanging on our wires....unfortunately, thats the way Life is !!

America leads the World in abuse of the Internet for the reason by 'Congress Law' which places a limit of 40.Bit maximum

Security encryption on General Web Traffic (To accomodate the FBI & CIA) Reference:- the 'Patriot-Law' ~ whereas the rest

of the World uses at least 128 Bit.Security. Banking Institutions in Europe (inc Paypal & Visa) use 256.Bit Security.

Russia and China follow next. However in Europe the E.U are implimenting extremely strict 'Legal-Obligations' on National

Governments and their ISP Providers in a determined effort to clean up Rogue ISP Providers who allow these International

Gangs access to their Servers. Fines in excess of Euro 2,000,000 are now commonplace and that type penalty is having

effect. The other measure now in force is 'Spamhaus' whereby ISP Providers become Members of this Organisation whose

mandate is to Police (rogue) IPS Numbers assumed guilty or not. This has its own problems because the vast majority of

'banned' IPS Numbers are innocent of any transgressions ~ they are ordinary people who are unfortunate to have been

attacked with 'AutoKey Loggers' using their IPS Number to proxy-spread the Spam.

Below are some "Attachments" from Spamhaus showing the worse offending Countries and ISP Providers,etc.

It is an ISP Provider issue and one should report it to your "National Communications Regulator" not the ISP Provider itself

where it will get swept under the carpet. It may be that your Regulator will insist that you be given a New IPS Number ~ you

can be certain sure the ISP Provider won't do that for you on its own volition ~ they will 'hide' behind Spamhaus.

Here is a Link to Spamhaus to find out all:-

http://www.spamhaus.org/

Hope this has been helpful to those plagued with Spam and those worried about it.

Brian.Conflow.

Lumenux:- Those 'Return-Mails' are automatic-phishing devices using reverse-psychology

in an effort to make you respond with an EMail giving your true identity thus allowing them access

across your Firewall and your Router Firewall thus giving them your true IPS Number not that

used by your Router. Never respond ~ just delete them.

The same applies to ISP Notices and 'bogus' Bank Documents and Credit Card updates ~ DELETE ALL.