On Sat, 10 Mar 2001, David Kilpatrick wrote:
>
> This is an appeal to anyone with internet know-how.
>
> In the last few days, blank subjectless message from many different people whose
>email
> addresses start 'david@' have been arriving. Now I find that other people (same
>criterion)
> have been getting blank subjectless message from me. These originate at times when my
> computer is not connected, so it is not a virus on my system, and presumably not a
>virus
> on theirs.
>
> A few weeks ago a spambot mailed a huge list - any address beginning 'david@' and I
>notice
> the same spambot also mailed just about every other possible name or address
>configuration.
>
> Anyone have any idea how a system, somewhere, can be sending blank emails 'to and
>from'
> addresses on a list which it holds, and why on earth it would do so? And how it can
>be
> stopped, as the messages seem to come from individuals but do not?
>
> I find it worrying that messages - even blanks - can be sent which appear to
>originate
> from me.
Disable Javascript in your mail client if you're using one that
will run it. I recently came across an article that discussed
vulnerabilities inherent in having Javascript running in your email. For
example it is possible for someone to send you a message containing some
script (which you don't see) that instructs your mailer to surreptiously
send them a copy if you forward that message to anyone else.
The article mentioned Netscape, Outlook and Outlook Express as the
primary targets for this kind of abuse, but there may be others. There are
some real privacy-protection advantages to using a mail client that won't
run scripts.
Does anyone know if the Outlook family of mailers can be abused in
the same way with VBScript? If they can, I'd avoid those mailers
altogether, since M$ apparently doesn't see the need to provide you with
any way of disabling VBScript.
Wendy
Posted to Scots-L - The Traditional Scottish Music & Culture List - To
subscribe/unsubscribe, point your browser to: http://www.tullochgorm.com/lists.html
