George V. Reilly wrote:
[CCing the Vim and Vim-Dev lists. Not that it did any good the last time
I raised this subject.]
It is NOT me, dammit! Someone on the Vim list is infected with a virus
that trawls through his address book and forges the From address. I too
get dozens of virus-laden emails every week that purport to be from
various people on the Vim list. Bram, Henk, Arpaffdy, and my own name
are some of the names that I see regularly. This has been going on for
at least two years :-(
This laptop has been running a fresh install of Ubuntu 6.06 for the last
four weeks, so if you've seen any mails from me in that interval, it
definitely wasn't me. And I run antivirus and antispyware software when
I'm running Windows, and I keep the signatures up to date.
Vimmers, for the love of God, download antivirus and antispyware
software, and run a scan on your machines.
Windows users, start here:
http://www.microsoft.com/athome/security/default.mspx
/George
Dear George,
I for one don't believe it's you.
Some spammer(s) somehow got your handle and the list added to their
reserve of "From" and "To" addresses, possibly distributed them on one
or more versions the infamous "Millions CDs", and started faking
messages to the list with your "From:" address on them but sending them
from anywhere in the world, especially from places like Korea where ISPs
don't nuke spammers very diligently if at all. I guess that at least
some of the above spammers aren't even subscribed to the vim lists; they
use hour handle (in the From: header) as the key to get their crap into
the lists.
From then on there's no stopping them. You can't imagine the lot of
spam I get with my own "From:" on them, or spam disguised as bounces
purportedly telling "me" that "my own address" was rejected by "my own
ISP" as "unknown recipient". Imagine!
If your fromline appears oftener as some others on the list spam, it's
just that for some reason the list spammers hide behide it oftener than
behind other masquerade names. Maybe they just got you more times than
others on their lists of pseudo-customers and pseudo-suppliers.
And I repeat (you, George, probably know the following but maybe other
Vimmers don't): it's very easy to fake a From: address. A baby could do
it. It's in the menus of every mail client I know, not even hidden in a
place difficult to reach. With the list in its To: line and any
subscriber's addy on the (possibly faked) From: line, anything (with any
actual origin) will be sent to everyone on the list. So there's no
telling who actually sent the spam, except by analyzing the Received:
lines (which are added to any email after it has left its original
sender). But to thwart that mode of attack, many spammers add "fake"
received-lines to their spam to make it appear that it came from
elsewhere. The rule I go by is that whoever sent the spam to my ISP's
"incoming mail" routers is the culprit. He usually can only be
identified as a dotted-quad IP address similar to 123.45.67.89 but at
least that tells us where in the world it came from.
Best regards,
Tony.
