Joseph,
No, it's not new at all. In fact, IIRC it was one of the first dodges the
scumbags used back when spamming was a relatively unsophisticated scattergun
process, back before the sub-genres of pharming, phishing, etc. came on the
scene. There is mass-mailing software available which will spider Usenet
newsgroups, Web sites, etc. looking for email addresses and creating just
the kind of message you're describing.
As scams go, it's relatively unsophisticated and easy to avoid. Common sense
email "best practices" will prevent it from having effect. Here are some of
the ways I protect myself:
1. Use the latest version of your email client. It is more likely to have
the most recent security updates and features installed. NOTE: It is
generally advisable to wait a couple of weeks after a release to be sure
that no problems have been found with the new version.
2. Configure your client to suit your degree of paranoia. The version of OE
6 installed with XP SP2, for example, can be (finally!) damned near locked
down tight if you don't mind some of the inconvenience entailed as a result.
These are a few of the measures I have taken (OE6):
a) Set the security level to restricted zone (Tools|Options|Security).
b) Turn off the preview pane (View|Layout| Show preview pane). This will
prevent any scripted content within HTML emails from running just because
you move focus to that email. To me, this is also more convenient; I can see
many more messages without the preview pane, and in many cases a quick scan
through the subject lines will reveal messages to delete without even
opening.
c) If you are using OE 6 (SP2), set your Read options
(Tools|Options|Read) to "Read all messages in plain text." This is a
relatively recent, and very overdue and very welcome, addition to OE's
options. It somewhat obviates step b) in that HTML content is not displayed,
nor can scripts run, by default when this is set. If, like me, you receive a
lot of HTML email from newsletters, vendors, friends and relatives, etc., no
problem. To view an email you trust in HTML, just open it and either press
Alt-Shift-H or click View|Message in HTML.
d) For the truly paranoid, you can also set OE to not download
"suspicious" attachments (Tools|Options|Security|"Do not allow attachments
to be saved... "). Unfortunately, OE's definition of attachments which might
be a problem is, to my mind, overly broad. I leave this one turned off, but
YMMV. It would be nice if, in the next iteration, Microsoft provided an
ellipsis button for that setting so that the user could configure what kind
of attachments they feel comfortable downloading. (Are you listening,
Redmond?)
e) In the same menu, you can also set OE to not download images in HTML
mail. Here again, "web bugs" were one of the earlier spammer techniques to
emerge, and they work in pretty much any email client which can display
graphics. The trick is to place an invisible (white-on-white) one pixel
image file in the message. When the email client dutifully goes to fetch the
image, the referrer information passed to the server serving the image
includes all sorts of interesting information about you, including your IP
address, and confirming that (1) the address can now be placed into the
"known good" category, and (2) that you're the sort of person who opens
emails from unknown sources containing possibly compromised content. I don't
bother with this setting because I employ c) above.
There are other setup steps that you can take that I have probably forgotten
to mention. The point is that if you set up your client for a reasonably
high level of security, that particular door into your system will remain
closed. A few other practices added to this will protect against pretty much
anything they can throw at you, to wit:
1) Use a firewall that warns you of both incoming and outgoing traffic, such
as ZoneAlarm. That way, if a bad-nasty does make it on to your system, say
by installing some piece of "freeware" that harbors "call home" malware, you
will be notified when it tries to contact its creator and can take steps to
eradicate it.
2) NEVER open executable attachments from strangers, period. And use
caution, the definition of "executable" is becoming more and more broad. For
example, a screensaver, extension scr, is nothing more than an exe file with
the scr extension. Others might include macros (the famous Melissa trojan
comes to mind), bat (batch), pif, and cmd files, and HTML with embedded
scripting.
3) Even if the message comes from a friend, or appears to, it may not be
safe. One of the first tricks the scumbags developed was to install a trojan
that scanned the victim's address book and sent itself out to all his
contacts. This was quite effective for a while, since people generally
presumed that mail from a friend was non-threatening. Some characteristics
to look for follow:
a) Are you expecting the email? For example, your daughter says she
sending you pictures of her wedding (new baby, vacation, hysterectomy,
whatever). Later that day you receive mail from your daughter with attached
images. It's a reasonably safe assumption that they're safe.
b) Are either the subject line or the message body consistent with what
you would expect from the source? Although scumware is becoming more
intelligent, there's no robot yet written that can mimic the style of an
infected sender, the vocabulary, style, syntax, grammar, consistently
misspelled words, etc. In fact, many such messages contain text which
resembles the Japanglish from a cheap user's manual.
In the final case, if you suspect that it might be legit but aren't sure,
simply email the source. "Hey, did you send me a file named
I-might-just-be-safe.exe by any chance?" will go a long way to preventing
grief.
Like I said, all pretty much common sense stuff. Unfortunately, Voltaire's
observation that, "Common sense is not so common," is what keeps the
scumbags going. Many people are either too lazy to bother with setting up
their security properly, or in these "everybody's on the Internet" days, too
unaware of the issues, dangers, and precautions involved in self-protection
online.
Of course, I suppose I shouldn't bitch. I make a nice bit of coin every time
I spend part of an evening at a client's house eradicating the various
electronic vermin infecting his/her system, and reconfiguring and setting up
the machine so that it starts up in under 15 minutes and runs for more than
twenty without crashing or becoming unusable because of the scumware. C'est
la vie.
Cheers,
Scott
.
----- Original Message -----
From: "Joseph Harris" <[EMAIL PROTECTED]>
To: <wdvltalk@lists.wdvl.com>
Sent: Saturday, August 13, 2005 7:18 AM
Subject: [wdvltalk] [OT] spam menace from Korea
I just wanted to check and warn of a nasty listtle spamming that almost
fooled me (who said: 'not that hard'?).
I had a mail from me to me (overtly) and I sometimes send things to myself
so I looked. It contained a zip 'work and taxes' and the headers contain
this:
To: "Josephharris" <[EMAIL PROTECTED]>
From: "Josephharris" <[EMAIL PROTECTED]>
Subject:
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="--------qmlfqguudpzawcjhwwcd"
X-IMAIL-SPAM-DNSBL:
(fiveten,559677726,korea.spam.blackholes.five-ten-sg.com)
The size is 26kb.
It is the use of the name, extracted from the email address (which is all
that appears in the from line) that seems a bit different and more
fooling.
Is it a new twist, or am I way behind again? And does anyone know the
danger of 'work and taxes'?
Joseph
____ . The WDVL Discussion List from WDVL.COM . ____
To Join wdvltalk, Send An Email To:
mailto:[EMAIL PROTECTED] or
use the web interface
http://e-newsletters.internet.com/discussionlists.html/
Send Your Posts To: wdvltalk@lists.wdvl.com
To change subscription settings, add a password or view the web interface:
http://intm-dl.sparklist.com/read/?forum=wdvltalk
________________ http://www.wdvl.com _______________________
You are currently subscribed to wdvltalk as: [EMAIL PROTECTED]
To unsubscribe send a blank email to [EMAIL PROTECTED]
To unsubscribe via postal mail, please contact us at:
Jupitermedia Corp.
Attn: Discussion List Management
475 Park Avenue South
New York, NY 10016
Please include the email address which you have been contacted with.
____ The WDVL Discussion List from WDVL.COM ____
To Join wdvltalk, Send An Email To: mailto:[EMAIL PROTECTED] or
use the web interface http://e-newsletters.internet.com/discussionlists.html/
Send Your Posts To: wdvltalk@lists.wdvl.com
To change subscription settings, add a password or view the web interface:
http://intm-dl.sparklist.com/read/?forum=wdvltalk
________________ http://www.wdvl.com _______________________
You are currently subscribed to wdvltalk as: archive@jab.org
To unsubscribe send a blank email to [EMAIL PROTECTED]
To unsubscribe via postal mail, please contact us at:
Jupitermedia Corp.
Attn: Discussion List Management
475 Park Avenue South
New York, NY 10016
Please include the email address which you have been contacted with.
