Klarinet Archive - Posting 000020.txt from 2004/08

From: Umar Goldeli <umar@-----.com>
Subj: [kl] Re: Security rant - was [kl] Strange private e-mail
Date: Sun, 1 Aug 2004 19:48:58 -0400

Hi Gary,

In terms of what you can do about not receiving spam.. unfortunately there
is very little.. you can always use a spam filter - but the issue is that
a spam filter fundamentally works *after* the email has been received - so
delivery to some point is already accomplished (your ISP can also
implement a spam filter as well - but then the same thing applies to
them - and there are huge legal issues involved with doing that anyway).

In terms of your computer being used to send out spam - this is a very
common thing for windows users - there are any number of security
vulnerabilities within windows at any given time. So what happens is that
worms and other nasties generally automatically attack random computers in
the hope that your particular computer is vulnerable.

There are a million variants of attack vectors and payloads - but the most
recent ones seem to be attacking to take control of your computer to use
it to send spam for commercial purposes.

The good news is that you can do something about not being a victim.

It appears that you are using Windows and Netscape 7.1/Mozilla as a
browser/mail client. I don't know about your windows installation version
- but I would recommend that you update your browser while you're at it.
;)

(Why don't you have a look at "firefox" - the latest mozilla variant -
excellent and fast browser: www.mozilla.org)

The most important thing though is that as a Windows user - your best
friend is called "Windows Update" - start Internet Explorer, go to the
Tools menu and there should be an entry for "Windows Update". Select this
and your computer will connect to Microsoft's Update servers and look for
security updates applicable to your computer.

If you are using a pirated version of Windows or have weird software
installed etc etc - don't fear - this is all done without sending any info
to Microsoft.

If you have never done this before - you will probably have to download
TONNES of stuff. Mind you - it's all automatically installed - so no pain.

The idea is to do this *very* regularly. At *least* on a weekly basis.

The is the single most important thing you can do.

(if your computer has been sending out lots of spam - you may want to
check your outgoing data volume and compare it with your "usual" volumes
to verify "oddity". The other thing is that often a virus scanner will not
pickup things like this because it may not necessarily be a "virus" as per
se.. it depends on the vulnerability, attack vector.. blah blah..)

However - on top of windows updating on a regular basis - if you can - I
would suggest running a personal firewall (or at least enable the default
windows one if you are running XP) and an anti-virus program (you
mentioned you had macafee - when was the last time you updated your virus
signatures by the way? ;)

Regarding how they get your email address to send spam to in the first
place - it depends. In the normal scheme of things - the bulk of email
addresses are "harvested" from webpages. If you're seeing "klarinet"
subscriber addresses - then my money is on the fact that it has been
harvested from the list archives (if addresses are visible).

If you're seeing email addresses from other subscribers at your ISP -
chances are that the spammer is matching other harvested email addresses
to forge as a source address to your domain. This is a social engineering
trick in the hope that the recipient will think "hey, this may be a
genuine email - it comes from someone within my own domain/company"..

There are many other spamming tricks and harvesting methods too.. too many
to list here.

This is the tip of the iceberg for security matters - but seriously - the
best thing you can do is to protect yourself. This way - you will not have
problems - and you will be protecting your "neighbour" as well from the
chance of being attacked by *your* computer if it is compromised.

Ooops.. ranted for too long.. ;)

//umar.

> I've had a similar problem for 2 weeks. Each day 1 or 2 pieces of junk
> mail get through the filter. They are coming from addresses within my
> own ISP. The ISP sent me an automated message yesterday telling me that
> an unusual amount of junk mail has been sent from my computer lately. I
> ran McAfee and it did not find any problems. In the past I have gotten
> junk email sent from my address but that was 3 months ago. If anyone
> knows what to do about this tell me.
>

---------------------------------------------------------------------
Klarinet is a service of Woodwind.Org, Inc. http://www.woodwind.org

   
     Copyright © Woodwind.Org, Inc. All Rights Reserved    Privacy Policy    Contact charette@woodwind.org