April 22nd, 2003, 10:34 PM
"Where dose SPAM come from"
The Center for Democracy and Technology has posted a very good artical on where spam comes from, and how to protect yourself from it.
April 23rd, 2003, 07:39 AM
hei thats nice ...
April 23rd, 2003, 12:55 PM
I read the article after seeing a post on Slashdot and think it is the best investigation into the source of spam I have read. Most of it reflected my personal experiences but I was surprised at how effective using "example at domain dot com" was in comparision to "firstname.lastname@example.org". I would have thought the spammers would have been sophisticated enough to account for a number of these measures.
Also I own two .com domains and while I have only received one bit of spam for each (which is inline with the reports findings that domain registration does not open the spam flood gates) I am surprised that the whois database is not targeted by spammers. Lets hope it stays that way!
April 23rd, 2003, 01:41 PM
I believe that spam originates from people who have too much time on their hands, or people who have simply nothing to do. Some people in my school send spam as a pastime, more to annoy than to cause damage.
April 23rd, 2003, 02:23 PM
History of Virus Hoxs and Spam
Not exactly spam but virus hoax messages are a pain.
I honestly have users who think that virii can travel in power lines.
Since 1988, computer virus hoaxes have been circulating the Internet. In October of that year, according to Ferbrache ("A pathology of Computer Viruses" Springer, London, 1992) one of the first virus hoaxes was the 2400 baud modem virus:
SUBJ: Really Nasty Virus
AREA: GENERAL (1)
I've just discovered probably the world's worst computer virus
yet. I had just finished a late night session of BBS'ing and file
treading when I exited Telix 3 and attempted to run pkxarc to
unarc the software I had downloaded. Next thing I knew my hard
disk was seeking all over and it was apparently writing random
sectors. Thank god for strong coffee and a recent backup.
Everything was back to normal, so I called the BBS again and
downloaded a file. When I went to use ddir to list the directory,
my hard disk was getting trashed again. I tried Procomm Plus TD
and also PC Talk 3. Same results every time. Something was up so I
hooked up to my test equipment and different modems (I do research
and development for a local computer telecommunications company
and have an in-house lab at my disposal). After another hour of
corrupted hard drives I found what I think is the world's worst
computer virus yet. The virus distributes itself on the modem sub-
carrier present in all 2400 baud and up modems. The sub-carrier is
used for ROM and register debugging purposes only, and otherwise
serves no othr (sp) purpose. The virus sets a bit pattern in one
of the internal modem registers, but it seemed to screw up the
other registers on my USR. A modem that has been "infected" with
this virus will then transmit the virus to other modems that use a
subcarrier (I suppose those who use 300 and 1200 baud modems
should be immune). The virus then attaches itself to all binary
incoming data and infects the host computer's hard disk. The only
way to get rid of this virus is to completely reset all the modem
registers by hand, but I haven't found a way to vaccinate a modem
against the virus, but there is the possibility of building a
subcarrier filter. I am calling on a 1200 baud modem to enter this
message, and have advised the sysops of the two other boards
(names withheld). I don't know how this virus originated, but I'm
sure it is the work of someone in the computer telecommunications
field such as myself. Probably the best thing to do now is to
stick to 1200 baud until we figure this thing out.
This bogus virus description spawned a humorous alert by Robert Morris III :
Date: 11-31-88 (24:60) Number: 32769
To: ALL Refer#: NONE
From: ROBERT MORRIS III Read: (N/A)
Subj: VIRUS ALERT Status: PUBLIC MESSAGE
Warning: There's a new virus on the loose that's worse than
anything I've seen before! It gets in through the power line,
riding on the powerline 60 Hz subcarrier. It works by changing the
serial port pinouts, and by reversing the direction one's disks
spin. Over 300,000 systems have been hit by it here in Murphy,
West Dakota alone! And that's just in the last 12 minutes.
It attacks DOS, Unix, TOPS-20, Apple-II, VMS, MVS, Multics, Mac,
RSX-11, ITS, TRS-80, and VHS systems.
To prevent the spread of the worm:
1) Don't use the powerline.
2) Don't use batteries either, since there are rumors that this
virus has invaded most major battery plants and is infecting the
positive poles of the batteries. (You might try hooking up just
the negative pole.)
3) Don't upload or download files.
4) Don't store files on floppy disks or hard disks.
5) Don't read messages. Not even this one!
6) Don't use serial ports, modems, or phone lines.
7) Don't use keyboards, screens, or printers.
8) Don't use switches, CPUs, memories, microprocessors, or
9) Don't use electric lights, electric or gas heat or
air conditioning, running water, writing, fire, clothing or the
I'm sure if we are all careful to follow these 9 easy steps, this
virus can be eradicated, and the precious electronic fluids of
our computers can be kept pure.
Since that time virus hoaxes have flooded the Internet. With thousands of viruses worldwide, virus paranoia in the community has risen to an extremely high level. It is this paranoia that fuels virus hoaxes. A good example of this behaviour is the "Good Times" virus hoax which started in 1994 and is still circulating the Internet today. Instead of spreading from one computer to another by itself, Good Times relies on people to pass it along.
April 23rd, 2003, 02:29 PM
that's good ballad ... and i found it either in spamhaus project and in the spam tutorial
April 23rd, 2003, 02:31 PM
do spam filters work, and if so, HOW???
April 23rd, 2003, 02:34 PM
Other info gathered
I sent round a mail with this info I gathered from CIAC and the users here seem to be a little wiser.
What Are Internet Hoaxes and Chain Letters?
Internet hoaxes and chain letters are e-mail messages written with one purpose; to be sent to everyone you know. The messages they contain are usually untrue. A few of the sympathy messages do describe a real situation but that situation was resolved years ago so the message is not valid and has not been valid for many years. Hoax messages try to get you to pass them on to everyone you know using several different methods of social engineering. Most of the hoax messages play on your need to help other people. Who wouldn't want to warn their friends about some terrible virus that is destroying people's systems? Or, how could you not want to help this poor little girl who is about to die from cancer? It is hard to say no to these messages when you first see them, though after a few thousand have passed through your mail box you (hopefully) delete them without even looking.
Chain letters are lumped in with the hoax messages because they have the same purpose as the hoax messages but use a slightly different method of coercing you into passing them on to everyone you know. Chain letters, like their printed ancestors, generally offer luck or money if you send them on. They play on your fear of bad luck and the realization that it is almost trivial for you to send them on. The chain letters that deal in money play on people's greed and are illegal no matter what they say in the letter.
The Risk and Cost of Hoaxes
The cost and risk associated with hoaxes may not seem to be that high, and isn't when you consider the cost of handling one hoax on one machine. However, if you consider everyone that receives a hoax, that small cost gets multiplied into some pretty significant costs.
Most people have seen far more than one hoax message and many people cost a business far more when you add in benefits and overhead. The result is not a small number.
Probably the biggest risk for hoax messages is their ability to multiply. Most people send on the hoax messages to everyone in their address books but consider if they only sent them on to 10 people. The first person (the first generation) sends it to 10, each member of that group of 10 (the second generation) sends it to 10 others or 100 messages and so on.
Generation: 1 2 3 4 5 6
Number of Messages 10 100 1,000 10,000 100,000 1,000,000
As you can see, by the sixth generation there are a million e-mail messages being processed by our mail servers.
Recently, we have been hearing of spammers (bulk mailers of unsolicited mail) harvesting e-mail addresses from hoaxes and chain letters. After a few generations, many of these letters contain hundreds of good addresses, which is just what the spammers want. We have also heard rumours that spammers are deliberately starting hoaxes and chain letters to gather e-mail addresses (of course, that could be a hoax). So now, all those nice people who were so worried about the poor little girl dying of cancer find themselves not only laughed at for passing on a hoax but also the recipients of tons of spam mail.
How to Recognize a Hoax
Probably the first thing you should notice about a warning is the request to "send this to everyone you know" or some variant of that statement. This should raise a red flag that the warning is probably a hoax. No real warning message from a credible source will tell you to send this to everyone you know.
Next, look at what makes a successful hoax. There are two known factors that make a successful hoax, they are:
(1) technical sounding language.
(2) credibility by association.
If the warning uses the proper technical jargon, most individuals, including technologically savvy individuals, tend to believe the warning is real. For example, the Good Times hoax says that "...if the program is not stopped, the computer's processor will be placed in an nth-complexity infinite binary loop which can severely damage the processor...". The first time you read this, it sounds like it might be something real. With a little research, you find that there is no such thing as an nth-complexity infinite binary loop and that processors are designed to run loops for weeks at a time without damage.
When we say credibility by association we are referring to who sent the warning. If the janitor at a large technological organization sends a warning to someone outside of that organization, people on the outside tend to believe the warning because the company should know about those things. Even though the person sending the warning may not have a clue what he is talking about, the prestige of the company backs the warning, making it appear real. If a manager at the company sends the warning, the message is doubly backed by the company's and the manager's reputations.
Both of these items make it very difficult to claim a warning is a hoax so you must do your homework to see if the claims are real and if the person sending out the warning is a real person and is someone who would know what they are talking about. You do need to be a little careful verifying the person as the apparent author may be a real person who has nothing to do with the hoax. If thousands of people start sending them mail asking if the message is real, that essentially constitutes an unintentional denial of service attack on that person. Check the person's web site or the person's company web site to see if the hoax has been responded to there. Check these pages or the pages of other hoax sites to see if we have already declared the warning a hoax.
Hoax messages also follow the same pattern as a chain letter (see below).
Recognizing a Chain Letter
Chain letters and most hoax messages all have a similar pattern. From the older printed letters to the newer electronic kind, they all have three recognizable parts:
First, there is a hook, to catch your interest and get you to read the rest of the letter. Hooks used to be "Make Money Fast" or "Get Rich" or similar statements related to making money for little or no work. Electronic chain letters also use the "free money" type of hooks, but have added hooks like "Danger!" and "Virus Alert" or "A Little Girl Is Dying". These tie into our fear for the survival of our computers or into our sympathy for some poor unfortunate person.
When you are hooked, you read on to the threat. Most threats used to warn you about the terrible things that will happen if you do not maintain the chain. However, others play on greed or sympathy to get you to pass the letter on. The threat often contains official or technical sounding language to get you to believe it is real.
Finally, the request. Some older chain letters ask you to mail a dollar to the top ten names on the letter and then pass it on. The electronic ones simply admonish you to "Distribute this letter to as many people as possible." They never mention clogging the Internet or the fact that the message is a fake, they only want you to pass it on to others.
Chain letters usually do not have the name and contact information of the original sender so it is impossible to check on its authenticity. Legitimate warnings and solicitations will always have complete contact information from the person sending the message and will often be signed with a cryptographic signature, such as PGP to assure its authenticity. Many of the newer chain letters do have a person's name and contact information but that person either does not really exist or does exist but does not have anything to do with the hoax message. As mentioned in the previous section, try to use other means than contacting the person directly to find out if the message is a hoax. Try the person's web page, the person's company web page, or this and other hoax sites first to see if the message has already been declared a hoax.
For example, the PENPAL GREETINGS! hoax shown below appears to be an attempt to kill an e-mail chain letter. This chain letter is a hoax because reading a text e-mail message does not execute a virus nor does it execute any attachments; therefore the Trojan horse must be self starting. Aside from the fact that a program cannot start itself, the Trojan horse would have to know about every different kind of e-mail program to be able to forward copies of itself to other people. We have had to modify this statement slightly for the newer html mail readers. If a mail message is formatted with html and contains scripts, those scripts will run when the e-mail message is read. Active scripting should always be turned off for a mail reader so that malicious code like the KAK worm cannot automatically run.
Notice the three parts of a chain letter, which are easy to identify in this example.
Subject: Virus Alert
If anyone receives mail entitled: PENPAL GREETINGS! please delete it WITHOUT
reading it. Below is a little explanation of the message, and what it would
do to your PC if you were to read the message. If you have any questions or
concerns please contact SAF-IA Info Office on 697-5059.
This is a warning for all internet users - there is a dangerous virus
propogating across the internet through an e-mail message entitled "PENPAL
DO NOT DOWNLOAD ANY MESSAGE ENTITLED "PENPAL GREETINGS!"
This message appears to be a friendly letter asking you if you are
interested in a penpal, but by the time you read this letter, it is too late.
The "trojan horse" virus will have already infected the boot sector of your hard
drive, destroying all of the data present. It is a self-replicating virus,
and once the message is read, it will AUTOMATICALLY forward itself to anyone
who's e-mail address is present in YOUR mailbox!
This virus will DESTROY your hard drive, and holds the potential to DESTROY
the hard drive of anyone whose mail is in your inbox, and who's mail is in
their inbox, and so on. If this virus remains unchecked, it has the potential
to do a great deal of DAMAGE to computer networks worldwide!!!!
Please, delete the message entitled "PENPAL GREETINGS!" as soon as you see it!
And pass this message along to all of your friends and relatives, and the
other readers of the newsgroups and mailing lists which you are on, so that
they are not hurt by this dangerous virus!!!!
Validating a Warning
IT Support recommends that you DO NOT circulate warnings without first checking with an authoritative source. Authoritative sources are your computer system security administrator or IT Support. Real warnings about viruses and other network problems are issued by computer security response teams (CIAC, CERT, ASSIST, NASIRC, etc.) and are digitally signed by the sending team using PGP. If you download a warning from a team's web site or validate the PGP signature, you can usually be assured that the warning is real. Warnings without the name of the person sending the original notice, or warnings with names, addresses and phone numbers that do not actually exist are probably hoaxes. Warnings about new malicious code are also available at the ant virus vendors sites and at the operating system's vendor site.
What to Do When You Receive a Warning
On receiving a warning message which you cannot identify from these pages forward it to a member of IT staff.
When in Doubt, Don't Send It Out.
Why People Send Chain Letters and Hoax Messages
Only the original writer knows the real reason, but some possibilities are:
To see how far a letter will go.
To harass another person (include an e-mail address and ask everyone to send mail, e.g. Jessica Mydek).
To bilk money out of people using a pyramid scheme.
To kill some other chain letter (e.g. Make Money Fast).
To damage a person's or organisation's reputation.
April 23rd, 2003, 04:22 PM
Yes Spam filters work very well...If someone is a lot more familiar with it then I am would post a spammassain TUT I think we would all be very obliged...if not well I am going to try and get ti running this weekend so I will report if I am successful.
Originally posted here by ChrisWuk
do spam filters work, and if so, HOW???
They work because 90% of all Spam come from 180 people here is the list
if you block them Spam drops dramatically.
Spamhaus is a great anti Spam resource for all of your anti Spam needs .
OK all this talk of Spam is making me hungry ... any one up for Spam, Spam, Spam, and Eggs hold the eggs?
April 23rd, 2003, 08:27 PM
Noticed alot more spam in the past year and a half or so??? A big thing recently has been people using insecure wireless networks to send from. Being parked out on the road or in a lot you are virtualy untrackable. One thing I do for work is to find such networks and report the vulnerabilities to the IT managers. It is pretty fun to do but must be used for positive reasons only.
Nice White hat war driver article: http://www.oreillynet.com/pub/a/wire...wardriver.html
Ulter C. Sceadu CCNP
\"Don\'t make your lack of planning my emergency.\"