Tweet
Please be adviced that someone is using my name and email adress to spread a virus. If you ever receive an email from someone you think is me with a file attached to it: Do not open this attachement.
I suggest everyone report the person that is sending you this emails to their ISP's. (Report them to the ISP of the person that SEND you that email, not your own ISP =))
Now I hear you ask: "But WTF??? It sais: Gumkak@valendor.org right there!", truth is: the""email sender" field you see can be changed to anything anyone wants with only one keypress... It's very very very easy (even my little cousin of 5 can do it) to change that email adress to George.Bush@thewhitehouse.gov
Now you might ask: Üh.. okay, but how DO I see the adress of the sender then?" The answer is also quite simple: Look at the header of the email. Each email comes with a header that's not visible at first glance that carries a lot of information about what route that specific email has followed before it arrived at your computer.
To see the header of an email:
- With Netscape Communicator: select "View" and then "Message Source" (or simply Press <CTRL> + <U>)
- With Outlook: Right click the email in the list and select: "options", the grey area at the bottom of the window that opens holds the Internet Headers.
Next question... "er.. what do I see, and what should I look for?"
Here's an example of one email I received where someone tells me in quite colorfull language that he received an email with a virus from someone that's using my email adress as "sender", this is what you see when you look at the headers:
The two important things to see are in red and bolded. The red part is the part that can be changed by anyone to anything they like, and is displayed at the FROM field on your email.This is NEVER proof of the identity of the sender. The bold part however is. This is the exact path any email went from the sender (at the bottom) to you (at the top). You'll have to read it from bottom to top.
In this particular example, you'll see the actual sender of the email in this line (the LAST "Received" field in the header):
This tells us the email was send by someone using the CPE-203-45-144-21.qld.bigpond.net.au router with the IP number 203.45.144.21
So... er.. I still don't know who actually send me that email!
Yes... you don't, but you now DO know the Internet Provider of the person that send you this email: http://www.bigpond.com
Now, simply send an email to that ISP's abuse department ( email is simple: abuse@bigpond.com AND to make sure it does arrive, also to abuse@bigpond.net.au) with the message:
Add the original message as I quoted at the top of this post (including all headers and everything) below the "-- Message follows --" and the person that has send you the virus containing email, will most likely find himself banned from his ISP in no-time.
Alternaivelly, if it continues, simply send the same message to the abuse@ email adress of the upstrae mprovider of bigpond (do a traceroute to find out who is one step above that ISP) and urge them to take acion. (If an ISP does not take care of criiminal behaviour of their users they will be cut of fom Internet services themselves)
I suggest everyone report the person that is sending you this emails to their ISP's. (Report them to the ISP of the person that SEND you that email, not your own ISP =))
Now I hear you ask: "But WTF??? It sais: Gumkak@valendor.org right there!", truth is: the""email sender" field you see can be changed to anything anyone wants with only one keypress... It's very very very easy (even my little cousin of 5 can do it) to change that email adress to George.Bush@thewhitehouse.gov
Now you might ask: Üh.. okay, but how DO I see the adress of the sender then?" The answer is also quite simple: Look at the header of the email. Each email comes with a header that's not visible at first glance that carries a lot of information about what route that specific email has followed before it arrived at your computer.
To see the header of an email:
- With Netscape Communicator: select "View" and then "Message Source" (or simply Press <CTRL> + <U>)
- With Outlook: Right click the email in the list and select: "options", the grey area at the bottom of the window that opens holds the Internet Headers.
Next question... "er.. what do I see, and what should I look for?"
Here's an example of one email I received where someone tells me in quite colorfull language that he received an email with a virus from someone that's using my email adress as "sender", this is what you see when you look at the headers:
From - Thu Dec 12 11:57:46 2002
X-UIDL: <001b01c2a1c0$58a471c0$15902dcb@anton>
X-Mozilla-Status: 0013
X-Mozilla-Status2: 00000000
Return-Path: <apavisic@bigpond.net.au>
Received: from lmg01.affinity.com ([207.150.192.13])
by XXXXXXXXXX
(InterMail vM.5.01.05.17 201-253-122-126-117-20021021) with ESMTP
id <20021212092647.GSKM3670.XXXXXXXXXX@lmg01.affin ity.com>
for <XXXXXXXXXX>; Thu, 12 Dec 2002 10:26:47 +0100
Received: from cust_req_fwding (gumkak@valendor.org --> XXXXXXXX) by lmg.ahnet.net id <289957-11012>; Thu, 12 Dec 2002 01:26:16 -0800
Received: from mta01bw.bigpond.com ([139.134.6.78]) by lmg.ahnet.net with ESMTP id <292564-11013>; Thu, 12 Dec 2002 01:25:16 -0800
Received: from anton ([144.135.24.81]) by mta01bw.bigpond.com
(Netscape Messaging Server 4.15 mta01bw Jul 16 2002 22:47:55)
with SMTP id H7026000.13T for <Gumkak@valendor.org>; Thu, 12 Dec
2002 19:25:12 +1000
Received: from CPE-203-45-144-21.qld.bigpond.net.au ([203.45.144.21]) by bwmam05.mailsvc.email.bigpond.com(MailRouter V3.0n 44/15038990); 12 Dec 2002 19:25:08
Message-ID: <001b01c2a1c0$58a471c0$15902dcb@anton>
From: "Anton" <apavisic@bigpond.net.au>
To: "Gumkak" <Gumkak@valendor.org>
References: <20021212071255.YBOB22017.out009.verizon.net@Bo kpbkf>
Subject: Re: A IE 6.0 patch
Date: Thu, 12 Dec 2002 19:24:56 +1000
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0016_01C2A214.27547FD0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
This is a multi-part message in MIME format.
------=_NextPart_000_0016_01C2A214.27547FD0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Realy colorfull X-rated remark editted out
----- Original Message -----=20
From: Gumkak=20
To: apavisic@bigpond.net.au=20
Sent: Thursday, December 12, 2002 5:13 PM
Subject: A IE 6.0 patch
Hi,This is a IE 6.0 patch
I hope you would enjoy it.
------=_NextPart_000_0016_01C2A214.27547FD0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2800.1126" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>Realy colorfull X-rated remark editted out</FONT></DIV>
<BLOCKQUOTE=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV style=3D"FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV=20
style=3D"BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: =
black"><B>From:</B>=20
<A title=3DGumkak@valendor.org =
href=3D"mailto:Gumkak@valendor.org">Gumkak</A>=20
</DIV>
<DIV style=3D"FONT: 10pt arial"><B>To:</B> <A =
title=3Dapavisic@bigpond.net.au=20
href=3D"mailto:apavisic@bigpond.net.au">apavisic@b igpond.net.au</A> =
</DIV>
<DIV style=3D"FONT: 10pt arial"><B>Sent:</B> Thursday, December 12, =
2002 5:13=20
PM</DIV>
<DIV style=3D"FONT: 10pt arial"><B>Subject:</B> A IE 6.0 patch</DIV>
<DIV><BR></DIV><FONT size=3D+0>Hi,This is a IE 6.0 patch<BR>I hope you =
would=20
enjoy it.</FONT> </BLOCKQUOTE></BODY></HTML>
------=_NextPart_000_0016_01C2A214.27547FD0--
X-UIDL: <001b01c2a1c0$58a471c0$15902dcb@anton>
X-Mozilla-Status: 0013
X-Mozilla-Status2: 00000000
Return-Path: <apavisic@bigpond.net.au>
Received: from lmg01.affinity.com ([207.150.192.13])
by XXXXXXXXXX
(InterMail vM.5.01.05.17 201-253-122-126-117-20021021) with ESMTP
id <20021212092647.GSKM3670.XXXXXXXXXX@lmg01.affin ity.com>
for <XXXXXXXXXX>; Thu, 12 Dec 2002 10:26:47 +0100
Received: from cust_req_fwding (gumkak@valendor.org --> XXXXXXXX) by lmg.ahnet.net id <289957-11012>; Thu, 12 Dec 2002 01:26:16 -0800
Received: from mta01bw.bigpond.com ([139.134.6.78]) by lmg.ahnet.net with ESMTP id <292564-11013>; Thu, 12 Dec 2002 01:25:16 -0800
Received: from anton ([144.135.24.81]) by mta01bw.bigpond.com
(Netscape Messaging Server 4.15 mta01bw Jul 16 2002 22:47:55)
with SMTP id H7026000.13T for <Gumkak@valendor.org>; Thu, 12 Dec
2002 19:25:12 +1000
Received: from CPE-203-45-144-21.qld.bigpond.net.au ([203.45.144.21]) by bwmam05.mailsvc.email.bigpond.com(MailRouter V3.0n 44/15038990); 12 Dec 2002 19:25:08
Message-ID: <001b01c2a1c0$58a471c0$15902dcb@anton>
From: "Anton" <apavisic@bigpond.net.au>
To: "Gumkak" <Gumkak@valendor.org>
References: <20021212071255.YBOB22017.out009.verizon.net@Bo kpbkf>
Subject: Re: A IE 6.0 patch
Date: Thu, 12 Dec 2002 19:24:56 +1000
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0016_01C2A214.27547FD0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
This is a multi-part message in MIME format.
------=_NextPart_000_0016_01C2A214.27547FD0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Realy colorfull X-rated remark editted out
----- Original Message -----=20
From: Gumkak=20
To: apavisic@bigpond.net.au=20
Sent: Thursday, December 12, 2002 5:13 PM
Subject: A IE 6.0 patch
Hi,This is a IE 6.0 patch
I hope you would enjoy it.
------=_NextPart_000_0016_01C2A214.27547FD0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2800.1126" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>Realy colorfull X-rated remark editted out</FONT></DIV>
<BLOCKQUOTE=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV style=3D"FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV=20
style=3D"BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: =
black"><B>From:</B>=20
<A title=3DGumkak@valendor.org =
href=3D"mailto:Gumkak@valendor.org">Gumkak</A>=20
</DIV>
<DIV style=3D"FONT: 10pt arial"><B>To:</B> <A =
title=3Dapavisic@bigpond.net.au=20
href=3D"mailto:apavisic@bigpond.net.au">apavisic@b igpond.net.au</A> =
</DIV>
<DIV style=3D"FONT: 10pt arial"><B>Sent:</B> Thursday, December 12, =
2002 5:13=20
PM</DIV>
<DIV style=3D"FONT: 10pt arial"><B>Subject:</B> A IE 6.0 patch</DIV>
<DIV><BR></DIV><FONT size=3D+0>Hi,This is a IE 6.0 patch<BR>I hope you =
would=20
enjoy it.</FONT> </BLOCKQUOTE></BODY></HTML>
------=_NextPart_000_0016_01C2A214.27547FD0--
In this particular example, you'll see the actual sender of the email in this line (the LAST "Received" field in the header):
Received: from CPE-203-45-144-21.qld.bigpond.net.au ([203.45.144.21]) by bwmam05.mailsvc.email.bigpond.com(MailRouter V3.0n 44/15038990); 12 Dec 2002 19:25:08
So... er.. I still don't know who actually send me that email!
Yes... you don't, but you now DO know the Internet Provider of the person that send you this email: http://www.bigpond.com
Now, simply send an email to that ISP's abuse department ( email is simple: abuse@bigpond.com AND to make sure it does arrive, also to abuse@bigpond.net.au) with the message:
Greetings,
One of our users received the following virus containing
mass spam email from one of your users. The email message
contained a file containing a virus aswell. Our user
requisted your user several times to stop sending him
unsolicited emails (spam) however your user does not remove
our user from his/her spam-list. This is a violation of
several agreements regarding UCE/SPAM as you can find on:
http://www.courts.wa.gov/opinions/opindisp.cfm?docid=694168MAJ
Could you please take appropriate actions to stop your user
from filling up our mailsevers with spam messages and taking
up valuable network resources.
We do not think that we need to point out that sending VIRII
Containing files via the internet is a criminal offense in
all countries of the world and expect you to take
appropriate steps to report the criminal activities of your
user to your local authorities.
The following link explains why web-hosting providers need
to be as vigilant as mail server operators and ISPs in
putting a stop to UCE and terminating spammers' accounts.
Everyone who allows spamming to continue is at risk for
denial of service by way of ORBS, RBL and any future
anti-spam technologies.
http://www.mail-abuse.org/rbl/candidacy.html#ByAssociation With kind regards,
valendor.org abuse department
-- Message follows --
One of our users received the following virus containing
mass spam email from one of your users. The email message
contained a file containing a virus aswell. Our user
requisted your user several times to stop sending him
unsolicited emails (spam) however your user does not remove
our user from his/her spam-list. This is a violation of
several agreements regarding UCE/SPAM as you can find on:
http://www.courts.wa.gov/opinions/opindisp.cfm?docid=694168MAJ
Could you please take appropriate actions to stop your user
from filling up our mailsevers with spam messages and taking
up valuable network resources.
We do not think that we need to point out that sending VIRII
Containing files via the internet is a criminal offense in
all countries of the world and expect you to take
appropriate steps to report the criminal activities of your
user to your local authorities.
The following link explains why web-hosting providers need
to be as vigilant as mail server operators and ISPs in
putting a stop to UCE and terminating spammers' accounts.
Everyone who allows spamming to continue is at risk for
denial of service by way of ORBS, RBL and any future
anti-spam technologies.
http://www.mail-abuse.org/rbl/candidacy.html#ByAssociation With kind regards,
valendor.org abuse department
-- Message follows --
Alternaivelly, if it continues, simply send the same message to the abuse@ email adress of the upstrae mprovider of bigpond (do a traceroute to find out who is one step above that ISP) and urge them to take acion. (If an ISP does not take care of criiminal behaviour of their users they will be cut of fom Internet services themselves)
ops:
Comment