rbr email address scraping...

Sorry to bring this up, but I've just received an email that proves this
newsgroup has had all the email addresses embedded in current messages
'scraped' by a spammer and is being used to propagate the w32.swen.a@mm
worm.

My machines at home are being hit with two messages every three minutes
from recognizable addresses from this newsgroup. There are two message
formats - one looks like a letter from Microsoft with information about a
security patch and the other is a bogus "unable to deliver" message. Both
have an executable file attached containing the worm. At two every three
minutes, it only takes about 2.5 hours to overflow my ISP's email space
allotment.



Do us all a favor and update your virus software definitions, and maybe
follow this personal recommendation - munge your email address in messages
to the newsgroup just enough to prevent easy use by these jackasses.

Mike G.
-

----------------------------------------------------------------
Mike Gladu - Cycling Photojournalist & webmaster of "the 'drome"
Email: mikeatvelodromedotcom Online: http://www.velodrome.com/
================================================== ==============

(Mike Gladu) writes:

Sorry to bring this up, but I've just received an email that proves this
newsgroup has had all the email addresses embedded in current messages
'scraped' by a spammer and is being used to propagate the w32.swen.a@mm
worm.

Hi there Mike Gladu

The phenomenon you are experiencing is not limited exclusively to
this ng, or even to ng's in general.

Countless Thousands of people are experiencing the same problem
many (most perhaps) of whom do not subscribe to the usenet.

There are some defensive tactics possible though.

The simplest is to NEVER read any mail sent to the address you use
to post to ng's. And forget the method you are currently uaing to
attempt to limit the harvesting of your address. It's a waste of
bandwidth as any harvester worth his salt has his address grabber
programme set to extract such lame attempts at camouflage.

Get a hotmail (or similar) address and set the spam filter to
exclusive and the _Safe_list_ to only your own address and
use it to post publicly.

Spoof the From: on your outbound messages to the HotMail (or similar)_
address you set up.

Get a Fastmail, FreeShell or CyberSpace address to use as your main
inbound mail path.

IE: Cut out Mindspring/Earthlink/Itchy/Scratchy (I believe you are
subscribed to one of that family as an ISP) EXCEPT as an outbound path
and expose your _Trusted_ Fastmail, FreeShell or CyberSpace address
only where you are sure it will not result in UCE or other Malicious
stunts.

You won't be bothered again with the sort of things you are
currently experiencing from ng related sources. You will still
get unwanted e-mail but it will be minimal and if you use FastMail
(they have around 100 domains you can choose from too) your mail will
be pre-scanned with Sieve for your further protection.

If you (or anybody for that matter) needs a little help on protecting
a system, just ask in here and give me an address where I can definitely
reach you by e-mail.

What you have to do is tighten up your inbound path and. short of PBH'ing
and whitelisting, since those methods lead to throwing the baby out with
the bathwater occasionally, make sure that you are troubled as little as
possible by unwanted e-mails.

--
le vent a Dos

Davey Crockett

Or you could just use a Mac..................like I do...





On 9/20/03 2:47 AM, in article ,
"Mike Gladu" wrote:

Sorry to bring this up, but I've just received an email that proves this
newsgroup has had all the email addresses embedded in current messages
'scraped' by a spammer and is being used to propagate the w32.swen.a@mm
worm.

My machines at home are being hit with two messages every three minutes
from recognizable addresses from this newsgroup. There are two message
formats - one looks like a letter from Microsoft with information about a
security patch and the other is a bogus "unable to deliver" message. Both
have an executable file attached containing the worm. At two every three
minutes, it only takes about 2.5 hours to overflow my ISP's email space
allotment.



Do us all a favor and update your virus software definitions, and maybe
follow this personal recommendation - munge your email address in messages
to the newsgroup just enough to prevent easy use by these jackasses.

Mike G.
-

----------------------------------------------------------------
Mike Gladu - Cycling Photojournalist & webmaster of "the 'drome"
Email: mikeatvelodromedotcom Online: http://www.velodrome.com/
================================================== ==============

On 09/20/2003 04:02 PM, in article ,
"Steve" wrote:

Or you could just use a Mac..................like I do...


Using a Mac, like I do as well, may protect you from getting infected by the
virus, but it's not going to stop your mailbox from getting slammed with
messages infected with the virus.

I opened up this morning to 200 e-mail messages, 150+ of which contained the
virus Mike G. is talking about ...

--
Steven L. Sheffield
stevens at veloworks dot com
veloworks at worldnet dot ay tea tee dot net
bellum pax est libertas servitus est ignoratio vis est
ess ay ell tea ell ay kay ee sea aye tee why you ti ay aitch
aitch tee tea pea colon [for word] slash [four ward] slash double-you
double-yew double-ewe dot veloworks dot com [four word] slash

In article
,
Davey Crockett wrote:

"Steven L. Sheffield" writes:

On 09/20/2003 04:02 PM, in article ,
"Steve" wrote:

Or you could just use a Mac..................like I do...

Using a Mac, like I do as well, may protect you from getting infected by the
virus, but it's not going to stop your mailbox from getting slammed with
messages infected with the virus.

I opened up this morning to 200 e-mail messages, 150+ of which contained the
virus Mike G. is talking about ...

You hit the nail squarely on the head there Steven.

The infestation is only one side of the coin.

A Mac will protect you from this I believe, and so will Linux
which I personally use.

But the receipt of the junk in the first place remains a problem.

My ISP has a pretty good filtering system so the vast majority of the
spam I get goes into a spamfolder on the ISP's server. it is pretty
easy to mass delete the spam while doing a quick check to make sure no
real mail has been caught in the spam filter.

I have never ried to hide my email address but I get a fairly small
amount of spam. I guess since I only visit a small number of web sites
or newsgroups my address isn't out there very much.Or maybe it is the
fact I don't have many friends so my email isn't in very many people

No ****, Sherlock ...

But I'd rather not have to go through the process of actually downloading
22.5 MB of viruses and deleting them ... (150 messages at 150K each)

You really are a dumbass, aren't you?



On 09/20/2003 06:50 PM, "Steve" wrote:

On 9/20/03 4:08 PM, in article , "Steven
L. Sheffield" wrote:

On 09/20/2003 04:02 PM, in article ,
"Steve" wrote:

Or you could just use a Mac..................like I do...


Using a Mac, like I do as well, may protect you from getting infected by the
virus, but it's not going to stop your mailbox from getting slammed with
messages infected with the virus.

I opened up this morning to 200 e-mail messages, 150+ of which contained the
virus Mike G. is talking about ...


Deleting is one of the easiest things to teach someone on the
computer................


--
Steven L. Sheffield
stevens at veloworks dot com
veloworks at worldnet dot ay tea tee dot net
bellum pax est libertas servitus est ignoratio vis est
ess ay ell tea ell ay kay ee sea aye tee why you ti ay aitch
aitch tee tea pea colon [for word] slash [four ward] slash double-you
double-yew double-ewe dot veloworks dot com [four word] slash

In article , Steve
wrote:

Or you could just use a Mac..................like I do...

As do I...

....but it does nothing to stop email from coming in.

"Davey"s solutions pique my interest for the future, but don't address
stopping the current flood.

Earthlink's spam filtering doesn't address this particular worm's ability
hide where it comes from - blocking known spammer domains and individual
addresses is of little value.

A simple filter capable of stopping messages with executables attached
would suffice, but is not available in their limited arsenal.

I'd be happy to hear blocking ideas for Mac users (Eudora specifically).

Mike G.
-

----------------------------------------------------------------
Mike Gladu - Cycling Photojournalist & webmaster of "the 'drome"
Email: mikeatvelodromedotcom Online: http://www.velodrome.com/
================================================== ==============

Just found and used a great little programme called ultrafunk popcorn which
deletes unwanted junk from server.
Freeware at www.ultrafunk.com
All the best
Dan Gregory

Dan Gregory wrote:
Just found and used a great little programme called ultrafunk popcorn
which deletes unwanted junk from server.
Freeware at www.ultrafunk.com
All the best
Dan Gregory

What a coincidence. I just found and used a great little program called
W32/Swen@MM which purports to do the same thing.

"Robert Chung" wrote in message
...
Dan Gregory wrote:
Just found and used a great little programme called ultrafunk popcorn
which deletes unwanted junk from server.
Freeware at www.ultrafunk.com
All the best
Dan Gregory

What a coincidence. I just found and used a great little program called
W32/Swen@MM which purports to do the same thing.
This just downloads headers and you can delete them from you ISP mailbox so
that all the files over 140kb that I have blocked with Outlook can be got
rid of.
It isn't another virus/spam spreader..
All the best
Dan Gregory