Re: Virus???

[Mauri Sahlberg <Mauri Sahlberg pretax net>]

ma, 2003-11-03 kello 00:03, Al Gelders kirjoitti:
> For the last couple of weeks my email account has been deluged with mail
> bounces from people I've never heard of.  The headers all state that the
> original email was from my email address but there is a different name
> associated with each.  Most have a subject like "hi jim, how is
> college?" or the like (i.e. John Doe <agelders lightspeed net>). On a
> typical weekday I'll receive 20 to 50 bounced emails that all claim me
> as the originator.
> 

First thing I would assume is that somebody has forged your e-mail
address as a sender. I had to put one of my e-mail addresses on hold for
a month to get rid of bounces caused by spammers. Many of the email
servers out there are configured so that they require a valid existing
sender and when I deactivated that address for a month it stopped being
a valid one and therefore became no use for the more advanced spammers. 

But to make sure, if I were you, I would make sure that all outgoing
traffic is logged, especially your smtp traffic, and then verify from
the logs that you really are not the one who is actually sending out
spam.

Other thing what I did was to start using gpg signature on all of my
emails but that I had to stop it pretty soon, as most of the people
around the world use something as brain dead as Microsoft Outlook
Express which would not show my messages on preview pane or would claim
that it would be hazardous to open my message. This is known problem
with Evolution, OE and gpg. Evolution supports only newer and valid
standard sending signatures as attachments while OE only supports older
standard that requires signatures to be included in the email body.
Microsoft's response afaik is that you should switch to real Outlook to
get support for this feature and Evolution people could not care less if
something broke OE. 

It is funny how people who don't think it is safe to drive car 50 meters
without your seat belt bugled can still keep using a piece of shit for
an email client after they have been proved time after time it to be a
security hazard. After I argued unsuccessfully with five people I just
gave up. If somebody gets poisoned by virus that claims it has
originated from me, I will just say too bad in an email from president
Bush to them to make my point. 


> I thought I had a pretty well firewalled machine that I keep current. 
> Is there any possibility that it has been taken over and I'm either
> spamming people or sending out a virus?  If it is me, where do I look to
> clean it up?  BTW, I do have a Win2K machine on my local network but it
> doesn't even have email enabled. Thanks.

You have denied all traffic out of that box? You can still send e-mail
with your own address even when you have denied SMTP, POP and IMAP. You
just connect with HTTP to some server that provides e-mail through web
interface. And honestly I really think that if you have a breach in your
security it probably is on that w2k box. 


-- 
CEO Claymountain Solutions Oy            | "And the ship of the fools
Technology Evangelist Pretax Systems Oy  | sailed away..."