Re: Fwd: hey, wassup rMoYa

[Hassan Aurag <aurag crm umontreal ca>]

 I have for a long time kept receiving spam where the spammer uses 
known addresses. Lately, one has even gotten to send a spam to a 
private list in the university I am in. So how the heck they got that 
address, no one really knows.

 Anyway, what I suggest is that you find the real site that sent that 
message and instruct your mailboxes manager (sendmail, procmail, 
whatever) to remove ANY mail coming from that place!

 This way, only the real hp@redhat.com will get through!

 If people really enforced that, we would get less spam!

 Another 'legal?' way is to instruct your procmail sendmail to stealth 
synflood the originating machine if detected before adding it to the 
black-list.

 
>>>>>>>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<<

On 11/16/99, 12:24:00 PM, "Michael H. Warfield" <mhw@wittsend.com> wrote 
regarding Re: Fwd: hey, wassup rMoYa:


>       Danger!

> On Tue, Jul 07, 1998 at 04:56:02PM +0200, Rodrigo Moya wrote:
> > Hi all!

> > I've received this message directly sent to my private email address 
and
> > I don't
> > know who the this hp from RedHat is. I ask this question in the list
> > because the
> > address is from
> > redhat. Of course, I haven't asked for any address to this guy, and 
even
> > less one
> > about SEX to somebody in RedHat (I have better ways of looking for sex
> > than asking
> > to RedHat).

> > As I suppose, this guy who sent this message does not work for RedHat
> > (maybe he used
> > the already exisitng address), so this is the other purpose of sending
> > the message
> > to the
> > list, to warn you.

>       The individual in question has been sending out customised SPAM
> (or what looks like SPAM).  It is MUCH WORSE.  The site is a hostile
> web site.  We have analyzed some of the pages up there and they are
> designed to bypass security checks and do damage to Windows systems.
> The silly ape has a script up there that tries to format all of your
> hard drives, but he starts out by trying to format c: (well duh!).

> > And what scared me about this mail (I just remove this kind of 
messages
> > when I
> > receive them with no further interest) is that it was sent to my 
private
> > mail and
> > even it talks
> > about this in the message (see above the line 'ps: why r u using
> > chez.com now? it
> > doens't make sence, anyway *bye*...', ---- my private address is
> > rmoya@chez.com).
> > Maybe somebody
> > is using my address for something else.

>       No...  It's a bot.  It's on autopilot.  It reaped your address
> from some web page (probably mailing list archive sites) and processed
> it through.  It splits the E-Mail address into local and network parts
> and customizes the message to make it look like it was done by 
liveware.
> We got one into "linux-kernel@vger.rutgers.edu" like that and it was
> address to "Linux-kernel" and finished by saying "why r u using
> vger.rutgers.edu now".  WELL DUH!

> > So if it was a mistake, sorry for the post.

> > hp@redhat.com wrote:

> > > here is the site you wanted... http://SEX.Interactwithme.com it's the
> > one that
> > >gives you free membership access (all hacked) to abotu 300 membership
> > based sex
> > >sites. k bye...
> > > ps: why r u using chez.com now? it doens't make sence, anyway *bye*...

>       This is a dangerous site!  It is cybermined to damage systems.

>       Mike
> --
>  Michael H. Warfield    |  (770) 985-6132   |  mhw@WittsEnd.com
>   (The Mad Wizard)      |  (770) 331-2437   |  
http://www.wittsend.com/mhw/
>   NIC whois:  MHW9      |  An optimist believes we live in the best of 
all
>  PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of 
it!


> --
> To unsubscribe: mail gnome-devel-list-request@gnome.org with 
"unsubscribe"
> as the Subject.