On Tue, 2004-04-13 at 18:21, Craig McClanahan wrote:I've seen a bunch of these on the various lists I subscribe to.
Simon Kitching wrote:
On Tue, 2004-04-13 at 18:01, [EMAIL PROTECTED] wrote:I would be glad to if I'd actually sent it :-). Of course, it was forged ...
Please have a look at the attached file.
Yeah, but it raises some interesting questions.
Was this sent to me directly, or did it go to the list?
I suspect the virii aren't quite that smart. It seems more likely that many people have the email address of mailing lists they are subscribed to in their address books, and the random combination of 'from' and 'to' will often pick a combination that the list will send on through. Also, more recent virii have started harvesting readable text files on infected computers as well, not just address books.If it went to the list, was it an accident that an address which was already subscribed to the list was used, or are spammers/viruses now deliberately doing that in order to avoid the "subscribers only" nature of this list? If the latter, then we could be in trouble. I don't think this is the case, though, as the email did not have the mime headers such as "List-Id" which would have been done automatically by the list server.
For the record, I'm a moderator on COMMONS-DEV and routinely reject 150-200 non-subscriber posts like this every single day. So it's certainly not using only valid subscriber combinations.
Actually, the algorithms being used are both stupider and smarter than that. The "stupider" part is that an address with which you've ever interacted is likely to be one that someone else who gets infected with has also interacted (I'm up to >500 per day on my Apache email account again; thank goodness for Spam Assassin :-). The "smarter" part is that harvesting doesn't only happen on the infected machine; some of the virii share the bounty that they've harvested with others; particularly when they successfully infect new machines.But if it went to me directly, then the odds of a randomly-chosen email address being Craig's one is pretty small, so presumably some app has tracked the email addresses of people who send emails to me, and is deliberately choosing a "familiar" sending address when sending me the virus. This isn't a pleasant prospect either. Or is this something that has been going on for a while that I just haven't noticed?
CraigI'm not in favour of the death penalty, but I could be persuaded to make an exception here......
Regards,
Simon
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
