Something new from the spammers

[RHPConsult]

In my daily ration of spam, now that the frequency of messages promoting cheap Viagra are exceeding those promising amazing mortgage refinancing  (with, of course, the occasional “hot Russian chicks” item mixed in for good measure), I guess it’s time for some real creativity from the netherworld of e-correspondence.

I think I received one such, yesterday.

Under the heading Customer Order Nr. 12345-756-89 was a long, detailed and reasonably well-constructed "confirmation of an order" from some (hypothetical) woman in NJ for Mallory’s Marvelous Muffins to be delivered to someone in Whipstich, AK . . . or somesuch. No money is requested, after all this is just a “confirmation”.

Some muffins!  2lbs  for $29! Shipping = $8

It very closely resembles the kind of transaction confirmation one receives from any legitimate internet transaction.

It cries out, naturally, for correction: y’know Person C responds with the “helpful”  information that Person A’s order for Person B has been mistakenly sent to “C”. After all, we wouldn't want someone failing to receive their celebratory muffins.

And, b-I-n-g-o, they’ve got you on their list of confirmed recipients/addressees.

Oh yes,  it has an .exe file attached  

[Bruce_F]

Muffins! That is a new twist!

The other day, I wondered why more spam messages were getting through my Mail filter than usual. I checked and discovered that my spam filter wasn't even present! The rules I had in place to send spam to the trash were gone!

Oh well... I thought.

Now I have an even more strict rule set in place. If the sender is NOT in my address book, the message goes to the trash. I must scan the list to be sure I don't delete ligitimate messages, but it sure is working well.

[ljocampo]

OK guys this topic is perfect for:

http://www.spamgourmet.com

no muffin pun intended

 

[Paddy]

Er, Dick, I think what you received wasn't a new trick from a spammer, but something worse - yet another copy of one of the PC viruses that are clogging all our inboxes these days! I've had all sorts of weird emails - some of which have enabled me to trace and help the afflicted virus victim. A hallmark of the latest round of viruses, other than the ones that aren't hitching rides on email, is that they grab an old email out of the victims inbox and send it out, with an attachment that also looks like a random file from the victim's computer, other than it always carries an executable file appendage (.exe, .pif etc.) I recently received an email about an order for hats...but it was originally sent last December! Because the recipient of the original email was actually named in the email (not in the headers), I was able to contact him and let him know that he was again, or still infected. He'd been having problems for a while.

That's my suspicion, anyway. Have a closer look at the email, if you still have it. It may yield further clues. Or it really might be some diabolical new twist, though I doubt it. Mallory's Marvelous Muffins really exists, BTW. http://www.muffinlady.com/ - and they really don't look like the sort of company that has resorted to spamming to get more customers.

[Gary S]

Is the only way a spammer can get verification or confirmation of your email address by
responding?

I delete all mine at the server but I'm still getting more and haven't responded. I got 43 this morning and 14 just now.

[Paddy]

Gary - in a word, no. There are ways of putting images and scripts in HTML emails that allow your email to be harvested or confirmed, simply by opening the email. (so deleting them off the server without opening is a good idea)

See:

http://www.computerbytesman.com/privacy/cookleak.htm and
http://www.delux.com/articles/HTMLmail.html

But I have to ask...how did you end up getting so much spam? Is your email addy readily available somewhere online? I think if I was getting as much as you seem to be getting, I'd seriously consider changing my email address! I saw an interesting thing at Comcast the other day (which may only apply to Comcast - not sure how other companies do it). In their user forums, one user strongly recommended never actually using your primary account for email (except with Comcast) - because you cannot easily change your primary account ID, while it is easy to change any of your secondary account ID's. A little too late for me, but it's a good suggestion. I don't know if Charter will allow you to change your email address, but it's the best way I know of starting over "spam-less". Then, NEVER, EVER sign up for anything (look for all the fine print at the bottom of order pages when doing online buying - make sure those "send me special offer emails from your affiliates" boxes are all UNCHECKED! Note- most reputable online retailers like Amazon don't sell their lists - I haven't had any problem with spam that I can trace to dealing with the "big guys".), make sure any place your email addy is online that it is protected by any of the various methods of encoding/Javascript etc., and that anywhere else you post, your email address is not readily available.

[RHPConsult]

Gary S:

I don't think so, but I'm surely not sure.



Paddy

I'm clueless as to how to decipher headers. Have never figgered 'em out.

What you say makes great sense, however.

The last time I got such a message it was from the CEO of a multi-billion dollar enterprize. So, I wrote him and quickly got grateful word from his secretary that they had found the infection.

The sender of "the order" was simply email@aol.com. Looked fishy to me, but since I failed to search out those marvy muffins, I misinterpreted the "cause"

I'll copy the header, if that's OK with you (and "virus-free") and then e-mail it only to you. If you think it useful for me to notify someone - - whose identity, presently, I can't determine why I'm in his/her address book - - I'll be happy to do so.

Is it "safe" for you to help me in this circumstance?

[krissel]

Looking at the muffin site... I saw the prices on the gift baskets and think the 2lbs for $25 is a bargain.

 

I also noticed the "company" is located in Basking Ridge, NJ which is the town next to mine. Hmm, I wonder if they are breaking any residential or food handling  codes by selling out of their house? (I looked up the address in Mapquest and saw it is a residential neighborhood.)

 

[RHPConsult]

If they have a Day-Old Department, Kris, you outta drop by to see what the "seconds" taste like!

[Paddy]

Sending me the headers is safe, Dick, but probably not much help. The latest bunch of viruses do such a thorough job of "spoofing" the sender info, that it's generally useless info to those of us without access to server IP logs. The identifying info in the email that I received was the person's name - in the body of the email. The other time I got the virus from him, it was in an email that had spoofed the header to make it look like it originated from his brother. He had an unusual enough last name that it was a fairly obvious leap (and the actual email was something I'd sent out to my email list, so I KNEW that the victim was one of the 152 people on it!).

If there is an email address for the person who ordered the muffins in the body of the email itself, then you might want to send her an email, or ask Mallory's to do so (they should be able to trace it via the order number), since the customer is no doubt the source of the virus. Or you could just ignore it, since the person is unknown to you (and why give a stranger with a virus your email addy?? )

As to how you got into this person's email address book...it could be something like one of those mass-mailed funny stories or hoaxes. A lot of people don't send things to an undisclosed list of recipients - and these things that keep getting forwarded can become quite a repository of email addys - of people several times "removed" from you. It's actually one of my pet peeves, as it makes MY email address less secure when people do this.

[ljocampo]

If you guys are getting a lot of spam, you should check out the services of

http://spamgourmet.com

[Gary S]

Paddy,
My email address is private on all the sites I visit, that I know of, even TS.

I've thought of changing it.

[Mayo]

Gary, any chance you registered a domain name?  That's where my SPAM got its start; apparently the WhoIs info was harvested.  I now use a company as my proxy for domain registration, dropped the offending e-mail addresses and VOILA!, maybe three pieces of spam in the past six months.

As far as protecting your e-mail address, I heartily endorse the services of PO Box.com

I have used their services for years and find it invaluable for managing my e-mail.  It's simple to create and change e-mail addresses, and no one will ever know your ISP e-mail address, unless you tell them, of course.  $15/year for up to three e-mail addresses.  A Real Deal...

[Gary S]

Mayo,

I've never registered a domain name. I'll check your link out.

[RHPConsult]

OK, OK, Paddy. You certainly aroused my curiosity.

So I looked at the delicious Mallory's web site and then sent along the information (order number, customer name and phone number) asking that they contact her with an alert re: the possible "infection" she's passing around . . . well, I didn't quite put it that way.

One more curiosity. The e-addresses of both cusstomer and recipient (in NJ and TN) were identical . . . and located in earthlink. Does that suggest anything about sources . . . of anything?



So whatever now happens is all your fault.