interesting spam problem.

[resopalrabotnick]

i have some domains registered, and one of them is now receiving a bunch of return to sender messages and recipient away from desk notifications supposedly in reply to e-mails sent from the address info@<snipped name>.<snip> the interesting part is of course that the address given as the originator of the message is in one of my domains, and that address doesn't even exist as a mailbox, i just receive them because they get caught by the catchall for that domain.

what is slightly worrisome to me is that these e-mails supposedly sent by my domain carry the subject and attachment 'e-mail: just try it...' now, of course this sets all my bells and whistles off, screaming trojan/virus/malware whatever. i know for a fact that none of my comps was on in the timeframe these messages were supposedly sent, at least not all the time, so i'm fairly sure that it is somebody spoofing my data to spread whatwever that attachment is. i have searched for it, but to no avail, does anyone have any info on this new wrinkle?

[ROM-DOS]

resopalrabotnick,  It's getting harder to monitor all the adware and spyware which can be distributed by 'piggybacking' on legitimate downloads and the phishing of unsolicited e-mail that pretends to be from a legitimate source but actually tries to steal personal information.

We also need to more aware of keyloggers installing on our computers.

Password-stealing keyloggers skyrocket

http://www.channelregister.co.uk/2005/11/18/keylogger_growth_survey/

So far this year I've caught 2 keyloggers, 5 adware/spyware programs, and 1 Virus ~ on my computer! . . .and those snuck on passed all the real-time/on-line scanners(9 always active) I have running and my firewall!

Keep us posted if you find out what the surreptitious malware is or doing!

[resopalrabotnick]

i looked at the headers of several of the returned mails and found out, which actually jives with what my hoster for the domains/mail addies tells me, that the mails were sent via a third party mail server that was apparently unsecure enough to let someone massmail on it with a fake from.

as to malware, that is not the problem, and i still have not checked what the mysterious attachment is. (and honestly, i have no real intention of doing so. why bother dl'ing content that i know is fishy.) if someone else wants to take a poke at it and see what it is out of morbid curiosity, pm me with your e-mail and i'll forward you as many of the bounces with attachments as you want. trust me, i got plenty of em in the webmailer...

as for measures i'm taking, well, nothing i can do, somebody used somebody elses mailserver to spam, i got stuck with the bouncebacks. my hoster said that examining the headers can yield info as to who and when from where, but if the guy is spoofing his return address, then i guess his ip will also be covered up or it will be a throwaway stolen account used to do the mailing.

no way to protect against that except making sure that any mail server someone may feel inclined to run should be up to date concerning patches and the like.

how do i feel about this? it sucks to see not only <quota full> bouncebacks bnut bouncebacks with out of office notices. <yeah, i received your spam and will get to it on the so and so date when i return.> all with MY address. would like to see the damned spammer strung up by his balls is what i'd like to see. pour encourager les autres.

[water]

damn, you must feel so violated :/ I'm sorry - bastards have no lives....