[all] Craig Mcc turned spammer? :-)

[Simon Kitching <si...@ecnetwork.co.nz>]

Hmm..

On Tue, 2004-04-13 at 18:01, craigmcc@apache.org wrote:
> Please have a look at the attached file.

Sorry, Craig, but the pif file you attached won't run on my Debian
machine. Could you please re-write this in "bash" :-)


---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org

Re: [all] Craig Mcc turned spammer? :-)

[Craig McClanahan <cr...@apache.org>]

Simon Kitching wrote:

>On Tue, 2004-04-13 at 18:21, Craig McClanahan wrote:
>  
>
>>Simon Kitching wrote:
>>    
>>
>>>On Tue, 2004-04-13 at 18:01, craigmcc@apache.org wrote:
>>>      
>>>
>>>>Please have a look at the attached file.
>>>>        
>>>>
>>> 
>>>
>>>      
>>>
>>I would be glad to if I'd actually sent it :-).  Of course, it was 
>>forged ...
>>    
>>
>
>Yeah, but it raises some interesting questions.
>
>Was this sent to me directly, or did it go to the list?
>
>  
>
I've seen a bunch of these on the various lists I subscribe to.

>If it went to the list, was it an accident that an address which was
>already subscribed to the list was used, or are spammers/viruses now
>deliberately doing that in order to avoid the "subscribers only" nature
>of this list? If the latter, then we could be in trouble. I don't think
>this is the case, though, as the email did not have the mime headers
>such as "List-Id" which would have been done automatically by the list
>server.
>
>  
>
I suspect the virii aren't quite that smart.  It seems more likely that 
many people have the email address of mailing lists they are subscribed 
to in their address books, and the random combination of 'from' and 'to' 
will often pick a combination that the list will send on through.  Also, 
more recent virii have started harvesting readable text files on 
infected computers as well, not just address books.

For the record, I'm a moderator on COMMONS-DEV and routinely reject 
150-200 non-subscriber posts like this every single day.  So it's 
certainly not using only valid subscriber combinations.

>But if it went to me directly, then the odds of a randomly-chosen email
>address being Craig's one is pretty small, so presumably some app has
>tracked the email addresses of people who send emails to me, and is
>deliberately choosing a "familiar" sending address when sending me the
>virus. This isn't a pleasant prospect either. Or is this something that
>has been going on for a while that I just haven't noticed?
>
>  
>
Actually, the algorithms being used are both stupider and smarter than 
that.  The "stupider" part is that an address with which you've ever 
interacted is likely to be one that someone else who gets infected with 
has also interacted (I'm up to >500 per day on my Apache email account 
again; thank goodness for Spam Assassin :-).  The "smarter" part is that 
harvesting doesn't only happen on the infected machine; some of the 
virii share the bounty that they've harvested with others; particularly 
when they successfully infect new machines.

>I'm not in favour of the death penalty, but I could be persuaded to make
>an exception here......
>
>Regards,
>
>Simon
>
>  
>
Craig


---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org

Re: [all] Craig Mcc turned spammer? :-)

[Simon Kitching <si...@ecnetwork.co.nz>]

On Tue, 2004-04-13 at 18:21, Craig McClanahan wrote:
> Simon Kitching wrote:
> >On Tue, 2004-04-13 at 18:01, craigmcc@apache.org wrote:
> >>Please have a look at the attached file.
> >
> >  
> >
> I would be glad to if I'd actually sent it :-).  Of course, it was 
> forged ...

Yeah, but it raises some interesting questions.

Was this sent to me directly, or did it go to the list?

If it went to the list, was it an accident that an address which was
already subscribed to the list was used, or are spammers/viruses now
deliberately doing that in order to avoid the "subscribers only" nature
of this list? If the latter, then we could be in trouble. I don't think
this is the case, though, as the email did not have the mime headers
such as "List-Id" which would have been done automatically by the list
server.

But if it went to me directly, then the odds of a randomly-chosen email
address being Craig's one is pretty small, so presumably some app has
tracked the email addresses of people who send emails to me, and is
deliberately choosing a "familiar" sending address when sending me the
virus. This isn't a pleasant prospect either. Or is this something that
has been going on for a while that I just haven't noticed?

I'm not in favour of the death penalty, but I could be persuaded to make
an exception here......

Regards,

Simon


---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org

Re: [all] Craig Mcc turned spammer? :-)

[Craig McClanahan <cr...@apache.org>]

Simon Kitching wrote:

>Hmm..
>
>On Tue, 2004-04-13 at 18:01, craigmcc@apache.org wrote:
>  
>
>>Please have a look at the attached file.
>>    
>>
>
>Sorry, Craig, but the pif file you attached won't run on my Debian
>machine. Could you please re-write this in "bash" :-)
>
>  
>
I would be glad to if I'd actually sent it :-).  Of course, it was 
forged ...

Gotta admire the determination of spammers, though.  I started getting 
some spam today with "Return Receipt Requested" enabled.  Cute trick for 
confirming that an email address is actually valid.

Craig

>---------------------------------------------------------------------
>To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: commons-dev-help@jakarta.apache.org
>  
>


---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org