Humor Email spam/attacks... they are getting really tricky

[Bj]

I just finished finalizing my install of Win 7 and just installed AVG only a few hours ago, and this ended up in my mail from [email protected];

Dear customer!

We were not able to deliver the postal package you have sent on the 18th of January in time because the addressee's address is not correct.
Please print out the invoice copy attached and collect the package at our department.

United Parcel Service of America.

the attached file was removed and replaced by either AVG or my colleges email scanners. It said;

UPS_postal_document_897.zip: A virus was detected on this attachment and could not be cleaned. The infected attachment has been deleted for your safety.

1st, I never sent anything by UPS ever in my life :lol: let alone 18th of Jan.
2nd, If they would send an 'invoice' it would be by PDF not by ZIP, logically.

I feel sorry for the people that actually do fall victim to these malware attacks.

Anyone else have some interesting spam stories?

 

[Andy44]

For some reason I don't get much spam on my home email address, but the company I work for occasionally gets bombarded with it to all employee email addresses.

 

[Enjo]

Hah! I also feel sorry for people regarding spam. At my job people complain that they get too much of it, while on our webpage you, and all the robots, can get their email addresses in plain text.

 

[Urwumpe]

I just finished finalizing my install of Win 7 and just installed AVG only a few hours ago, and this ended up in my mail from [email protected];

No, it just pretends to be from there, the address can be chosen by the sender, which is why it is smart looking into the full header, which contains the servers over which the email traveled.

I had for some time my own SF email account sending me Spam, was pretty annoying to teach the spam filter to explain that I don't tell myself about Viagra.

 

[garyw]

I've had the same email and it's an exe inside a zip. What scares me most about this is that ISPs are still allowing the sending of .exe files.

Oh and a PDF can also contain malicious code. Adobe have had their fair share of security vulnerbilities as well.

One final thing - why would UPS send an email when they already have your address? I mean they tried to deliver something so why would they go all the way back to the depot then fill out an email?

But then I'm generally suspicious.

 

[Enjo]

No, it just pretends to be from there, the address can be chosen by the sender, which is why it is smart looking into the full header, which contains the servers over which the email traveled.

Since Urwumpe mentioned email header, you may suddenly note that it contains Spamassasin's info, which tells if it's spam or not. Then you just have to use built in Junk email handling in Thunderbird or similar.

 

[RisingFury]

I've had the same email and it's an exe inside a zip. What scares me most about this is that ISPs are still allowing the sending of .exe files.

You'd allow someone to scan everything you send and recieve and prevent you from sending it? Ouch...

I think the reason they don't do it, is because viruses aren't hidden only in exe's... If you wanna take out the portion of files that is most commonly a carrier, then you're gonna take out a large portion of the popular formats.

Besides... not sure how many people actually check the extension. If you're not careful enough to recognize a spam when you see it, then you probably won't recognize a virus infested file either - regardless of how many clues it offers.

 

[garyw]

You'd allow someone to scan everything you send and recieve and prevent you from sending it? Ouch...

It already happens. If you email a copy you'll be going through that companies mail servers and I'd be stunned if they didn't do some sort of checking.

Besides, SMTP is plain text. There is no security there and as such, yes, it should be scanned.

A virus or exploit can be hidden in a number of clever ways. .exe is just one of the older yet more common formats.

 

[Enjo]

For ClamAV for example, it's not a problem to scan more types of attachments (if not all?).

SMTP itself may be plain text, but if during hosts negotiation the client which wants TLS detects it on the server, the remaining part of transfer, including authentication and data transfer, is encrypted.

And while we're talking about fighting spam, there's also a good method called greylisting: the server requires that the client resends its message, assuming that spammers send emails only once. It slows down the transfer, but legitimate servers will always pass this test, while that of spammers rarely do.

However these 4 methods (including Spamassasin) must be used at the ISP's end, and if someone doesn't use this, he's not a a serious ISP, because it's all really easy to setup and very 21st Centurish

 

[Urwumpe]

I still want to be able to email new SSU modules through the world... I think one of the biggest problems is, that client-side spam filters don't even warn if the domain of the claimed source differs from the domain of the real source. While this can technically happen from a good source, this is rare enough to justify alerting the user, unless the server is white-listed.

 

[garyw]

E-Mail is still based on the original trust model from the 1960's. There have been several attempts to rewrite the rules on email but all have failed.

Personally, I'd like to have email used for just plain text communications and have items downloadable from a website as I'm fed up of seeing HTML emails where the actual content size is smaller than all the stuff thats required just to render the page.

 

[RisingFury]

Personally, I'd like to have email used for just plain text communications and have items downloadable from a website as I'm fed up of seeing HTML emails where the actual content size is smaller than all the stuff thats required just to render the page.

But it has to look flashy and cool!!!!!!!!!! But!!! But...

 

[clive bradbury]

Has anybody had this one?



It contained an attachment in jpeg form.

How would they know that I was the owner of the site? Hacking.
Do I own a site? No.

This one seems to be a straightforward case of SPAM. The company exists (in Manchester), and so does Tim Marshall. However Google maps shows his 'business' address to be a scruffy terraced house in Birmingham. That leads me to suspect that he is just 'cold calling' via e-mail, rather than actually hacking anything.

Marshall is probably on a 'commision only' agreement with the main company. Sends out mail en masse then goes back to watching the Jeremy Kyle show until someone replies.

 

[cjp]

I've had the same email and it's an exe inside a zip. What scares me most about this is that ISPs are still allowing the sending of .exe files.
[..]
But then I'm generally suspicious.

What scares me (or, more precisely, annoys me) is that some ISP do block some extensions (such as .exe). In a previous job I used to regularly send the result of my work (which was an exe file) per e-mail. I always had to put it in a zip file, because that was apparently the way to fool the email system into accepting the attachment.

For political reasons, I think it is wrong to let the ISP do any filtering. Filtering should be done on the end user's computer, where it can be controlled, down to the physical level, by the only person who has the right to control it.

OTOH, it is OK if the ISP adds meta-information to suspicious e-mails, to assist the end-user in filtering. I can imagine that the ISP has relevant information (e.g. whether the same e-mail has been sent to large numbers of other users) which allow for better Spam detection.

And, as has been mentioned before, simple automated filtering (such as based on file extension) doesn't work, and may even give a false sense of security. It's better to have real detailed filtering by a virus scanner with frequent virus database updates.

Even better than that is having a computer system that is designed with security in mind (e.g. which doesn't automatically execute code from e-mails (at the cost of some 'user-friendliness'), and which uses modern security features at processor and OS level), and which is frequently updated to fix security-related programming errors.

 

[Enjo]

For political reasons, I think it is wrong to let the ISP do any filtering. Filtering should be done on the end user's computer, where it can be controlled, down to the physical level, by the only person who has the right to control it.

If I were an ISP, then I would do anything not to let the dumb users (80% of all users?) get infected and send spam further. Mainly because now their spam would have the IPs from my range, which denotes me as a spammer now. If an abuse is reported for the dumbos' IPs, then I'm responsible to react anyway. Even if don't need to, or don't want to, then I loose IPs and put dirt on my name, which makes me poorer

Also, I'd do it because I do care (and not about reading sb's emails), and as I said, it's easy to setup and update, so I'm not loosing anything.

 

[Urwumpe]

Well, then just allow only messages from cryptographically sound sources on your email servers. The needed extensions for the DNS protocol are already around AFAIR, to filter incoming emails quickly. And whitelists/blacklists could also be applied easily there.

It is not needed to look into the emails for that, you only need to look if the emails have a proper "stamp" on them.

 

[Enjo]

And what about currently whitelisted script kiddies for one thing?

 

[Urwumpe]

And what about currently whitelisted script kiddies?

Because kiddies could steal cars for airbagging, do you want to ban airbags?

 

[Enjo]

No, because oranges are not apples

 

[Urwumpe]

No, because oranges are not apples

See. And who are we to tell oranges and apples apart as ISP. :lol:

Boxes are not opened and the fruits tasted to be sure that no apples are transported as oranges.