bbs.spamgourmet.com

[DJA]

Right?

[SysKoll]

You assume right. This is a classic Windows virus.

Just for fun, I generally unzip them under Linux (which is impervious to Win32 malware) and analyze them with a hex editor. It's amazing what you can find in these. Once I found a virus that had a list of popular antivirus program names. Most probably to locate and stop them when it was run.

[crayy]

Ok. I got three of these in three days all to the same xoxy.net email address. I recently updated my resume on a job website and gave a new xoxy.net email address. Now I get three emails to that new address which look like they are coming from xoxy.net. The emails they are coming from are:

service@xoxy.net
webmaster@xoxy.net
administrator@xoxy.net

Each contained an attachment with a message of how important it is that I read the attached. Of course I know this is crap but I don't know how to figure out who it is.

The problem that I have is that when I review the header information the IP addresses all point to spamgourmet OR my email provider. Maybe I just don't know what to look for - very possible. How do I figure out who it is so I can complain?

[SysKoll]

The problem that I have is that when I review the header information the IP addresses all point to spamgourmet OR my email provider. Maybe I just don't know what to look for - very possible. How do I figure out who it is so I can complain?

Most spam these days is sent through zombified Windows machines (see http://en.wikipedia.org/wiki/Zombie_computer) -- another great contribution of Bill Gates to an unsuspecting mankind. So while you might, theoretically, start an investigation and find out the name of the clueless owner of the infected machine that spammed you (with considerable efforts and expenses), chances are you'll find that the owner is Aunt Emma, 78, whose grandkids gave her a PC with a DSL connection that got owned by a script 10 minutes after it was plugged in, and that she has no clue that having the DSL modem's "send" light blink furiously is not normal.

Throwing the book at her will only aggravate her, make you look like an evil sadist, and make spammers laugh. Not to mention that millions of other zombified Windows PCs are available to keep spamming you.

So if you want to complain, don't focus on the spam source. Focus on the address. Who leaked it? Who did you give this address to? What site is it? Is this address available to all visitors, or is it only available to the site owners? Please provide details.

[crayy]

Syskoll,

You are pobably correct. And I should be complaining to the website that I gave that address to.

I updated my resume at monster.com about a month ago. I received a couple of ligitimate emails over the next couple of weeks and then I receive the three virus laden scum emails within a few days of each other.

From what I understand, you can't view resumes on Monster unless you are a "registered" employer - and the cost is significant. So I don't think it was some email harvesting bot but rather came from one of the machines that sent me one of the legitimate emails. Probably they don't even know.

I know it came from my monster resume because I use this great program and correctly labeled my email address as monster.xxx.xxx@xoxy.net and that website would be the only place I would use such and email.

I changed my email address today so I will see if I get that crap to my new one. I should probably just accept the fact that there is nothing I can do about it and be greatful for the fact that I have this wonderful program and know that my "real" address will never be known

HOWEVER, are there any clues I can look at in the headers that I could provide to monster.com incase they have somebody that signed up an account for the pupose of harvesting emails?

[SysKoll]

I believe that your hunch is correct: one of the legitimate employers who viewed your resume on monster.com had a virus on his Windows machine. The virus promptly collected your email address and proceeded to either 1. transmit it to a spammer list server (collecting email addresses from harvester viruses), or 2. spammed your address.

In the case 1., there is nothing you can do, because the spammer machine is not the harvesting machine. In case 2, you can find the IP address of the harvester/sender in the Received fields, and with a bit of luck, you will find that this IP resolves to a domain name that matches one of the legitimate employers who emailed you.

You can then proceed to telling this prospective employer that he is a total looser and that his machine is a zombified piece of Microsoft crud, and that he couldn't recognize security if it hit his fat ass with a 2-by-4, and that...

... oh, wait, you're looking for a job, right?

See the problem with zombified Windows machines? You want to chew up their owner for being so clueless, but the owners have really done nothing wrong, so they have every reason to get upset if you give them the bitch-slap they so richly deserve.