Received virus and/or spam that created it's own address

General discussion re sg.

Received virus and/or spam that created it's own address

Postby Scott » Fri Mar 26, 2004 3:08 am

I received an e-mail sent to 4.20.username@xoxy.net

I did not create this address and the message appears to be a virus since it has an attachment to it. The e-mail text is:

I have attached the sample.

+++ Attachment: No Virus found
+++ MessageLabs AntiVirus - www.messagelabs.com


A zip file was attached. I can't see any way that this message could have been sent short of someone creating the address to the proper spamgourmet format. I may have to implement a watchword. Has anyone else seen this?
Scott
 

Postby SysKoll » Fri Mar 26, 2004 4:11 am

That's the NetSky.p worm. See a description here:
http://www.f-secure.com/v-descs/netsky_p.shtml.

I don't understand how the worm creates the email addresses when it tries to propagate. It's probably largely random. However, according to that report on F-Secure's site, the worm avoids sending itself to addresses containing @spam. So the funny thing is, @spamgourmet.com addresses are safe!
-- SysKoll
SysKoll
 
Posts: 893
Joined: Thu Aug 28, 2003 9:24 pm

spammers generate new addresses for you

Postby Ferdi » Mon Jul 19, 2004 9:32 am

I had a fright when I was spammed on a new SG address that I did not create or gave out. I thought the spammer knows how to generate new SG addresses from harvested examples!! But it seems to have been a bug in the spam s/w that truncated the first part of my address.
E.g.
I'm using "thelist.myname@dfgh.net" with an exclusive sender to that address. (The address is being spammed a lot from harvesting our list.)
The spam that got thru was sent to "st.myname@dfgh.net"

Possible future problem:

Spammers might in future generate their own versions of addresses. My suggestion would be to allow us to increase security by generating new addresses ONLY if the new address is generated by mail from the forwarding address. This will mean that I can have to send an e-mail to my new address from my forwarding address before the list/site/shop can use the new address.
Ferdi
 

Postby xdcdx » Tue Jul 20, 2004 2:12 pm

Spammers might in future generate their own versions of addresses. My suggestion would be to allow us to increase security by generating new addresses ONLY if the new address is generated by mail from the forwarding address. This will mean that I can have to send an e-mail to my new address from my forwarding address before the list/site/shop can use the new address.


I think this is a really useful suggestion and a great alternative in addition to watchwords, which can make email addresses a bit ugly.
xdcdx
 
Posts: 37
Joined: Mon May 10, 2004 10:56 am

email management of spamgourmet addresses

Postby nsomos » Thu Jul 22, 2004 6:39 pm

I can see it now. If you are set to high security
(beyond watchwords) you send an email address from your
actual account to the address you want to create.

This could also work for the management of addresses.

Contents could be things like
"reload" or "reload 10"
to add the maximum, or 10 additional replies.

Alternate contents could be things like
"send-status" to get a status report

or
"add trusted foobar@whatzit.com"

or
"help"
to get a response of possible email spamgourmet
management commands.

Any of these could be in the subject line instead.
neal
nsomos
 
Posts: 10
Joined: Wed Jun 23, 2004 3:06 pm

Postby Guest » Fri Jul 23, 2004 8:05 am

If our founders do add an 'enabling by email' mechanism, I recommend that they also include an option to operate as we do now, without the enabling email.

It is extremely valuable to be able to create a disposable address without computer assistance, with only the use of pencil and paper. If an enabling email were always required, and if a new contact were to use a new disposable BEFORE I was able to activate it, messages would be lost, and I would have no record of them. I am willing to suffer with the watchword method, since I don't need a computer to use a watchword.

If the other posters in this thread want to control disposable creation by computer, and are willing to give up the ability to create a disposable WITHOUT a computer, I would recommend they use either of spamgourmet's competitors:

http://spammotel.com/

which uses a cut-and-paste interface; and

http://sneakemail.com/

With appropriate account settings, disposables from these services only function if activated deliberately and in advance by the user.
Guest
 

PREFIXES will do exactly what you want!

Postby jbs » Tue Aug 03, 2004 6:19 am

I started to write a couple of other options to allow for account security without having to end up with ugly addresses, but then I realized there is already the capability of doing exactly what you want to do.

It's called "prefix" and it's an SG feature in the advanced mode.

Watchwords are required to be PART of the address-word, and they will always be part of that word. Prefixes are different, in that they are ONLY required to ESTABLISH a new address. Once established, you don't need the prefix to send to an existing address.

Here's how this solves your problem. Set up a prefix, consider it to be a second SG password, something that you will never tell to anyone else. In James Bond fashion, I made mine "prefix". :D

Now, whenever you want to create a new email address, instead of the suggestion below of sending a starter message from the account's own forwarding address (which requires new programming from SG) all you do is send an address from ANYWHERE to the address:

PREFIX.DESIREDWORD.NUMBER.USERNAME@SPAMGOURMET.COM

SG receives the message, establishes the new address, and you then give just:
DESIREDWORD.NUMBER.USERNAME@SPAMGOURMET.COM

or even

DESIREDWORD.USERNAME@SPAMGOURMET.COM

to your new correspondent. Because they are now writing to an existing email SG address, they don't need the prefix. And since there is no way a Spammer would ever have access to your prefix word, there is no way for them to establish new addresses. If your prefix word ever leaked out (unlikely, but maybe sending from an unsafe internet cafe PC) you just change the prefix word. Again, changing the prefix has no effect on existing SG addresses.

I'm actually quite excited about this feature, and had forgotten about it for a long time . . . thanks for the discussion that brought it back to mind!

--Jason

P.S. One thing to keep in mind -- I usually just use word.username@xoxy.net for my addresses, I like the way they look better than the number format. That won't work with the FIRST email to an address, since:
PREFIX.DESIREDWORD.USERNAME@SPAMGOURMET.COM

will be interpreted as
PrefixString = none
Word = PREFIX
Number = 4 (Desired starts with D, the 4th alpha character)
Username = USERNAME

And since you've enabled prefixes, it will eat the mail (unless the word PREFIX happens to be an existing SG address already) but it will not set up a new address with that format. Once you've established it, though, you can go back to WORD.USERNAME@xoxy.net to give to your webform/correspondent/contest etc.


P.P.S. In case you're interested, here are the other suggestions I was working on before remembering prefixes . . .


1. Since the proposed "starter email" would require access to a computer anyhow, you could briefly disable the watchword any time you wanted to start a new address. Log in to SG, turn off the watchword, send your starter email (from ANY email account) to establish the address as an SG address, then turn watchword back on.

2. If youw ant to have addresses available "on the fly" you could create several in advance, maybe jot them in your Palm (or whatever) and then keep watchword enabled.

3. Pick just a letter or two for your watchword, like x or y or q, such that most spammers won't happen to send to a word that works, but you'll still have lots of aesthetically pleasing options to choose from. This is the most "spontaneous" solution, not requiring timely access to a PC.
jbs
 
Posts: 36
Joined: Fri Jun 18, 2004 4:51 pm

Re: PREFIXES will do exactly what you want!

Postby Mel » Wed Aug 04, 2004 2:11 pm

That's exactly how I used to use prefixes with a spamgourmet account I use in newsgroups, it worked very well. :D


But being too lazy and forgetful :oops: to send myself an email each time I wanted to create a new address, I'm now using a single watchword (after I read in this forum that regular expressions were supported) to block any new address that starts with a number this takes care of the current batch of these address creating viruses.... until those responsible catch on. :shock:

^[^0-9]+

It might be kind of nice to have an option on the advanced page so that uses can create "advanced" watchwords without delving into regular expressions.

Eg being able to specify that new addresses must/must not :-

start with xxxxxxx,
contain yyyyyyy,
end with zzzzzzz.

and have it convert it into a regular expression.

Regards Mel
Mel
 


Return to General Discussion

Who is online

Users browsing this forum: No registered users and 20 guests

cron