automated social engineering at it's best (maybe?)

Derek Martin invalid at pizzashack.org
Tue Jul 27 13:08:00 EDT 2004 

Dear Abby,

> Dear user blu at sophic.org,

What, an ISP can't figure out who's attached to one of their e-mail
addresses and name them by name?  Should I be suspicious?

> Your account has been used to send a huge amount of spam during this
> week. 

Really?  Fascinating...

    $ telnet localhost 25
    Trying 127.0.0.1...
    Connected to localhost.
    Escape character is '^]'.
    220 thoth.sophic.org ESMTP Sendmail 8.12.8/8.12.8; Tue, 27 Jul
    2004 12:42:17 -0400
    helo me
    250 thoth.sophic.org Hello localhost [127.0.0.1], pleased to meet
    you
    mail from: invalid at pizzashack.org
    250 2.1.0 invalid at pizzashack.org... Sender ok
    rcpt to: blu at sophic.org
    550 5.1.1 blu at sophic.org... User unknown

On second thought, I really don't think so.

> Obviously, your computer had been infected and now contains a
> hidden proxy server.

Obviously, this e-mail is itself a virus.

> Please follow instruction in order to keep your computer safe.

Not likely.

> Best regards,
> sophic.org technical support team.

Right.  Oh, wait; that would be me, and I didn't send this e-mail.

So, anyone have any good procmail recipies for this bogosity?  I'm still
getting basically no spam, but what can you do when your friends don't
know how to take care of their PCs?  I think I got about a hundred
copies of this (or one of a few similar ones) in the last 3 days.
Sigh...

There's one with a total message size of ~39-40k.  There's another
with a message size of ~170k.  Recipies for these (or any other
annoyance virus) will be appreciated.

NOTE:  The address mentioned in this e-mail is one which I used only
to post to BLU, about 2 years ago or so (longer, I think actually).
So (in this case, at least) this virus is probably coming to me by way
of the infected PC of a (possibly former) BLU member.  

If you're cluless or lazy about keeping your PC in good health, you
might want to save your freinds' inboxes and check out some of the
links below...

All the security fixes that Microsoft has finally gotten around to
fixing in their spare time (it must be the right link, it comes up
completely blank in Mozilla):

  http://windowsupdate.microsoft.com/

Good free personal firewall software:

  http://www.zonelabs.com/

Good free (for personal use) Anti-virus software:

  http://www.free-av.com/

Thank you,
Annoyed In SK
  
[There was meant to be some humor in this message, albeit sarcastic.
If you didn't see it, try harder next time...  ;-)]

-- 
Derek D. Martin    http://www.pizzashack.org/   GPG Key ID: 0xDFBEAD02
-=-=-=-=-
This message is posted from an invalid address.  Replying to it will result in
undeliverable mail.  Sorry for the inconvenience.  Thank the spammers.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://mail.gnhlug.org/mailman/private/gnhlug-discuss/attachments/20040727/7ab1a2d8/attachment.bin

More information about the gnhlug-discuss mailing list