net security. just a comment from your moderator

folks, this is a bit off topic, but perhaps not totally, if you're jewelers
using the net...

Well, that's a stretch. But this may be important.

Just a heads-up notice to be VERY careful with your email.

Today I think my incoming email, on several account names, not all of which are
widely published, was filled with many multiples of dangerous emails. And
there were a fair number addressed to the group as well, which is unusual.

There were a whole slew of various messages purporting to be from microsoft,
claiming to contain the latest security update patches. All of these came from
different addresses, with various text bodies.

Be aware, if you're not already, that microsoft NEVER emails security updates or
software patches. You always have to sign in to their web site to update
windows or other software. All these types of emails contain various virus or
worms or other such nasties.

And there was a very convincing email from paypal. Even the return addresses
seemed right. I had to trace the path headers to be sure it was fraudulent,
which isn't obvious when servers are listed in numerical form. It claimed that
my account had been randomly chosen as part of new security measures, and this
required me to re enter my profile information (which of course is name,
address, phone, and bank info, etc.) It provided a helpful link to click, which
took me to a web page which was identical in appearance to the paypal site,
except my browser showed a URL that doesn't match those of the paypal servers.
Had I fallen for this and entered that info, who knows who'd now be happily
running up my credit cards, or whatever else.

The paypal site will tell you that they NEVER send emails requesting any
sensative information. And if you do feel you are supposed to do so, get to
their site by following your own links in your favorites list, not the link in
such an email.

And then there were literally dozens of emails looking like bounced messages
from various postmasters, claiming an undeliverable message. Except these were
all messages in HTML, with imbedded runnable files. If I were using outlook
express for email, these might look normal enough, and might have run
automatically. All of these were infected with one or another nasty entitiy.

Be aware that any such emails from postmasters are always in plain ascii text,
not HTML, even from AOL or Microsoft servers. And if you don't recognize the
message from the headers, be very careful about opening it in Outlook, or other
mail readers that will automatically run any imbedded code. It's one of the
reasons I like Agent news and mail reader, aside from it's being the only one I
can use to moderated the group, since it knows how to use approval headers. But
it also allows me to easily check out an email message without any imbedded code
being run unless I specifically start it.

Anyway. PLEASE BE CAREFUL OUT THERE, FOLKS. THE BAD GUYS SEEM BUSY JUST NOW...

And with some, like that fraudulent paypal message, the potential for damage
goes way beyond crashing your computer. Install good virus checking software,
and keep it up to date. Install a good firewall. And be very suspicious of any
mail you weren't already expecting.

Peter Rowe
moderator
rec.crafts.jewelry

Yepper got 35 or more of these myself today. Great fun huh?

Robert
"Peter W. Rowe" wrote in message
...
folks, this is a bit off topic, but perhaps not totally, if you're
jewelers
using the net...

Well, that's a stretch. But this may be important.

Just a heads-up notice to be VERY careful with your email.

Today I think my incoming email, on several account names, not all of
which are
widely published, was filled with many multiples of dangerous emails.
{snip]

"news4.bellatlantic.net" wrote:

Yepper got 35 or more of these myself today. Great fun huh?

Robert
"Peter W. Rowe" wrote in message
...
folks, this is a bit off topic, but perhaps not totally, if you're
jewelers
using the net...

Well, that's a stretch. But this may be important.

Just a heads-up notice to be VERY careful with your email.

Today I think my incoming email, on several account names, not all of
which are
widely published, was filled with many multiples of dangerous emails.
{snip]

I have gotten about 300 yesterday and about 200 so far today.

Oh the joys of email!

Abrasha
http://www.abrasha.com

"news4.bellatlantic.net" wrote in message
...
Yepper got 35 or more of these myself today. Great fun huh?


80-odd for me overnight. And then a further 20 this afternoon. Really annoying
when wanting to do
other things as well on a dialup account as many of them are over 150kb and take
a while to download
and for my anti-virus scanner to check them individually.

Dale Porter

Thanks Peter and Abrasha for your input.I thought it was just me getting
them!! Ive had 100 so far today. However the quickest way I find to get
rid of them is not to download them atall. I use Mail2web or Mail washer
which only downloads the headers. then I delete them from my isp
server. So much faster. Any one else have any ideas? how to deal with
this latest spamming? I think they are trying to bring the www email
service down.

Dale Porter wrote:
"news4.bellatlantic.net" wrote in message
...

Yepper got 35 or more of these myself today. Great fun huh?



80-odd for me overnight. And then a further 20 this afternoon. Really annoying
when wanting to do
other things as well on a dialup account as many of them are over 150kb and take
a while to download
and for my anti-virus scanner to check them individually.

Dale Porter

I use a free application called "Mailwasher" to delete e-mail from the
server without having to even download it. It's not difficult to
determine which e-mails to delete. Try: http://www.mailwasher.com

Arnold

Arnold wrote:


I use a free application called "Mailwasher" to delete e-mail from the
server without having to even download it. It's not difficult to
determine which e-mails to delete. Try: http://www.mailwasher.com

Arnold


It's http://www.mailwasher.net/

And I think MailWasher is rather useless.

I had it on my PC for a month, and I still was adding domains to block that send
spam. By the time I was up to over 700 domains and still having to add new ones
every day, i decided that this was yet another useless attempt at spam blocking
software.

I am seriously considering getting a new G5!

Abrasha
http://www.abrasha.com

On Sat, 20 Sep 2003 13:08:54 -0700, in rec.crafts.jewelry Abrasha
wrote:

And I think MailWasher is rather useless.

I had it on my PC for a month, and I still was adding domains to block that send
spam. By the time I was up to over 700 domains and still having to add new ones
every day, i decided that this was yet another useless attempt at spam blocking
software.

My ISP, earthlink, has an automatic filter that moves "known spam" to a seperate
file folder. You can also activate a service that's like mailwasher, only in
reverse. You tell it all the addresses or domains from which you will accept
mail, and everything else goes into a "suspect" folder. This presumably keeps
your inbox clear of anything that could be spam. The downside, of course, is
that you've got to anticipate everything that isn't spam, or go and specifically
allow good addresses as they get to your "suspect" file, so that subsequently
they'll be recognized. For me, moderating the newsgroup, that just doesn't work
so well, so I've not activated that higher level. The interesting this is that
the automatic one, which should recognize "known spam", so far has picked out
only four of these recent spams purporting to be microsofts latest security
updates. A quick look at the recent batch of a hundred and twelve of them (in a
six hour period) shows why. They're all at least slightly different. No two
senders match exactly. I've very rare to find two from the same address. I
don't know how this compares in severity to previous internet attacks, but
certainly from my persective, this one is by far the worst. It's the first time
I've ever seen this volume of infected files or spam attemps of any sort. I'd
guess the poster who thinks this is an attempt to seriously compromise the
internet as a whole, may be right. My own mailbox has been "full" or almost so,
twice in the last week, something that's never happened before. It allows ten
megabytes of storage for incoming mail (not including those that get filtered to
the 'known spam" file. Now, my email addresses are publicly enough available
through the group, or past orchid posts, that I've no doubt the spammers have my
address(s) in spades. But if all of earthlinks customers are getting hit the
way I've been, it's a surprise they're still up and running at a decent speed at
all.

Peter

Hi Peter, It's getting to the point where I am going to change my identity,
and add the "nospam" type signatures to anything going out of my computer.
At least for this week, I will be changing my default email address and
just deleting it from my site (which has been inactive for about a year). My
cable ISP just responds with "have patience, this too shall pass" . I'll let
you know if any thing helps on this end. Will E ... I mean Wille1nospam
"Peter W. Rowe" wrote in message
...
On Sat, 20 Sep 2003 13:08:54 -0700, in rec.crafts.jewelry Abrasha
wrote:

And I think MailWasher is rather useless.

I had it on my PC for a month, and I still was adding domains to block
that send
spam. By the time I was up to over 700 domains and still having to add
new ones
every day, i decided that this was yet another useless attempt at spam
blocking
software.

My ISP, earthlink, has an automatic filter that moves "known spam" to a
seperate
file folder. You can also activate a service that's like mailwasher, only
in
reverse. You tell it all the addresses or domains from which you will
accept
mail, and everything else goes into a "suspect" folder. This presumably
keeps
your inbox clear of anything that could be spam. The downside, of course,
is
that you've got to anticipate everything that isn't spam, or go and
specifically
allow good addresses as they get to your "suspect" file, so that
subsequently
they'll be recognized. For me, moderating the newsgroup, that just
doesn't work
so well, so I've not activated that higher level. The interesting this is
that
the automatic one, which should recognize "known spam", so far has picked
out
only four of these recent spams purporting to be microsofts latest
security
updates. A quick look at the recent batch of a hundred and twelve of them
(in a
six hour period) shows why. They're all at least slightly different. No
two
senders match exactly. I've very rare to find two from the same address.
I
don't know how this compares in severity to previous internet attacks, but
certainly from my persective, this one is by far the worst. It's the
first time
I've ever seen this volume of infected files or spam attemps of any sort.
I'd
guess the poster who thinks this is an attempt to seriously compromise the
internet as a whole, may be right. My own mailbox has been "full" or
almost so,
twice in the last week, something that's never happened before. It allows
ten
megabytes of storage for incoming mail (not including those that get
filtered to
the 'known spam" file. Now, my email addresses are publicly enough
available
through the group, or past orchid posts, that I've no doubt the spammers
have my
address(s) in spades. But if all of earthlinks customers are getting hit
the
way I've been, it's a surprise they're still up and running at a decent
speed at
all.

Peter

Abrasha wrote:
It's http://www.mailwasher.net/
And I think MailWasher is rather useless.
I had it on my PC for a month, and I still was adding domains to block
that send spam. By the time I was up to over 700 domains and still
having to add new ones every day, i decided that this was yet another
useless attempt at spam blocking software.

It's not necessary to block each and every domain that issues spam, but to
catch them on certain 'Rules'. I have something similar on my (non-MS/Mac)
system. That is, if MailWasher is similar.

A couple of rules that work really well for me is:
Delete From: = *msn*.
Delete From: = *microsoft*
Much of this recent load of trash never even gets to me.

Another is this gem: Delete Subject: = * *
to catch all those with spaces in the subject line such as:
Subject: Impotence will be a thing of the past ttplqckjub

Also anything with my oen web address in the subject line gets deleted
right of of the ISP.

I also run a little application that analyses what was recently deleted,
and informs what rule did the trick. I can email any false positives from
there and ask them to resend, and perhaps alter the rule.

Is this what MailWasher allows? If it's true you cannot insert your own
custom 'rules' then maybe it's too unweildy, then.

Brian
on RISC OS
--
Brian Adam
Auckland NEW ZEALAND