From: owner-ecto-digest@smoe.org (ecto-digest) To: ecto-digest@smoe.org Subject: ecto-digest V10 #117 Reply-To: ecto@smoe.org Sender: owner-ecto-digest@smoe.org Errors-To: owner-ecto-digest@smoe.org Precedence: bulk ecto-digest Monday, April 26 2004 Volume 10 : Number 117 Today's Subjects: ----------------- Re: Patrice Pike [Jessica Byers ] Today's your birthday, friend... [Mike Matthews ] what happened here? [andrew fries ] Re: what happened here? [Yngve Hauge ] Re: what happened here? [Nadyne Mielke ] RE: what happened here? ["Collected Sounds" <1234@collectedsounds.com>] RE: what happened here? [Steve VanDevender ] RE: what happened here? ["neal copperman" ] RE: what happened here? [Steve VanDevender ] RE: what happened here? [Nadyne Mielke ] Ecto virus? ["Xenu's Sister" ] Re: what happened here? [Dan Riley ] RE: what happened here? ["Collected Sounds" <2345@collectedsounds.com>] Re: what happened here? [Cathy Sandifer ] Re: what happened here? [andrew fries ] RE: what happened here? [dmw ] Re: what happened here? [alan ] RE: what happened here? [meredith ] RE: what happened here? [Nadyne Mielke ] Upcoming shows for Kristin Hersh's 50 Foot Wave [Michael Curry ] ---------------------------------------------------------------------- Date: Mon, 26 Apr 2004 00:50:53 -0600 From: Jessica Byers Subject: Re: Patrice Pike Neal, I don't have all of her CDs, just an early one from 95, when the band was still called Little Sister, and then the latest PP & BBR one. They're fine, but I was never all that excited about them. I haven't seen her live in years, but I saw her at few times (in 96/97?) at a club in Denver and she was amazing live, really intense compelling energy and performance. If she is wanting to do a solo house concert I would jump right on that in a second. I'd be interested to know if that was the intention, since she seems to be more a rock club act. I remember her telling some really interesting stories about the tattoos on her arms... I notice there are three different web sites: http://www.sister7.com/ http://www.patricepike.com/index2.html http://www.blackboxrebellion.com/ Maybe I'll give her new CD another try. As soon as I can tear myself away from the new Patty Griffin... Jess >I love Patrice and Wayne dearly, but the BBR collaboration's CD >didn't quite work for me. No one has yet captured their magic on a >studio recording, and I think the live dynamic brought out something >ineffable in their performances. Every S7/BBR show was a treat that >even my live tapes fall short of reproducing... ------------------------------ Date: Mon, 26 Apr 2004 03:00:05 -0400 (EDT) From: Mike Matthews Subject: Today's your birthday, friend... i*i*i*i*i*i i*i*i*i*i*i *************** *****HAPPY********* **************BIRTHDAY********* *************************************************** *************************************************************************** ********************** Matt Adams (no Email address) ********************** *************************************************************************** -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Matt Adams Thu April 26 1962 Taurus Brad Hutchinson Tue April 28 1964 What sign? Geoff Parks Sun April 30 1961 Taurus Marty Lash Sat May 01 1948 Taurus Barney Parker Fri May 02 1986 happy cat Gray Abbott Tue May 03 1955 Suprised Tamar Boursalian Tue May 03 1966 Taurus Richard A. Holmes May 07 Taurus Steve Ito Fri May 08 1970 DA Bull... Brian Gregory Thu May 09 1963 Eclectic Heidi Maier Wed May 10 1978 Taurus Patrick Varker Wed May 12 1954 Torius Philip David Morgan Sat May 12 1962 Chinese Tiger in Bull Clothing Steve Fagg Tue May 13 1958 Nightwol Karel Zuiderveld Fri May 13 1960 Stier Michael Colford Wed May 16 1962 Taurus Christopher Boek Tue May 19 1970 Taurus Julia Macklin Mon May 20 1968 ethereus Yngve Hauge Fri May 21 1971 Gemini Lisa Laane Tue May 22 1973 Gemini Jewel Kilcher Thu May 23 1974 The Gem - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- ------------------------------ Date: Mon, 26 Apr 2004 20:37:52 +1000 From: andrew fries Subject: what happened here? I'm trying to understand this message I just received, supposedly from happy@collectedsounds.com (the header info doesn't look quite right, does it? But that's all I get) - --------------------- Delivered-To: postmaster@postie Received: from mail.internode.on.net (203.16.214.182) by postie with POP3 for ; 26 Apr 2004 04:49:06 -0000 Received: from internode.on.net (unverified [67.11.148.80]) by internode.on.net (SurgeMail 1.8g3) with ESMTP id 40850410 for ; Mon, 26 Apr 2004 12:22:44 +0930 (CST) Return-Path: From: happy@collectedsounds.com To: afries@internode.on.net Subject: trust me Date: Sun, 25 Apr 2004 21:52:37 -0500 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0004_00006991.000011F7" X-Priority: 3 X-MSMail-Priority: Normal X-Server: High Performance Mail Server - http://surgemail.com Message-ID: <1082947964_13578@pop1.adl2.internode.on.net> X-Rcpt-To: X-IP-stats: Incoming Last 0, First 0, in=1, out=0, spam=0 X-External-IP: 67.11.148.80 Status: U X-UIDL: 1082947965.7845_212267.pop1.adl2.internode.on.net This is a multi-part message in MIME format. - ------=_NextPart_000_0004_00006991.000011F7 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit is that your message? - ------=_NextPart_000_0004_00006991.000011F7 Content-Type: application/octet-stream; name="warez.rtf.scr" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="warez.rtf.scr" - --------------------------------------- I understand this attachment, warez.rtf.scr is some sort of outlook-related malware. But I would like to know just who is spamming whom here? Are these headers forged and message originates from somewhere else rather than happy@collectedsounds.com, or is the message genuine, which would mean, I suppose, that someone spammed *her* using *my* email address? Either way I think this is the first positive proof that ecto has been harvested by spammers... ------------------------------ Date: Mon, 26 Apr 2004 18:09:28 +0200 (CEST) From: Yngve Hauge Subject: Re: what happened here? On Mon, 26 Apr 2004, andrew fries wrote: > I'm trying to understand this message I just received, supposedly from > happy@collectedsounds.com (the header info doesn't look quite right, > does it? But that's all I get) It looks like most of the messages generated by viruses I've got this year. They just take addresses out of the auto-generated list of of addresses in outlook and sends a message to that address. - -- Yngve ****************************************** * One alien has come, unalien to one ***** ****************************************** ***** Blessed be!!! ********************** ------------------------------ Date: Mon, 26 Apr 2004 09:12:40 -0700 From: Nadyne Mielke Subject: Re: what happened here? At 03:37 AM 4/26/2004, andrew fries wrote: >I'm trying to understand this message I just received, supposedly from >happy@collectedsounds.com (the header info doesn't look quite right, does >it? But that's all I get) [snip] >I understand this attachment, warez.rtf.scr is some sort of >outlook-related malware. But I would like to know just who is spamming >whom here? Are these headers forged and message originates from somewhere >else rather than happy@collectedsounds.com, or is the message genuine, >which would mean, I suppose, that someone spammed *her* using *my* email >address? >Either way I think this is the first positive proof that ecto has been >harvested by spammers... The headers are forged. I don't think that it's positive proof that ecto has been harvested by spammers. This looks more like a virus to me. Many viruses use the address book of the infected person to (a) send the virus to all email addresses listed in the address book, and (b) use the address of the infected person (or, in a slightly more sophisitcated move, use one of the other addresses in the address book) as the from: for those messages. The theory behind this is the people in the address book know the owner of the address book, and are thus more likely to open the email message and its attachment. Remember, folks: if you're running any variant of Windows, it is imperative that you regularly update and run your virus checker. "Regularly" here means at least once a week. I use Norton AntiVirus, which automatically updates itself and can be set up to run an automated scan. My automated scan is Monday at 5pm, which reminds me that it's time to go home. :) /nm ------------------------------ Date: Mon, 26 Apr 2004 13:03:28 -0500 From: "Collected Sounds" <1234@collectedsounds.com> Subject: RE: what happened here? Hey you guys... > I'm trying to understand this message I just received, > supposedly from > happy@collectedsounds.com (the header info doesn't look quite right, > does it? But that's all I get) This is MY former Ecto email address. (which has been extinct for months now). I changed it when I started getting SPAM directed to it...which is now happening again with my using 1234@collectedsounds.com. (I've gotten 6 spams in the past few hours) so I will be retiring that email address today as well. This is getting more than ridiculous. As much as I love Ecto I'm thinking about un-you-know-what-ing because I am so sick of SPAM and NOW I see that people are using MY domain to spam people I am really ticked. I realize that they are just spoofing the address, but I never want anyone to think that they are getting spam from me, that can ruin my business. I don't think I ever get infected with a virus. I have two virus protection programs on my computer as well as a spam filter and 2 firewalls and I never even OPEN an email that is not from someone I know. So I know I've never been infected (unless I misunderstand something about how it works). So please know I did not spam you. I'm guessing that you have that email address either in your address book or maybe you responded to a post I wrote in the past. Sorry! I don't know what to do, except leave. I REALLY wish these archives were not available to people not on the list. I realize the only way to do this is to make Ecto a Yahoo group or something, but this spam/virus thing really sucks...really....no, I mean really! Any suggestions? I mean I can prevent spam by changing my email address every 3 months but that's a pain in the arse and still does not prevent people from using MY address to spam people. Any techie smart people out there have any solutions? ~Amy Lotsberg Producer, Collected Sounds www.collectedsounds.com > -----Original Message----- > From: owner-ecto@smoe.org [mailto:owner-ecto@smoe.org]On > Behalf Of Yngve > Hauge > Sent: Monday, April 26, 2004 10:09 AM > To: The Fuzzyblue Universe > Subject: Re: what happened here? > > > On Mon, 26 Apr 2004, andrew fries wrote: > > > I'm trying to understand this message I just received, > supposedly from > > happy@collectedsounds.com (the header info doesn't look quite right, > > does it? But that's all I get) > > It looks like most of the messages generated by viruses I've got this > year. They just take addresses out of the auto-generated list of of > addresses in outlook and sends a message to that address. > > -- Yngve > > ****************************************** > * One alien has come, unalien to one ***** > ****************************************** > ***** Blessed be!!! ********************** ------------------------------ Date: Mon, 26 Apr 2004 11:22:57 -0700 From: Steve VanDevender Subject: RE: what happened here? Collected Sounds writes: > Any suggestions? I mean I can prevent spam by changing my email address > every 3 months but that's a pain in the arse and still does not prevent > people from using MY address to spam people. Any techie smart people out > there have any solutions? There are no simple solutions for this. One of the biggest problems right now is email worms that search files on infected systems for email addresses. This means that anyone who becomes infected with a worm after receiving email from you, viewing a web page with your email address in it, getting your email address in certain kinds of documents, etc. could start sending out copies of the worm using your address. This means that whether or not the Ecto archives are publicly accessible, and whether Ecto remains a standard mailing list or turns into an (ecch) Yahoo group, any email address you use is susceptible to forgery by such worms as long as you give it to anyone in any way, so hiding the Ecto archives or migrating Ecto to a different kind of mailing list or other forum won't really solve the problem, nor does the current state of Ecto really contribute to the problem. ------------------------------ Date: Mon, 26 Apr 2004 11:20:32 -0700 From: Nadyne Mielke Subject: RE: what happened here? At 11:03 AM 4/26/2004, Collected Sounds wrote: [snip] >Any suggestions? I mean I can prevent spam by changing my email address >every 3 months but that's a pain in the arse and still does not prevent >people from using MY address to spam people. Any techie smart people out >there have any solutions? The original recipient wasn't getting spammed from your address. They were the lucky recipient of an email with a virus attached. There are a couple of ways that this could have happened: 1) You were infected with a virus, and it used your computer to send itself out to other people. The only way to prevent this is to have a virus checker and update/run it as often as possible. (A firewall won't help you with this.) 2) Someone else was infected with a virus. It used an address that was taken from the infected person's address book for the from: line, then sent itself out to other people in the infected person's address book. This is relatively common behaviour. There is nothing that you can do about this, other than remind your friends and colleagues to use (and update!) a virus checker. To be clear, though: having two virus checkers does NOT necessarily protect you from viruses. You MUST update them regularly. Some do this automatically for you, others you have to do manually. Even if you do update your virus checker regularly, they might not be able to protect you from all viruses. A brand-new virus can get past even the best virus checker if the new virus operates in a way that is different from all of its predecessors. In this case, you will get infected, and your virus checker will only be able to let you know after the fact (that is, after the people who develop the virus checker figure out how to prevent it, and update their virus checker with this information). The virus checker should be able to remove the virus at this time, but you could have already suffered [whatever bad stuff the virus was doing]. As for spam, you can do some stuff to prevent receiving it, like using a spam filter on your email. However, you don't need to worry about spammers using your address to send out their junk. Currently, spammers aren't using virus methods; they're not stealing email addresses from address boosk, and they're not forging the from: line to make it look like it's coming from someone else. /nm ------------------------------ Date: Mon, 26 Apr 2004 18:40:56 -0000 From: "neal copperman" Subject: RE: what happened here? Nadyne Mielke said: > Currently, spammers aren't > using virus methods; they're not stealing email addresses from address > boosk, and they're not forging the from: line to make it look like it's > coming from someone else. Actually, I get spam all the time that has forged "from" lines. neal ------------------------------ Date: Mon, 26 Apr 2004 11:42:43 -0700 From: Steve VanDevender Subject: RE: what happened here? Nadyne Mielke writes: > However, you don't need to worry about spammers > using your address to send out their junk. Currently, spammers aren't > using virus methods; they're not stealing email addresses from address > boosk, and they're not forging the from: line to make it look like it's > coming from someone else. Sorry, spammers routinely do all of: * use other people's email addresses as forged senders * harvest address books for spam lists, directly (via email worms/viruses) and indirectly (via the receipt of worm-sent messages containing addresses harvested from address books) * forge From: headers Email just isn't a happy place any more. ------------------------------ Date: Mon, 26 Apr 2004 15:05:49 -0400 From: fingerpuppets Subject: Re: what happened here? one time at band camp, Collected Sounds (1234@collectedsounds.com) said: >As much as I love Ecto I'm >thinking about un-you-know-what-ing because I am so sick of SPAM and NOW I unsubscribing from ecto will not make spam go away. there are more ways than harvesting addresses from the archives to get addresses. for instance, you own a domain which means that your e-mail address are publically available from dns records. >in the past. Sorry! I don't know what to do, except leave. I REALLY wish >these archives were not available to people not on the list. I realize the >only way to do this is to make Ecto a Yahoo group or something, but this >spam/virus thing really sucks...really....no, I mean really! making the archives non-public would take me all of 5 seconds to do. the question is: is it worth the trade-off? personally, i like having the archives web-accessible. they are a great resource and letting them be publically-accessable is a great thing. also, i know for a fact that there are people who read the digests on the web rather than getting them via e-mail. if we were to shut them down, subscribers could still get to the digests via majordomo, but that is not terribly convienent even for net.savvy ectophiles. i know others feel differently about this issue though. obviously. ;) >Any suggestions? I mean I can prevent spam by changing my email address >every 3 months but that's a pain in the arse and still does not prevent >people from using MY address to spam people. Any techie smart people out >there have any solutions? one thing that i'd be happy to do for any ecto subscriber is to make it possible for you to post from a fake e-mail address a la usenet. so, your posts comes from, for example, amyREMOVEME@collectedsounds.com. that way, the harvesters will pick up the spam-protected address and send the junk to that non-existant address. and humans will see your address and know to remove the crap from your address to be able to e-mail you. remember: the subscriber list is NOT where spammers get your address; if you're subscribed and never post, you should never get spam because you're on ecto -- that spam, i can 100% assure you, happened because the spammer got your address from some other source. woj ------------------------------ Date: Mon, 26 Apr 2004 12:05:17 -0700 From: Nadyne Mielke Subject: RE: what happened here? At 11:40 AM 4/26/2004, neal copperman wrote: >Nadyne Mielke said: > > Currently, spammers aren't > > using virus methods; they're not stealing email addresses from address > > boosk, and they're not forging the from: line to make it look like it's > > coming from someone else. >Actually, I get spam all the time that has forged "from" lines. I'm sorry, I wasn't clear. Spammers are forging the from: lines (and have been doing so forever), but they're using fake email addresses. They're not sending email with a forged from: line saying that it's from . Well, I guess I need to clarify that statement, too. There's a fair number of scams out there that look like they're coming from eBay, PayPal, or even your bank, and their email address is one that looks like a real email address at one of those institutions. I'm not counting this as spam, though. I'm only talking about standard spam: Viagra, breast enlargement, porn, weight loss, that sort thing. They're not forging the from: line to say that it's from . They might forge it to say that it's from . I suppose it's possible that I just haven't seen it (or noticed it). I get something on the order of a couple of hundred pieces of spam per day on my various email addresses, and haven't noticed that any of the ones that do slip through my spam filters are using 'real' email addresses. /nm ------------------------------ Date: Mon, 26 Apr 2004 14:29:16 -0500 From: "Xenu's Sister" Subject: Ecto virus? Speaking of, I just got this, at an address I haven't used for a long long time. Eudora sent it to my Junk mail folder, which I still check before deleting just in case something important is in it. There was an attachment called "MoreInfo.cpl" Of course I didn't open it, I don't even open attachments from people I *know*, unless they send me a chatty letter (to convince me it's them) telling me it's coming, but someone else might. X-Persona: Return-Path: Received: from 207.172.4.25 (207.172.4.25 [207.172.4.25]) by ms06.mrf.mail.rcn.net (Mirapoint Messaging Server MOS 3.2.2-GA FastPath) with ESMTP id FMT68682; Mon, 26 Apr 2004 13:09:33 -0400 (EDT) Received: from mx15.mrf.mail.rcn.net (mx15.mrf.mail.rcn.net [207.172.4.44]) by mr06.mrf.mail.rcn.net (MOS 3.4.4-GR) with ESMTP id CKA29626; Mon, 26 Apr 2004 13:09:32 -0400 (EDT) Received: from nsc66.147.101-230.newsouth.net ([66.147.101.230] helo=kmg-49bveas45wc.org) by mx15.mrf.mail.rcn.net with smtp (Exim 3.35 #7) id 1BI9bn-0003IO-00 for vickie@enteract.com; Mon, 26 Apr 2004 13:09:31 -0400 Date: Mon, 26 Apr 2004 12:09:24 -0600 To: vickie@enteract.com Subject: RE: Protected message From: owner-ecto-digest@smoe.org Message-ID: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="--------yncufrtrglcbbzoibtoz" X-Junkmail-Status: score=6/50, host=mr06.mrf.mail.rcn.net ------------------------------ Date: 26 Apr 2004 16:33:03 -0400 From: Dan Riley Subject: Re: what happened here? Nadyne Mielke writes: > I'm sorry, I wasn't clear. Spammers are forging the from: lines (and > have been doing so forever), but they're using fake email addresses. > They're not sending email with a forged from: line saying that it's > from . [...] > I suppose it's possible that I just haven't seen it (or noticed it). Most spam doesn't use real email addresses as the "From", but some does. I get bounces every few days where some spammer has forged my address as the "From" in spam sent to a long list of invalid addresses, plus the occasional angry "stop spamming me" complaint. There's a "make money at home" spammer, operating mostly out of web sites hosted in Russia, who's been particularly persistent abusing my address. I suspect the spammers who do this prefer addresses from anti-spam forums (fora?) like spam-l, as a form of harassment. There's also a small fraction of spam where the from address is forged to be the same as the to (we filter on mail "from" some of my older addresses, and it does catch some spam). - -- np: Taking Tiger Mountain (by Strategy) nr: Subtle Is the Lord: The Science and the Life of Albert Einstein ------------------------------ Date: Mon, 26 Apr 2004 15:50:31 -0500 From: "Collected Sounds" <2345@collectedsounds.com> Subject: RE: what happened here? Hi everyone! Thanks for the info...anyone who is not interested in this I'm terribly sorry, but I wanted to reply to everyone who knew something and could help! Please forgive me! We'll get back to music talk soon, I swear. Nadyne said (in regard to virus protection programs): > You MUST update them regularly. Here's the dealio... I have MCAfee which checks for updates a couple of times a day. Then I have it set to virus scan every evening while I slumber. So I really don't think I could have a virus. I mean, wouldn't it have seen it and cleaned it eventually? > like using a > spam filter on your email I also do have several filters on my email accounts, but they don't seem to help. Or maybe they do and I'd really be inundated if I didn't! Ugh, the horror! Woj said: >unsubscribing from ecto will not make spam go away. I realize that I will still get spam on all my other accounts, but I created this email address specifically for Ecto and don't use it for anything else. The only way that a spammer could have gotten it, is to have searched the archives...no? I'm not trying to be difficult, just trying to understand it. I'm totally willing to be wrong! I have NEVER given this email address out to anyone except to reply to a post here, I've never signed up for anything with it, it's not on my website, I use it for Ecto exclusively. But am I correct that posting alone, will open it up to spammers? It seems hopeless. Oh and whomever suggested that it's available because I registered my site...I registered the site under my Earthlink.net address (which gets around 600 spam per week but they have a spam blocker so I never see it). Woj said also: >making the archives non-public would take me all of 5 seconds to do. yeah, but I know lots of people like it the way it is (in fact didn't we have this discussion awhile ago?). I guess what I wish is that it would hide everyone's email address. If someone wanted to contact someone that they read about online they'd have to join the list..or.... Woj also offered: >one thing that i'd be happy to do for any ecto subscriber is to make it >possible for you to post from a fake e-mail address a la usenet. That would be fabulous. Would that really work? :D ~Amy > -----Original Message----- > From: owner-ecto@smoe.org [mailto:owner-ecto@smoe.org]On Behalf Of > Nadyne Mielke > Sent: Monday, April 26, 2004 12:21 PM > To: 'The Fuzzyblue Universe' > Subject: RE: what happened here? > > > At 11:03 AM 4/26/2004, Collected Sounds wrote: > > [snip] > > >Any suggestions? I mean I can prevent spam by changing my > email address > >every 3 months but that's a pain in the arse and still does > not prevent > >people from using MY address to spam people. Any techie > smart people out > >there have any solutions? > > The original recipient wasn't getting spammed from your > address. They were > the lucky recipient of an email with a virus attached. There > are a couple > of ways that this could have happened: > > 1) You were infected with a virus, and it used your computer > to send itself > out to other people. The only way to prevent this is to have a virus > checker and update/run it as often as possible. (A firewall > won't help you > with this.) > > 2) Someone else was infected with a virus. It used an > address that was > taken from the infected person's address book for the from: > line, then sent > itself out to other people in the infected person's address > book. This is > relatively common behaviour. There is nothing that you can > do about this, > other than remind your friends and colleagues to use (and > update!) a virus > checker. > > To be clear, though: having two virus checkers does NOT > necessarily protect > you from viruses. You MUST update them regularly. Some do this > automatically for you, others you have to do manually. > > Even if you do update your virus checker regularly, they > might not be able > to protect you from all viruses. A brand-new virus can get > past even the > best virus checker if the new virus operates in a way that is > different > from all of its predecessors. In this case, you will get > infected, and > your virus checker will only be able to let you know after > the fact (that > is, after the people who develop the virus checker figure out how to > prevent it, and update their virus checker with this > information). The > virus checker should be able to remove the virus at this > time, but you > could have already suffered [whatever bad stuff the virus was doing]. > > As for spam, you can do some stuff to prevent receiving it, > like using a > spam filter on your email. However, you don't need to worry > about spammers > using your address to send out their junk. Currently, > spammers aren't > using virus methods; they're not stealing email addresses > from address > boosk, and they're not forging the from: line to make it look > like it's > coming from someone else. > > /nm [demime 0.97c-p1 removed an attachment of type application/ms-tnef which had a name of winmail.dat] ------------------------------ Date: Mon, 26 Apr 2004 17:33:19 -0400 (EDT) From: Cathy Sandifer Subject: Re: what happened here? Collected Sounds sez: >I realize that I will still get spam on all my other accounts, but I created >this email address specifically for Ecto and don't use it for anything else. >The only way that a spammer could have gotten it, is to have searched the >archives...no? I'm not trying to be difficult, just trying to understand it. >I'm totally willing to be wrong! It's also possible, but I don't know how probable, that they could've gotten it via Usenet. http://groups.google.com/groups?q=fa.music.ecto - -Cathy, delurking briefly n.p. Nina Simone, "Sinnerman (Felix Da Housecat's Heavenly House Mix)" from "Verve Remixed 2" ------------------------------ Date: Tue, 27 Apr 2004 07:38:05 +1000 From: andrew fries Subject: Re: what happened here? Nadyne Mielke wrote: > The headers are forged. is there no way of finding the real sender then? This was one of the things that confused me about this message - looking at the headers I didn't see the usual trail of servers it passed through... > I don't think that it's positive proof that ecto has been harvested by > spammers. This looks more like a virus to me. Many viruses use the > address book of the infected person to (a) send the virus to all email > addresses listed in the address book, and (b) use the address of the > infected person (or, in a slightly more sophisitcated move, use one of > the other addresses in the address book) as the from: for those > messages. The theory behind this is the people in the address book know > the owner of the address book, and are thus more likely to open the > email message and its attachment. Heh, it worked in this case - sort of. I probably get a dozen or so such messages daily that go straight into trash, but in this case I recognised the sender's address... Naturally I don't run Outlook or Windows so I felt fairly safe opening it. Amy, please don't unsubscribe on account of this. For one thing, don't let them win. For another, as long as you are on the net, this sort of things will happen, one way or another. And as for Ecto archives, I still think they should stay public, but the email addresses could be somehow scrambled or obscured... ------------------------------ Date: Mon, 26 Apr 2004 17:44:45 -0400 (EDT) From: dmw Subject: RE: what happened here? On Mon, 26 Apr 2004, Nadyne Mielke wrote: > At 11:40 AM 4/26/2004, neal copperman wrote: > >Nadyne Mielke said: > > > > Currently, spammers aren't > > > using virus methods; they're not stealing email addresses from address > > > boosk, and they're not forging the from: line to make it look like it's > > > coming from someone else. > >Actually, I get spam all the time that has forged "from" lines. > > I'm sorry, I wasn't clear. Spammers are forging the from: lines (and have > been doing so forever), but they're using fake email addresses. They're > not sending email with a forged from: line saying that it's from > . > Not to make this a one-upsmanship match or anything ... i'm posting this because i think the more info about spammers' techniques is openly discussed, the better we all are. so: at least some spammers forge e-mail that appears to be from quite small-time isp/hosting concerns -- like for example, the one i run. the pathetic caverns: a zine - opinionated and eclectic reviews a studio - specializing in indie/rock/mobile/live/demo recording http://www.pathetic-caverns.com ------------------------------ Date: Mon, 26 Apr 2004 14:50:42 -0700 (PDT) From: alan Subject: Re: what happened here? On Mon, 26 Apr 2004, Cathy Sandifer wrote: > Collected Sounds sez: > > >I realize that I will still get spam on all my other accounts, but I created > >this email address specifically for Ecto and don't use it for anything else. > >The only way that a spammer could have gotten it, is to have searched the > >archives...no? I'm not trying to be difficult, just trying to understand it. > >I'm totally willing to be wrong! > > > It's also possible, but I don't know how probable, that they could've > gotten it via Usenet. http://groups.google.com/groups?q=fa.music.ecto Spammers do scan usenet. They also try probable addresses for domains they know about. I get messages to mail accounts I have *never* posted from or even used. (Including test aliases that were only used to test reciving e-mail.) There are many ways that spammers get e-mail addresses. One of the reasons I support the "Spammer Kneecap Reorientation Act". "If you are in Sales or Marketing, kill yourself now!" - Bill Hicks ------------------------------ Date: Mon, 26 Apr 2004 18:24:59 -0400 From: meredith Subject: RE: what happened here? Hi, >I realize that I will still get spam on all my other accounts, but I created >this email address specifically for Ecto and don't use it for anything else. >The only way that a spammer could have gotten it, is to have searched the >archives...no? No. As has been discussed, the message you received was most probably the result of a virus, not a piece of spam. Those are two completely different things. Most likely, someone on ecto who has a message from you in their Outlook inbox has a virus which grabbed your e-dress from said inbox to send itself out. One of the easiest ways to avoid viruses if you run a Windoze machine is not to use Outlook (or Outlook Express). Download the free version of Eudora, and your life will be a much happier thing. =============================================== Meredith Tarr New Haven, CT USA mailto:meth@smoe.org http://www.smoe.org/meth =============================================== Live At The House O'Muzak House Concert Series http://muzak.smoe.org =============================================== ------------------------------ Date: Mon, 26 Apr 2004 15:45:31 -0700 From: Nadyne Mielke Subject: RE: what happened here? At 01:50 PM 4/26/2004, Collected Sounds wrote: [snip] >I have MCAfee which checks for updates a couple of times a day. Then I have >it set to virus scan every evening while I slumber. So I really don't think >I could have a virus. I mean, wouldn't it have seen it and cleaned it >eventually? Well, yes, it would catch it eventually. But 'eventually' still means that you -could- have been infected by a brand-new virus, spread the virus unknowingly, and then had the virus get caught and cleaned by your virus checker when it was updated after the fact. It's a bit on the unlikely side, but it still could have happened. [snip] >I realize that I will still get spam on all my other accounts, but I created >this email address specifically for Ecto and don't use it for anything else. >The only way that a spammer could have gotten it, is to have searched the >archives...no? I'm not trying to be difficult, just trying to understand it. >I'm totally willing to be wrong! Just to be clear, the original message that was questioned here was not spam. It was a virus. I haven't read anything that says that virus writers are now using harvested email addresses for use in their from: lines, but I could've missed that one too. (We've already proven today that I'm not entirely up-to-date on spammer methods, after all. :) Regardless, getting your address from the archives is not the only way that it could have happened. Some email programs automatically add email addresses to the address book. Some viruses use the address book in two ways: they send themselves out to the addresses in the address book, and they use an address in the address book as the return email address on the message that contains the virus. My best guess is that both of these happened in this case. So the rest of the Windows users here need to check their virus checkers! Amy's not infected, but it sure looks like someone else is. /nm ------------------------------ Date: Mon, 26 Apr 2004 19:20:10 -0400 From: Michael Curry Subject: Upcoming shows for Kristin Hersh's 50 Foot Wave For those interested.... I definitely plan on trying to make either the Mercury Lounge show or the one at Maxwell's. Event Date: Apr 28, 2004 50 Foot Wave - Vaudeville Mews, Des Moines, IA Event Date: Apr 29, 2004 50 Foot Wave - First Avenue, Minneapolis, MN Event Date: Apr 30, 2004 50 Foot Wave - Luther's Blues, Madison, WI Event Date: May 01, 2004 50 Foot Wave - High Dive, Champaign, IL Event Date: May 02, 2004 50 Foot Wave - Shuba's Tavern, Chicago, IL Event Date: May 03, 2004 50 Foot Wave - Melody Inn, Indianapolis, IN Event Date: May 04, 2004 50 Foot Wave - Little Brothers, Columbus, OH Event Date: May 05, 2004 50 Foot Wave - Beachland Ballroom (In the Tavern), Cleveland, OH Event Date: May 06, 2004 50 Foot Wave - Club Cafe, Pittsburgh, PA. This will be a 'standing' show. All tables will be removed. Event Date: May 08, 2004 50 Foot Wave - (Venue TBA), Detroit, MI Event Date: May 09, 2004 50 Foot Wave - Mohawk Place, Buffalo, NY Event Date: May 12, 2004 50 Foot Wave - T.T. the Bear's, Cambridge, MA Event Date: May 13, 2004 50 Foot Wave - Mercury Lounge, NY, NY Event Date: May 14, 2004 50 Foot Wave - The Khyber, Philadelphia, PA Event Date: May 15, 2004 50 Foot Wave - Maxwell's, Hoboken, NJ Event Date: May 16, 2004 50 Foot Wave - IOTA Cafe, Arlington, VA More info at www.throwingmusic.com ------------------------------ Date: Mon, 26 Apr 2004 18:13:23 -0700 From: Ed Cole Subject: Spam...Spam...Spam...Spam About a year and a half ago I was getting 40-50 spam emails a day. I started using MailWasher, the author claims to have a superior algorithm to find out the real return address and bounce the message back to them with a note saying that my email address didn't really exist. Took about 2 weeks but all spam stopped. But his algorithm doesn't seem to be working with the ones I started getting a month or so ago. Ones that say they are from decblkscz@msn.com or something of that sorts. Been getting 6-8 just about every day. On a humorous note I tried using a feature at work that I don't use at home. MailWasher can be set to check on the web with a couple of sites that monitor spammers and will automatically bounce/block messages from known spammers. My work domain is ups.edu. Every single message from ups.edu was marked as being spam! Methinks some of our students have been up to some hanky panky. ------------------------------ End of ecto-digest V10 #117 ***************************