Loading ...
Sorry, an error occurred while loading the content.

virus-laden emails from someone on the Vim list

Expand Messages
  • George V. Reilly
    [CCing the Vim and Vim-Dev lists. Not that it did any good the last time I raised this subject.] It is NOT me, dammit! Someone on the Vim list is infected with
    Message 1 of 3 , Jul 6, 2006
    • 0 Attachment
      [CCing the Vim and Vim-Dev lists. Not that it did any good the last time
      I raised this subject.]

      It is NOT me, dammit! Someone on the Vim list is infected with a virus
      that trawls through his address book and forges the From address. I too
      get dozens of virus-laden emails every week that purport to be from
      various people on the Vim list. Bram, Henk, Arpaffdy, and my own name
      are some of the names that I see regularly. This has been going on for
      at least two years :-(

      This laptop has been running a fresh install of Ubuntu 6.06 for the last
      four weeks, so if you've seen any mails from me in that interval, it
      definitely wasn't me. And I run antivirus and antispyware software when
      I'm running Windows, and I keep the signatures up to date.

      Vimmers, for the love of God, download antivirus and antispyware
      software, and run a scan on your machines.

      Windows users, start here:
      http://www.microsoft.com/athome/security/default.mspx

      /George

      @ Rocteur CC wrote:
      > I can't believe it, is this really you.
      >
      > I receive at least 5 spams a week from your email address.
      >
      > I can't believe it, is this a legitimate mail from you ?
      >
      > I'll be damned, the worlds biggest spammer is from the VIM list..
      >
      > I didn't realize..
      >
      > Virus, worms, spam, you name it, I get it from your address, I always
      > thought it was a phony email address and now I see it is a real one..
      >
      > Can you not do something about this ?
      >
      > Anyway, I have hundreds of spam mail from you and it was a shock to
      > see one that was not spam..
      >
      > Jerry
      >
      > On 06 Jul 2006, at 21:10, George Reilly wrote:
      >
      >> Adding the Vim Users mailing list, because I can't answer these
      >> completely.
      >>
      >>> ----- Original Message -----
      >>> From: "Richard Dooling" <dooling@...>
      >>> To: george@...
      >>> Subject: gvim on windows xp
      >>> Date: Thu, 6 Jul 2006 12:53:12 -0500
      >>>
      >>>
      >>> Dear George:
      >>>
      >>> I am a new convert to gvim. Trying to use it on Windows XP. I am
      >>> primarily a novelist, but a recent convert to Python, also.
      >>>
      >>> I intend to use gvim mainly as a text editor.
      >>>
      >>> Two things:
      >>>
      >>> (1) Is there a way to have a "soft" border or offset on the left, so
      >>> that the text is not flush against the left window border? I've
      >>> searched
      >>> for hours with no luck. Autoindent would put an actual space in there
      >>> (which I wouldn't want).
      >>
      >> I don't know of anything that will do exactly what you want, but
      >> ":set number" might help.
      >>
      >>> (2) Is there a plug-in file especially for text? Already configured for
      >>> 79 spaces with linebreak etc already set.
      >>
      >> I'm sure there must be something useful out there at vim.org. I have
      >>
      >> " In text files, always limit the width of text to 75 characters
      >> autocmd BufNewFile,BufRead *.txt,*.htm,*.html setlocal tw=75
      >>
      >> in my _vimrc.
      >>
      >>> Thank you so much for any help.
      >>>
      >>> Richard Dooling
      >>>
      >>> </rd>
      >>> http://dooling.com
      >>
      >>
      >> --/George V. Reilly mailto:george@...
      >> http://www.georgevreilly.com/blog/
      >>
      >
      >


      --
      /George V. Reilly george@...
      http://www.georgevreilly.com/blog
    • George V. Reilly
      To make this a little more concrete, here s some data from the last few such emails that I ve received. First, typical headers: From - Thu Jul 6 18:56:35 2006
      Message 2 of 3 , Jul 7, 2006
      • 0 Attachment
        To make this a little more concrete, here's some data from the last few such
        emails that I've received. First, typical headers:

        From - Thu Jul 6 18:56:35 2006
        X-Account-Key: account2
        X-UIDL: 1152233907.18606.mta6-4
        X-Mozilla-Status: 0001
        X-Mozilla-Status2: 10000000
        Return-Path: <george@...>
        Delivered-To: george:reilly.org@...
        X-OB-Received: from unknown (192.168.9.207)
        by 192.168.8.190; 7 Jul 2006 00:58:27 -0000
        Received: from 30013-2004-0009.com (unknown [203.229.175.114])
        by spf6-3.us4.outblaze.com (Postfix) with SMTP id 1D21C10DADB
        for <george@...>; Fri, 7 Jul 2006 00:58:22 +0000 (GMT)
        Date: Fri, 07 Jul 2006 09:58:30 +0900
        To: "George" <george@...>
        From: "Agiorgio" <agiorgio@...>
        Subject: Avis
        Message-ID: <oedfwrhunihbjtxhars@...>
        MIME-Version: 1.0
        Content-Type: multipart/mixed;

        Next, the IP addresses and the purported senders:

        221.163.190.71 - "Tal" <tal197@...>
        203.229.175.114 - "Agiorgio" <agiorgio@...>
        218.155.24.56 - "Tal" <tal197@...>
        210.222.7.64 - "Slouken" <slouken@...>
        211.192.1.102 - "Eljay" <eljay@...>
        214.180.5.118 - "Tal" <tal197@...>

        The last IP address is in Estonia; the rest are in Korea.

        Can anyone take this further?
        --
        /George V. Reilly george@...
        http://www.georgevreilly.com/blog


        George V. Reilly wrote:
        > [CCing the Vim and Vim-Dev lists. Not that it did any good the last
        time I raised this subject.]
        >
        > It is NOT me, dammit! Someone on the Vim list is infected with a
        virus that trawls through his address book and forges the From address.
        I too get dozens of virus-laden emails every week that purport to be
        from various people on the Vim list. Bram, Henk, Arpaffdy, and my own
        name are some of the names that I see regularly. This has been going on
        for at least two years :-(
        >
        > This laptop has been running a fresh install of Ubuntu 6.06 for the
        last four weeks, so if you've seen any mails from me in that interval,
        it definitely wasn't me. And I run antivirus and antispyware software
        when I'm running Windows, and I keep the signatures up to date.
        >
        > Vimmers, for the love of God, download antivirus and antispyware
        software, and run a scan on your machines.
        >
        > Windows users, start here:
        http://www.microsoft.com/athome/security/default.mspx
        >
        > /George
        >
        > @ Rocteur CC wrote:
        >> I can't believe it, is this really you.
        >>
        >> I receive at least 5 spams a week from your email address.
        >>
        >> I can't believe it, is this a legitimate mail from you ?
        >>
        >> I'll be damned, the worlds biggest spammer is from the VIM list..
        >>
        >> I didn't realize..
        >>
        >> Virus, worms, spam, you name it, I get it from your address, I
        always thought it was a phony email address and now I see it is a real one..
        >>
        >> Can you not do something about this ?
        >>
        >> Anyway, I have hundreds of spam mail from you and it was a shock to
        see one that was not spam..
        >>
        >> Jerry
        >>
        >> On 06 Jul 2006, at 21:10, George Reilly wrote: [snip]
      • A.J.Mechelynck
        ... Dear George, I for one don t believe it s you. Some spammer(s) somehow got your handle and the list added to their reserve of From and To addresses,
        Message 3 of 3 , Jul 15, 2006
        • 0 Attachment
          George V. Reilly wrote:
          > [CCing the Vim and Vim-Dev lists. Not that it did any good the last time
          > I raised this subject.]
          >
          > It is NOT me, dammit! Someone on the Vim list is infected with a virus
          > that trawls through his address book and forges the From address. I too
          > get dozens of virus-laden emails every week that purport to be from
          > various people on the Vim list. Bram, Henk, Arpaffdy, and my own name
          > are some of the names that I see regularly. This has been going on for
          > at least two years :-(
          >
          > This laptop has been running a fresh install of Ubuntu 6.06 for the last
          > four weeks, so if you've seen any mails from me in that interval, it
          > definitely wasn't me. And I run antivirus and antispyware software when
          > I'm running Windows, and I keep the signatures up to date.
          >
          > Vimmers, for the love of God, download antivirus and antispyware
          > software, and run a scan on your machines.
          >
          > Windows users, start here:
          > http://www.microsoft.com/athome/security/default.mspx
          >
          > /George

          Dear George,

          I for one don't believe it's you.

          Some spammer(s) somehow got your handle and the list added to their
          reserve of "From" and "To" addresses, possibly distributed them on one
          or more versions the infamous "Millions CDs", and started faking
          messages to the list with your "From:" address on them but sending them
          from anywhere in the world, especially from places like Korea where ISPs
          don't nuke spammers very diligently if at all. I guess that at least
          some of the above spammers aren't even subscribed to the vim lists; they
          use hour handle (in the From: header) as the key to get their crap into
          the lists.

          From then on there's no stopping them. You can't imagine the lot of
          spam I get with my own "From:" on them, or spam disguised as bounces
          purportedly telling "me" that "my own address" was rejected by "my own
          ISP" as "unknown recipient". Imagine!

          If your fromline appears oftener as some others on the list spam, it's
          just that for some reason the list spammers hide behide it oftener than
          behind other masquerade names. Maybe they just got you more times than
          others on their lists of pseudo-customers and pseudo-suppliers.

          And I repeat (you, George, probably know the following but maybe other
          Vimmers don't): it's very easy to fake a From: address. A baby could do
          it. It's in the menus of every mail client I know, not even hidden in a
          place difficult to reach. With the list in its To: line and any
          subscriber's addy on the (possibly faked) From: line, anything (with any
          actual origin) will be sent to everyone on the list. So there's no
          telling who actually sent the spam, except by analyzing the Received:
          lines (which are added to any email after it has left its original
          sender). But to thwart that mode of attack, many spammers add "fake"
          received-lines to their spam to make it appear that it came from
          elsewhere. The rule I go by is that whoever sent the spam to my ISP's
          "incoming mail" routers is the culprit. He usually can only be
          identified as a dotted-quad IP address similar to 123.45.67.89 but at
          least that tells us where in the world it came from.


          Best regards,
          Tony.
        Your message has been successfully submitted and would be delivered to recipients shortly.