commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Craig McClanahan <craig...@apache.org>
Subject Re: [all] Craig Mcc turned spammer? :-)
Date Tue, 13 Apr 2004 16:20:46 GMT
Simon Kitching wrote:

>On Tue, 2004-04-13 at 18:21, Craig McClanahan wrote:
>  
>
>>Simon Kitching wrote:
>>    
>>
>>>On Tue, 2004-04-13 at 18:01, craigmcc@apache.org wrote:
>>>      
>>>
>>>>Please have a look at the attached file.
>>>>        
>>>>
>>> 
>>>
>>>      
>>>
>>I would be glad to if I'd actually sent it :-).  Of course, it was 
>>forged ...
>>    
>>
>
>Yeah, but it raises some interesting questions.
>
>Was this sent to me directly, or did it go to the list?
>
>  
>
I've seen a bunch of these on the various lists I subscribe to.

>If it went to the list, was it an accident that an address which was
>already subscribed to the list was used, or are spammers/viruses now
>deliberately doing that in order to avoid the "subscribers only" nature
>of this list? If the latter, then we could be in trouble. I don't think
>this is the case, though, as the email did not have the mime headers
>such as "List-Id" which would have been done automatically by the list
>server.
>
>  
>
I suspect the virii aren't quite that smart.  It seems more likely that 
many people have the email address of mailing lists they are subscribed 
to in their address books, and the random combination of 'from' and 'to' 
will often pick a combination that the list will send on through.  Also, 
more recent virii have started harvesting readable text files on 
infected computers as well, not just address books.

For the record, I'm a moderator on COMMONS-DEV and routinely reject 
150-200 non-subscriber posts like this every single day.  So it's 
certainly not using only valid subscriber combinations.

>But if it went to me directly, then the odds of a randomly-chosen email
>address being Craig's one is pretty small, so presumably some app has
>tracked the email addresses of people who send emails to me, and is
>deliberately choosing a "familiar" sending address when sending me the
>virus. This isn't a pleasant prospect either. Or is this something that
>has been going on for a while that I just haven't noticed?
>
>  
>
Actually, the algorithms being used are both stupider and smarter than 
that.  The "stupider" part is that an address with which you've ever 
interacted is likely to be one that someone else who gets infected with 
has also interacted (I'm up to >500 per day on my Apache email account 
again; thank goodness for Spam Assassin :-).  The "smarter" part is that 
harvesting doesn't only happen on the infected machine; some of the 
virii share the bounty that they've harvested with others; particularly 
when they successfully infect new machines.

>I'm not in favour of the death penalty, but I could be persuaded to make
>an exception here......
>
>Regards,
>
>Simon
>
>  
>
Craig


---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org


Mime
View raw message