[Coco] Viruses (was Spam)

[John E. Malmberg]

Gilberto Luis Musa wrote:
> NaturalezaHi!
> 
> I am receiving some Spam, similar to the spam I received from the Princeton
> list, but straight from other sources, mainly from a supposed address of
> Microsoft and infected by virus. Of course the amount of spam is lower than
> in the previous list. I only use this address for the coco list, then I
> supposed they took it from Princeton.
> Is somebody having same problem?

The microsoft address spoofing virus is at least 5 years old with each 
generation having less spelling errors than the previous.

It now harvests e-mail addresses from any source the infected computer 
has access to.

I was getting about a dozen a day to my qsl.net address for the first 
week that it came out.

I looked up the owner of the I.P. address that the qsl.net mail server 
accepted the virus from, and sent the abuse/postmaster address for that 
domain a report that they had an infected user, and to please assist 
them with fixing it.

I only send one report for each I.P. address per day, and I rarely have 
to send a second report.

Earthlink sent me an auto-ack that they want such reports to go to 
security(at)earthlink.net for faster processing.  That may be the case 
for other networks.

For those of you setting mail filters, the main role accounts of 
"abuse", "security", "admin", and "support" for Microsoft.com are 
read-only mail boxes.  They never send mail.  Mail is sent from 
different e-mail addresses in response to messages sent to those 
addresses.  So you can discard all of those viruses easily.

While some of the addresses are protected from harvesting, when people 
quote a message and leave the e-mail addresses in side it intact, it 
could be harvested by viruses and spammers.

If you want information on how to reduce the amount of spam you get to a 
public e-mail address, contact me off list, and I can refer you to 
newsgroups where that is on topic.

-John
wb8tyw at qsl.net
Personal Opinion Only