[SURBL-Discuss] uk.geocities-munged-.com

Jeff Chan jeffc at surbl.org
Mon Oct 10 20:01:01 CEST 2005

On Monday, October 10, 2005, 9:31:32 AM, Kevin McGrail wrote:
> As a follow-up to the UK geocities issue, I fear that this may be related to
> spyware or a virus.

> Over the past few weeks, I've identified a few patterns.  For example the
> email below contains 5 email addresses, 4 of which are quite unique.  You
> will also note they are not indicative of a dictionary attack yet they were
> all email in one single SPAM.

> Further, at least one of the people on this list passed away over a year
> ago.

> Additionally, what I have been seeing is VERY VERY unique emails getting
> hammered with SPAM and I believe it must be a virus/spyware that is getting
> the address books off of machines because the emails are too unique to
> guess.

> I don't know what to do with this information other than put out my $0.02
> that I think people are targeting address books and I can't prove it :-(

> Regards,

Viruses, worms, etc. are known to target address books.  It's a
good way to harvest addresses for spamming and to further
propagate email viruses to.  Once infected, the zombies can
presumably be used to send addresses back to some control
channel, send out spam or viruses, etc.

BTW, You may (or may not) want to munge the email addresses you
post if they belong to actual people since the archives are
publically readable. 

Jeff C.

More information about the Discuss mailing list