Note to Readers, Friday, May 20, 2005
Earlier this week I found my email in-box stuffed with notices of undeliverable emails. However, I didn't send any of those emails.
I also received a tremendous amount of email responses, mostly written in German. I also received a few emails from “Today in Iraq” readers complaining that they had received spam from my email account. The spam sent out under my email address mostly concerned German history and contained links to German media sources.
Worried that my email account had been hacked, I consulted the experts - my fellow moderators at the Bartcop forum
I received the following reply from Von Rex, one of the other Bartcop moderators and an expert on cyber-matters. It is a very succinct answer explaining a complex topic. I’m posting Von Rex’s reply here (including his good-natured jibe at Fud, another moderator and technical guru) as a public service for readers:
It's not being sent from your account, and there's nothing you can do about it except explain this to anyone irate that responds to "your" spam.
See, the problem here is that anyone can send an email with any value at all for the "from" field. Closer examination will reveal that the email isn't legit as the sending servers won't be correct, but of course hardly anyone does this.
So with spam like yours, what's happening is that someone with your address in their address book as been infected and the spam program is sending out random emails based on their address book. For example if I was infected it might search through my address book and find Fud's address. Then the spambot might configure a message selling penis enlargers and send it out from my account but with Fud's name in the sender fields. If this pisses someone off and they reply to the spam, Fud would get the reply even though his machine has not been compromised.
In the end there's nothing you can do. This is a problem with the basic protocol of email. Eventually someone will have to make an email version two and push it to become a standard. Bill Gates is pushing for such a thing right now.
This is also a reason why you shouldn't retaliate against spam emails. You'll probably hit an innocent target.
To check your system of malware, you need some kind of detection/cleaning program. The best free ones are Spybot Search & Destroy and Ad-Aware. I've always used Spybot but I've heard they're starting to lag with their updates a bit, so I'm not sure which one to recommend right now. Either will be good though.
I also run a small app called "Hijack This!" once in a while. It's not as user friendly but it will detect certain especially nasty malware, though those kind usually require you to screw around manually to get rid of them.
As far as prevention, there's two things to keep in mind. The first is don't use Outlook Express or Internet Explorer. Especially Internet Explorer. Use Firefox as your browser instead. Not only is it far more secure, it's also a better browser.
The second thing to keep in mind is don't run executable content from an untrusted source. Don't run .exe files or scripts that get passed around in email or downloaded from kazaa or untrusted web sites. Be familiar with file extensions. Some are safe, like .mpg or .jpg. Others are dangerous, like .vbs, .bat, .exe and so on. Turn on the viewing of extensions if you have a default windows install which extensions turned off. If in doubt about any file, don't run it.
Melic, another moderator, thoughtfully provided a link to an MSNBC article
further explaining the mysterious German email infestation:
Updated: 2:56 p.m. ET May 16, 2005
Some e-mail inboxes filled up with German-language spam over the weekend, as the well-traveled Sober virus was apparently turned into a propaganda machine by its author.
Sober has infected millions of computers around the globe since it first launched in 2003, and it's gone through nearly 20 variations. But this weekend's version was different — it wasn't designed to spread itself, or to infect other computers with toxic e-mail messages.
It was designed to simply get a point across.
Some time during the weekend, thousands of Sober-infected machines under the control of the virus writer were instructed to download a new version of the program, called Sober-Q, according to antivirus firm MessageLabs.
The new version turned infected computers into spam machines. The infected computers were then told to send out hundreds of messages, mostly in German, linking to Web pages containing information on conservative German political issues. Many of the e-mails actually linked to legitimate news stories, at Web sites like Der Spiegel Online.
But the worm isn't spreading, and only previously infected computers were at risk of infection, experts said.
"It is a one-time political message," said McAfee's Vincent Gullotto, vice president of the firm's virus research lab.
There are 72 variations of the spam. Some are in English, with crass messages, containing subject lines such as "The Whore Lived Like a German."
But others are obviously laced with politics. Some of the messages bemoan the bombing of Dresden by Allied armies in 1945. The e-mail may be timed to the 60th anniversary of the Allied victory over Nazi Germany, celebrated last week.
Other messages contain arguments against allowing Turkey into the European Union. One message in English links to a story about the politically sensitive topic of alleged Armenian genocide at the hands of the Ottoman Empire, "Armenian Genocide Plagues Ankara 90 Years On." A public apology has been proposed as a condition of Turkey's EU membership.
This technique for sending spam was very effective, spam experts say, because the messages were sent by innocent-looking computers. Most the the messages breezed through spam filters.
"Almost all of the spam e-mails have been sent from otherwise clean IP addresses and will have gone largely undetected by spam filters," said Stephen White, head of anti-spam technical operations at MessageLabs. "It would seem that the virus author has stored up networks of infected machines around the world, holding them on standby to deploy at specific times."
The virus is not considered dangerous, said McAfee's Gullotto. Very few infections have been reported. But it is generating a lot of spam, he said, with some customers receiving hundreds of messages.
Symantec Corp's Alfred Huger estimated that Sober-Q had generated "tens of millions" of spam messages. Each infected machines is probably capable of sending out 10,000 spams per hour, he said.
"To spread a signifcant amount of spam you don't need too many (infected computers)," he said.
This is not the first time a virus has contained a political message, but it is one of the most effective in recent memory, Gullotto said.
"It is generating a lot of spam," he said. "With the success of it, you would expect it to be used again."
So if you’re getting spam from email@example.com, it’s not coming from my machine.
Thanks for reading,
Rant of the Day, Friday, May 20, 2005
A long, revealing and depressing article
, drawn from an Army criminal investigation report, describing intelligence “interrogations” in Afghanistan. As one Afghan interpreter notes, these are not intelligence interrogations, but simply gratuitous prisoner abuse.
As a former counterintelligence officer I want to know why 21-year old enlisted men and junior NCOs are conducting interrogations without direct officer supervision - and I‘m not talking about the poorly-trained-but-ambitious Military Intelligence lieutenants and bright-eyed MI captains. Where are the counterintelligence and interrogation Warrant Officers who approve interrogation plans, read interrogation reports, train and supervise enlisted soldiers?
This report is a disgrace to my country and a dishonor to the uniform dear to my heart. It’s why I didn’t post today. I’m too fucking angry.