Slashdot Mirror

← Back to Stories (view on slashdot.org)

Am I a Spam Zombie?

Posted by Cliff on from the how-can-you-know-for-sure dept.

ReallyCurious asks: "Recently, I've noticed a lot of junk email in my inbox reporting 'Mail delivery failure' or 'Undeliverable'. Some of these had documents attached, so I figured this was just a worm variant. But these messages keep coming. I worry that my machine has been turned into a 'Spam Zombie'. I don't see any suspicious processes running, but maybe it only runs for a few seconds, and at irregular times. I run a Windows 98 laptop, sometimes wirelessly connected to broadband (a few hours a day, on average), but I had to remove my virus software years ago because it was locking my system up, so I'm wide open. I've tried to be a good citizen and have been shopping for new virus software, but prices are running $40-$70, and most of these are just for upgrades (not even counting the mandatory 'subscriptions')! Is there an open or free virus fighting solution that's reliable and available for Windows? I'd be happy to run it ASAP."

19 of 160 comments (clear)

  1. Well... by hookedup · · Score: 4, Informative

    It may not be your system spewing out spam, but simply someone spoofing your domain.. happens to me every once in a while

    1. Re:Well... by tooth · · Score: 2, Informative
      Yeap, AVG does a good job. It's certainly better than nothing.

      Also try the no cost version of Zone Alarm.

      These are basic and no cost bits of software I run on my parents machines (and Firefox ;-) ... Though I'd love to buy them a mac one day :)

    2. Re:Well... by Anonymous Coward · · Score: 2, Informative

      As he said, the email address is inactive, but is displayed on the web. Spammers don't just look on the web for email address to spam, but also address to spoof spam from. The only connection he had with the spammer was an http connection for 1/2 a second.

    3. Re:Well... by Idealius · · Score: 2, Informative

      The story submitter is worried about his machine, not someone elses and if he wants to be sure he has no spyware on his system he should use HijackThis by Merjin:

      http://www.spywareinfo.com/~merijn/ (official site, down ATM)

      http://www.tomcoyote.org/hjt/

      Many popular anti-spyware forums accept posting a HijackThis log their HijackThis expert members can examine and advise you on. (e.g. The LavaSoft AdAware forums allow this but they require you post an AdAware log first :)

      Anyway, HijackThis is fairly manual as far as you need to know what you're doing to use it properly. However, if spyware is on your system it will be in a HijackThis scan result as it shows your computer's startup programs/services (legitimate or otherwise) in all known places they exist on your computer.

      Also, removing persistent spyware can get complicated using anything and this applies to HijackThis, too.

      I suggest you use Process Explorer to aid you if you're ever in this situation:

      http://www.sysinternals.com/ntw2k/freeware/proce xp .shtml

      The common approach for persistent spyware is to have 3+ processes running on your system, one that actually performs the spyware function and the other two which monitor the spyware process and each other. With Process Explorer You can susped processes that monitor other dummy processes that all make sure you A. Don't remove their startup entries and B. Don't try and terminate the spyware's running processes. They don't monitor whether their buddies are suspended, though so you can just suspend all of them after you've identified them, end them all, then remove the HijackThis entries now that the spyware startup entries aren't protected anymore. :)

      There's also the 'Find Handle' feature which can be useful as some old methods of startup can run processes so they are a subset of Explorer rather than a seperate process name in Task Manager > Processes tab. This is also a good way to find spyware DLL's.

      Anyway, as a technician, that's what I would do. Learning HijackThis and Process Explorer allow you to tune up a computer like you would a car.

    4. Re:Well... by sheddd · · Score: 3, Informative
      Instructions on how to do recipient filtering w/exchange:

      Here and here

      (btw filtering is off by default)

  2. You should be fine. by FrenZon · · Score: 4, Informative

    Most likely your email address is getting used as the return address and little more - the returned mail thing affects everyone to some degree. If you were being used as a spam zombie, you'd probably not notice any change in returned mails, as the zombies generally use someone else's address again as the return addy. I'm fairly sure the return addresses aren't always randomised, as on my domains I see a bucketload of spam all from the same email address, so whoever lives there must be getting a bucketful of bounces.

    Still, you really should get an antivirus solution to ease your worries. I use AVG from Grisoft, which is available in a free edition.

    Of course, the bounces are plain annoying - when I get ACTUAL bounces from mail I send, I often delete them based on subject line, not realising that the person I was trying to contact is none the wiser. Booo

  3. OMG by cL0h · · Score: 2, Informative

    You're running Windows 98 with no virus software. I'm surprised you can use the machine at all. I constantly get requests from people to clean up their Win98 machines. They are usually riddled with spyware, trojans and diallers. Don't bother with new antivirus. Get a new operating system.

    --
    cL0h
  4. maybe... by johnjones · · Score: 4, Informative

    ok if you run windows you need a virus checker

    are you a home user ?
    if so

    http://free.grisoft.com/freeweb.php/doc/2/

    and get avg for free
    Now you need a firewall

    http://www.free-firewall.org/

    then I would advice get rid of spyware with spybot
    donate something to the project if you like it...

    http://www.safer-networking.org/en/download/


    regards

    John Jones

  5. maybe not. by gl4ss · · Score: 3, Informative

    but if you're running a win98 without firewalling/serious tweaking.. ..you're probably owned or at least at risk. though in all fairness they're probably some other spammers who just happen to use your mail add as the sender.

    go with FREE solutions, they exist.

    http://www.free-av.com/ free virus scanning

    http://www.free-firewall.org/ some free firewalling

    --
    world was created 5 seconds before this post as it is.
  6. AVG AntiVirus by Green+Light · · Score: 3, Informative

    Here is the link to their free version This works well, and is completely free for personal use.

    --
    "Send an Instant Karma to me" - Yes
  7. AVAST by chadkiser · · Score: 4, Informative

    http://www.avast.com/eng/avast_4_home.html Home version is free

  8. Yes by noselasd · · Score: 2, Informative

    antivir seems to work ok,
    and is updated afaik.
    Spyware removal software is obligatory on windwos as well.

  9. Free virus software is out there. by ScepticOne · · Score: 2, Informative

    http://www.clamwin.net/ is an allegedly good antivirus program.

    Also, http://www.spybot.info/ has been alleged to be a good antispyware program.

  10. Most likely a 'Joe-Job'...Ask your ISP about SPF by rthille · · Score: 5, Informative

    Since the SMTP protocol doesn't have any authentication of the sender (except within an ISP/Domain with SMTP-AUTH), it's easy for a spammer/virus to send mail pretending to be you. That's called a 'joe-job' after one of the early occurrences of it.
    A recently proposed solution (though not without it's problems) is SPF (Sender Policy Framework) http://spf.pobox.com/ where a domain owner can publish the list of servers which are authorized to send mail as being from a user of their domain.
    Until it's widely deployed, not just on the publishing side, but on the checking side, it won't be real useful. However it's nearly trivial for the DNS owner to publish the records and since big ISPs like AOL and Yahoo are starting to check them it does protect you from being Joe-Jobbed to a large number of mailboxes.

    --
    Awesome furniture, accessories and cabinetry in Santa Rosa, CA: http://humanity-home.com/
  11. You are being irresponsible by Bob+Cat+-+NYMPHS · · Score: 2, Informative

    You are doing nothing to stop your PC from being abused because you can't find free as in beer software?

    Adaware SE Personal www.lavasoft.de
    Zone Alarm Firewall www.zonelabs.com
    F-Prot Antivirus www.f-prot.com

    All commercial products free for personal use.

    Now, install those and stop the spammers, please.
    Keep your definitions updated, okay?

    --
    The latest Slashdot meme.
  12. Not necessarily by renehollan · · Score: 3, Informative
    While running Win98 naked is about as wise as, well, running naked, this may not be the source of those bounce messages. IOW, by themselves they do not indicate that your box is a spam zombie.

    I get boatloads of these things, as well as spam (filtering is your friend) -- my email address is fairly public and in a lot of address books. I'm not about to abandon it as it's within a domain I lease.

    I run behind a fairly hardened firewall, and am moving towared a Linux iptables-based firewall/router/home server.

    What ticks me off is when such a message bounce indicates that the original message contained a virus. How dare someone accuse me of sending a virus just because their mail daemon received a spoofed From: header? They could at least check the route the mail took against that header to get an idea if it's bogus. But, often automatic smam/virus filters are pretty stupid and trust the From: address. Still, I wonder if someone, somewhere, "out there" is blacklisting me because someone else forged my identity. Sounds like a defamation suit if I could find the bastards.

    And that's the rub. Often when I've received such bounces, when the originator can be identified, they refuse to help in providing a copy of the original email, headers intact, that might permit tracking down the source: either a spammer, or a spam-zombie. I wonder if I could sucessfully file "theft of computer services" charges against such an organization: they're sending me unsolicited bounces, and furthermore, refusing to backup the allegation that they're bouncing messages from me. I wonder if the anti-spam legislation that's out there can be used as a club against those who send bounces to spoofed From: addresses and refuse to acknowledge or correct their mistake.

    --
    You could've hired me.
  13. Heh by itwerx · · Score: 1, Informative

    If you're running Windows 98 with no antivirus and you're posting a question like this on Ask Slashdot, then yes, you are a spam zombie...

    (Okay, mod me flamebait now, it was worth it! :)

  14. Basic PC Meds. All free. by slappyjack · · Score: 2, Informative

    I've found the following helpful for the no-budget set:

    Avast Home Edition Virus Scanner

    Spybot Search and Destroy

    HijackTHIS - Find out whats in your PC. (semi-advanced)
    The site for HiJackThis seems to be down for now. THere are a few other little nifty freebie aps in there, too. Heres a mirror download site

    AdAware - picks up a lot of crap in your PC

    (Anyone wanna offer up a few opinions on this stuff? You know you do.)

    Of course, the obligatory comment of "Use Mozilla, keep your shit patched, don't click every OK button you see" still applies.

    --
    s'wut i sed.
  15. dshield by j1m+5n0w · · Score: 2, Informative
    It's also a good idea to look you ip up on dshield. They aggregate firewall logs from many sources. If your IP is causing someone trouble, it is likely to show up there. Another similar service is mynetwatchman.

    -jim