Slashdot Mirror
Am I a Spam Zombie?
ReallyCurious asks: "Recently, I've noticed a lot of junk email in my inbox reporting 'Mail delivery failure' or 'Undeliverable'. Some of these had documents attached, so I figured this was just a worm variant. But these messages keep coming. I worry that my machine has been turned into a 'Spam Zombie'. I don't see any suspicious processes running, but maybe it only runs for a few seconds, and at irregular times. I run a Windows 98 laptop, sometimes wirelessly connected to broadband (a few hours a day, on average), but I had to remove my virus software years ago because it was locking my system up, so I'm wide open. I've tried to be a good citizen and have been shopping for new virus software, but prices are running $40-$70, and most of these are just for upgrades (not even counting the mandatory 'subscriptions')! Is there an open or free virus fighting solution that's reliable and available for Windows? I'd be happy to run it ASAP."
It may not be your system spewing out spam, but simply someone spoofing your domain.. happens to me every once in a while
The bounces you're getting are from other spam using you as the From address. Spam sent from your machine would have random addresses not necessarily your own. But you might still have a trojan running that could be used to send spam so you should check.
What makes you think you're going to get delivery failures for outgoing spam? If you're a spam zombie, I doubt it is going out with your email in the from: field.
Why not run a free firewall and watch for any alerts that something is trying to connect to the internet? Zonealarm will do fine.
If you're a bit more techie you can use winpcap or similar to capture the traffic.
There's no excuse to be wide open. You'll soon do something about it when your ISP wakes up to the problem and cuts you off. I appreciate how people can get caught inadvertantly by malware (I was hosting a trojan for a few hours last week inbetween upgrades) but I don't appreciate you leaving it this long, then asking slashdot when it's plainly obvious what you need to do.
Cheers.
I've been having the same, and I know for a fact I'm not infected. This is just another worm.
It will happen.
Most likely your email address is getting used as the return address and little more - the returned mail thing affects everyone to some degree. If you were being used as a spam zombie, you'd probably not notice any change in returned mails, as the zombies generally use someone else's address again as the return addy. I'm fairly sure the return addresses aren't always randomised, as on my domains I see a bucketload of spam all from the same email address, so whoever lives there must be getting a bucketful of bounces.
Still, you really should get an antivirus solution to ease your worries. I use AVG from Grisoft, which is available in a free edition.
Of course, the bounces are plain annoying - when I get ACTUAL bounces from mail I send, I often delete them based on subject line, not realising that the person I was trying to contact is none the wiser. Booo
The poster sounds like a good candidate for MJR's ultimately secure firewall.
Try Zonealarm?
You're running Windows 98 with no virus software. I'm surprised you can use the machine at all. I constantly get requests from people to clean up their Win98 machines. They are usually riddled with spyware, trojans and diallers. Don't bother with new antivirus. Get a new operating system.
cL0h
ok if you run windows you need a virus checker
are you a home user ?
if so
http://free.grisoft.com/freeweb.php/doc/2/
and get avg for free
Now you need a firewall
http://www.free-firewall.org/
then I would advice get rid of spyware with spybot
donate something to the project if you like it...
http://www.safer-networking.org/en/download/
regards
John Jones
but if you're running a win98 without firewalling/serious tweaking.. ..you're probably owned or at least at risk. though in all fairness they're probably some other spammers who just happen to use your mail add as the sender.
go with FREE solutions, they exist.
http://www.free-av.com/ free virus scanning
http://www.free-firewall.org/ some free firewalling
world was created 5 seconds before this post as it is.
Here is the link to their free version This works well, and is completely free for personal use.
"Send an Instant Karma to me" - Yes
http://www.avast.com/eng/avast_4_home.html Home version is free
We get bounces to the support address at the company I work at all the time. Someone has decided to use our support address as the 'from:' address in their crappy spam. Anytime they send it to a non-existant address, we get the bounce. Our system is updated and locked down, so they aren't coming from us, but YMMV.
Either way, I'd suggest running that address through a spam block of some kind to filter out the crud or just give it up entirely if you can.
Even people that believe in pre-destiny look both ways before crossing the street.
antivir seems to work ok,
and is updated afaik.
Spyware removal software is obligatory on windwos as well.
We should never insult folks for asking "stupid" questions, but rather admire the courage it took to ask.
"To confine our attention to terrestrial matters would be to limit the human spirit." -Stephen Hawking
OK. I'm a dual booting guy. Obviously my linux, which I use mostly, has no problems. However, my windows install also has no problems. I only got a virus once ever because after a clean XP install a worm got to me before I got to windowsupdate.
The point is that you do NOT need anti-virus software. Anti-virus anti-spyware software should be used only to cleanup already busted systems. Your system cannot be infected if you take proper care to prevent it. Even if you are running windows on a cable modem all day.
1) NEVER download an e-mail attachment.
2) Use Firefox instead of IE.
3) Use Thunderbird instead of Outlook
4) Do NOT visit untrustworthy websites
5) Do NOT download any software from the internet and install it. Even if it looks trusty from tucows or download.com do a google search to see if it it spyware first.
6) Have a firewall like zone alarm or sygate, or better have another computer between you and the net with a firewall on it. Or have a hardware firewall. Proper network level security keeps the worms out almost guaranteed.
7) If you have wireless lock it down. You don't want a drive by person to start sending spam out your pipe.
8) DO get all the windows updates that are security fixes. The ones that aren't security fixes you can choose to get or not get at your own discretion.
If you do those things then there is almost no way you can get hit. It's really that simple. And if you DO get hit, its usually easier to re-install due to the degrading nature of windows. Any windows install, even a clean one, falls apart over time. The registry fills with more and more junk. Improperly uninstalled apps leave files behind here and there. Hidden variables change and are not changed back. Even the cleanest installs seem to last at most 18 to 24 months except in very controlled business environments.
Dont pay for anti-virus software, its a ripoff. Just re-install and then take proper preventative measures so it doesn't happen again.
The GeekNights podcast is going strong. Listen!
http://www.clamwin.net/ is an allegedly good antivirus program.
Also, http://www.spybot.info/ has been alleged to be a good antispyware program.
Since the SMTP protocol doesn't have any authentication of the sender (except within an ISP/Domain with SMTP-AUTH), it's easy for a spammer/virus to send mail pretending to be you. That's called a 'joe-job' after one of the early occurrences of it.
A recently proposed solution (though not without it's problems) is SPF (Sender Policy Framework) http://spf.pobox.com/ where a domain owner can publish the list of servers which are authorized to send mail as being from a user of their domain.
Until it's widely deployed, not just on the publishing side, but on the checking side, it won't be real useful. However it's nearly trivial for the DNS owner to publish the records and since big ISPs like AOL and Yahoo are starting to check them it does protect you from being Joe-Jobbed to a large number of mailboxes.
Awesome furniture, accessories and cabinetry in Santa Rosa, CA: http://humanity-home.com/
Bah. Im suprised no one has mentioned housecall yet:
http://housecall.antivirus.com
Housecall is a web-based virus scanner that, since it is loaded anew every time, always has the latest virus definitions. Since it installs nothing but temporary cache files, you dont have to worry about it slowing down your machine.
Because of the nature of the application it can't always clean the offending virii/malware, but it will at least alert you to their presence and give you their names so that you can manually remove them. When combined with stinger, spybot and google it's an excellent choice for on-site calls to machines without AV or for your old boxen that just cant afford the extra cycles for full-time AV bloat.
If you prefer to do the offline thing, try the Knoppix anti-virus distribution (weak link I know). Once again it isn't a permanently installed application and since the OS isn't running it can slap down bugs before they're loaded into memory.
Cheers!
Except for the part about degradation of the registry. Look, I've got systems that are running Win 98SE and even 2 still running Win 95.
One of the Win 95 machines has been running for 7 YEARS without having to reload the OS. I have swapped hardware in and out, and changed drivers. The last time the OS was changed was when I put the 6 Gig drive in (1997) and I needed to upgrade from Win 95 ver B to ver C (B didn't support drives that big).
One of the Win 98 machines is now 4 years old, with no reloads, the other is only about 18 months old.
I run them all now on a router with a hardware firewall. The 95 machine is hardwired, the 98's are Wi-fi. Cable modem coming out the other end. There is NO anti-virus software installed, though adaware still runs on them every so often. I did install all the patches from MS.
Oh, and one more item of security for your Wi-fi system. Put passwords on your disk drives. You can teach all the other machines in your network to remember the passwords, but joe drive by can not access the drives if he breaks thru the first layer of security. Like anything else, he will go somewhere else where it is easier to get thru.
You are doing nothing to stop your PC from being abused because you can't find free as in beer software?
Adaware SE Personal www.lavasoft.de
Zone Alarm Firewall www.zonelabs.com
F-Prot Antivirus www.f-prot.com
All commercial products free for personal use.
Now, install those and stop the spammers, please.
Keep your definitions updated, okay?
The latest Slashdot meme.
I run a Windows 98 laptop, sometimes wirelessly connected to broadband (a few hours a day, on average), but I had to remove my virus software years ago because it was locking my system up, so I'm wide open. I've tried to be a good citizen and have been shopping for new virus software, but prices are running $40-$70, and most of these are just for upgrades (not even counting the mandatory 'subscriptions')!
If you have a Windows 98 machine with no anti-virus software, then stay off of the Internet. Period. You have no right to endanger and inconvenience others just because you're too cheap/poor to buy anti-virus software and too computer-illiterate to type "free antivirus software" into Google (hint).
It reminds me of someone with 20/200 vision operating a car without glasses because glasses cost too much. "Oops! Sorry about your poodle! Didn't mean to run over your kid; sorry. Uh oh, hit another parked car."
I get boatloads of these things, as well as spam (filtering is your friend) -- my email address is fairly public and in a lot of address books. I'm not about to abandon it as it's within a domain I lease.
I run behind a fairly hardened firewall, and am moving towared a Linux iptables-based firewall/router/home server.
What ticks me off is when such a message bounce indicates that the original message contained a virus. How dare someone accuse me of sending a virus just because their mail daemon received a spoofed From: header? They could at least check the route the mail took against that header to get an idea if it's bogus. But, often automatic smam/virus filters are pretty stupid and trust the From: address. Still, I wonder if someone, somewhere, "out there" is blacklisting me because someone else forged my identity. Sounds like a defamation suit if I could find the bastards.
And that's the rub. Often when I've received such bounces, when the originator can be identified, they refuse to help in providing a copy of the original email, headers intact, that might permit tracking down the source: either a spammer, or a spam-zombie. I wonder if I could sucessfully file "theft of computer services" charges against such an organization: they're sending me unsolicited bounces, and furthermore, refusing to backup the allegation that they're bouncing messages from me. I wonder if the anti-spam legislation that's out there can be used as a club against those who send bounces to spoofed From: addresses and refuse to acknowledge or correct their mistake.
You could've hired me.
Dude, Given my current valid/invalid ratio is below .01 already, any mail bombs will just be bouncing the rubble.
This is not my sandwich.
I've found the following helpful for the no-budget set:
Avast Home Edition Virus Scanner
Spybot Search and Destroy
HijackTHIS - Find out whats in your PC. (semi-advanced)
The site for HiJackThis seems to be down for now. THere are a few other little nifty freebie aps in there, too. Heres a mirror download site
AdAware - picks up a lot of crap in your PC
(Anyone wanna offer up a few opinions on this stuff? You know you do.)
Of course, the obligatory comment of "Use Mozilla, keep your shit patched, don't click every OK button you see" still applies.
s'wut i sed.
-jim