Slashdot Mirror

← Back to Stories (view on slashdot.org)

Am I a Spam Zombie?

Posted by Cliff on from the how-can-you-know-for-sure dept.

ReallyCurious asks: "Recently, I've noticed a lot of junk email in my inbox reporting 'Mail delivery failure' or 'Undeliverable'. Some of these had documents attached, so I figured this was just a worm variant. But these messages keep coming. I worry that my machine has been turned into a 'Spam Zombie'. I don't see any suspicious processes running, but maybe it only runs for a few seconds, and at irregular times. I run a Windows 98 laptop, sometimes wirelessly connected to broadband (a few hours a day, on average), but I had to remove my virus software years ago because it was locking my system up, so I'm wide open. I've tried to be a good citizen and have been shopping for new virus software, but prices are running $40-$70, and most of these are just for upgrades (not even counting the mandatory 'subscriptions')! Is there an open or free virus fighting solution that's reliable and available for Windows? I'd be happy to run it ASAP."

16 of 160 comments (clear)

  1. Well... by hookedup · · Score: 4, Informative

    It may not be your system spewing out spam, but simply someone spoofing your domain.. happens to me every once in a while

    1. Re:Well... by walt-sjc · · Score: 3, Insightful

      Exactly. Email worms and spammers frequently forge the sender. The problem is clueless mail adminitrators that configure their mail relays to accept mail to anyone (even unknown users) and then generate a bounce message when it can't be delivered (user unknown...) All scanning (spam and AV) and user verification really needs to be performed at initial SMTP reception and not after the fact.

      Unfortunately, older versions of Exchange are stupid in this respect, and accept pretty much anything. I believe you even have to specifically configure the newer versions of exchange too to behave correctly (someone correct me if I'm wrong here... I no longer use exchange, just read about how 2003 works...)

      IMHO, if you are running an older version of exchange without a good Unix relay in front of it that can do all this validation and scanning for you, you are a big part of the problem.

    2. Re:Well... by sheddd · · Score: 3, Informative
      Instructions on how to do recipient filtering w/exchange:

      Here and here

      (btw filtering is off by default)

  2. No by sa3 · · Score: 4, Insightful

    The bounces you're getting are from other spam using you as the From address. Spam sent from your machine would have random addresses not necessarily your own. But you might still have a trojan running that could be used to send spam so you should check.

  3. Why? by Anonymous Coward · · Score: 3, Insightful

    What makes you think you're going to get delivery failures for outgoing spam? If you're a spam zombie, I doubt it is going out with your email in the from: field.

  4. You should be fine. by FrenZon · · Score: 4, Informative

    Most likely your email address is getting used as the return address and little more - the returned mail thing affects everyone to some degree. If you were being used as a spam zombie, you'd probably not notice any change in returned mails, as the zombies generally use someone else's address again as the return addy. I'm fairly sure the return addresses aren't always randomised, as on my domains I see a bucketload of spam all from the same email address, so whoever lives there must be getting a bucketful of bounces.

    Still, you really should get an antivirus solution to ease your worries. I use AVG from Grisoft, which is available in a free edition.

    Of course, the bounces are plain annoying - when I get ACTUAL bounces from mail I send, I often delete them based on subject line, not realising that the person I was trying to contact is none the wiser. Booo

  5. ultimate firewall by cuiousyellow · · Score: 3, Funny

    The poster sounds like a good candidate for MJR's ultimately secure firewall.

    Try Zonealarm?

  6. maybe... by johnjones · · Score: 4, Informative

    ok if you run windows you need a virus checker

    are you a home user ?
    if so

    http://free.grisoft.com/freeweb.php/doc/2/

    and get avg for free
    Now you need a firewall

    http://www.free-firewall.org/

    then I would advice get rid of spyware with spybot
    donate something to the project if you like it...

    http://www.safer-networking.org/en/download/


    regards

    John Jones

  7. maybe not. by gl4ss · · Score: 3, Informative

    but if you're running a win98 without firewalling/serious tweaking.. ..you're probably owned or at least at risk. though in all fairness they're probably some other spammers who just happen to use your mail add as the sender.

    go with FREE solutions, they exist.

    http://www.free-av.com/ free virus scanning

    http://www.free-firewall.org/ some free firewalling

    --
    world was created 5 seconds before this post as it is.
  8. AVG AntiVirus by Green+Light · · Score: 3, Informative

    Here is the link to their free version This works well, and is completely free for personal use.

    --
    "Send an Instant Karma to me" - Yes
  9. AVAST by chadkiser · · Score: 4, Informative

    http://www.avast.com/eng/avast_4_home.html Home version is free

  10. Re:Another stupid ask slashdot by feidaykin · · Score: 5, Insightful
    Elitist attitudes like this are always amusing to me... Requests for this guy to search google don't answer his question... He wants to know what we, a group of tech savvy folk, recommend. It's harder for google to answer that directly than a simple ask slashdot. To all the moaners out there, stop reading Ask Slashdot or just stop reading the site alltogether. Questions like these are how people learn, and serve as starting point for disscusion here.

    We should never insult folks for asking "stupid" questions, but rather admire the courage it took to ask.

    --

    "To confine our attention to terrestrial matters would be to limit the human spirit." -Stephen Hawking

  11. I don't get it.... by Apreche · · Score: 5, Insightful

    OK. I'm a dual booting guy. Obviously my linux, which I use mostly, has no problems. However, my windows install also has no problems. I only got a virus once ever because after a clean XP install a worm got to me before I got to windowsupdate.

    The point is that you do NOT need anti-virus software. Anti-virus anti-spyware software should be used only to cleanup already busted systems. Your system cannot be infected if you take proper care to prevent it. Even if you are running windows on a cable modem all day.

    1) NEVER download an e-mail attachment.
    2) Use Firefox instead of IE.
    3) Use Thunderbird instead of Outlook
    4) Do NOT visit untrustworthy websites
    5) Do NOT download any software from the internet and install it. Even if it looks trusty from tucows or download.com do a google search to see if it it spyware first.
    6) Have a firewall like zone alarm or sygate, or better have another computer between you and the net with a firewall on it. Or have a hardware firewall. Proper network level security keeps the worms out almost guaranteed.
    7) If you have wireless lock it down. You don't want a drive by person to start sending spam out your pipe.
    8) DO get all the windows updates that are security fixes. The ones that aren't security fixes you can choose to get or not get at your own discretion.

    If you do those things then there is almost no way you can get hit. It's really that simple. And if you DO get hit, its usually easier to re-install due to the degrading nature of windows. Any windows install, even a clean one, falls apart over time. The registry fills with more and more junk. Improperly uninstalled apps leave files behind here and there. Hidden variables change and are not changed back. Even the cleanest installs seem to last at most 18 to 24 months except in very controlled business environments.

    Dont pay for anti-virus software, its a ripoff. Just re-install and then take proper preventative measures so it doesn't happen again.

    --
    The GeekNights podcast is going strong. Listen!
    1. Re:I don't get it.... by R2.0 · · Score: 5, Insightful

      "Microsoft have released three (3!) major desktop operating system revisions since then"

      Windows ME: Oh, it was major, alright - a major failure. The "Upgrade" path at the time was to revert Back to 98SE.

      Windows 2000: Remember, this was marketed as "not for home use". That was what ME was for. 2000 wouldn't support many legacy apps.

      So there has really only been 1 major desktop OS revision that is relevant, and given XP's poor rep, there are plenty of reasons not to upgrade.

      Also, the comparison between then and now isn't valid. A large number of the exploits now target services in 2000 & XP that 98 doesn't have.

      98 certainly isn't state of the art, but I don't know that I'd call 2000 or XP that either. Your most compelling argument seems to be "98 is OLD!!"

      BFD.

      --
      "As God is my witness, I thought turkeys could fly." A. Carlson
  12. Most likely a 'Joe-Job'...Ask your ISP about SPF by rthille · · Score: 5, Informative

    Since the SMTP protocol doesn't have any authentication of the sender (except within an ISP/Domain with SMTP-AUTH), it's easy for a spammer/virus to send mail pretending to be you. That's called a 'joe-job' after one of the early occurrences of it.
    A recently proposed solution (though not without it's problems) is SPF (Sender Policy Framework) http://spf.pobox.com/ where a domain owner can publish the list of servers which are authorized to send mail as being from a user of their domain.
    Until it's widely deployed, not just on the publishing side, but on the checking side, it won't be real useful. However it's nearly trivial for the DNS owner to publish the records and since big ISPs like AOL and Yahoo are starting to check them it does protect you from being Joe-Jobbed to a large number of mailboxes.

    --
    Awesome furniture, accessories and cabinetry in Santa Rosa, CA: http://humanity-home.com/
  13. Not necessarily by renehollan · · Score: 3, Informative
    While running Win98 naked is about as wise as, well, running naked, this may not be the source of those bounce messages. IOW, by themselves they do not indicate that your box is a spam zombie.

    I get boatloads of these things, as well as spam (filtering is your friend) -- my email address is fairly public and in a lot of address books. I'm not about to abandon it as it's within a domain I lease.

    I run behind a fairly hardened firewall, and am moving towared a Linux iptables-based firewall/router/home server.

    What ticks me off is when such a message bounce indicates that the original message contained a virus. How dare someone accuse me of sending a virus just because their mail daemon received a spoofed From: header? They could at least check the route the mail took against that header to get an idea if it's bogus. But, often automatic smam/virus filters are pretty stupid and trust the From: address. Still, I wonder if someone, somewhere, "out there" is blacklisting me because someone else forged my identity. Sounds like a defamation suit if I could find the bastards.

    And that's the rub. Often when I've received such bounces, when the originator can be identified, they refuse to help in providing a copy of the original email, headers intact, that might permit tracking down the source: either a spammer, or a spam-zombie. I wonder if I could sucessfully file "theft of computer services" charges against such an organization: they're sending me unsolicited bounces, and furthermore, refusing to backup the allegation that they're bouncing messages from me. I wonder if the anti-spam legislation that's out there can be used as a club against those who send bounces to spoofed From: addresses and refuse to acknowledge or correct their mistake.

    --
    You could've hired me.