Slash Boxes
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

ethan (3163)

  reversethis-{ed. ... rap.nov.olissat}

Being a 25-year old chap living in the western-most town of Germany. Stuying communication and information science and being a huge fan of XS-related things.

Journal of ethan (3163)

Saturday March 06, 2004
04:14 AM

Worms and spammers

[ #17779 ]

I just received a mail in which I was thanked for my interest in staying in Bombay and requesting the accompaniment of some Indish girls (read: prostitutes), along with a list of the rates per hour etc.

Attached to it was the original message that was sent in my name. Needless to say, this was one of the many worm mails.

What intriguises me is this: Spammers are always looking for verified email addresses. Often an address is verified once an email is received by the spammer. Nowadays however, receiving a mail is no longer an indication for anything as they are sent out randomly from one point to the other. Maybe this has some bearing on the value of verified email address databases that can be bought in order to spam more effectively. With all those worms, many bogus addresses (obsolete and non-existing ones) will end up in such databases. This clearly decreases their value to spammers.

Oh, how I hope that this is so!

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
More | Login | Reply
Loading... please wait.
  • With all those worms, many bogus addresses (obsolete and non-existing ones) will end up in such databases.

    Don't most of these worms harvest addresses from the user's address book? I can see some being obsolete, but I know very few people that actually put non-existing addresses in there. And, most people try to keep their data up-to-date... with varying degrees of success. But, in general, they do try.

    It seems to me that would increase the chance of getting a valid address... compared to other methods.
    • They don't only scan address books. Some also look at the browser's cache files (for instance).

      Another good measure of the increasing use of bogus address is the count of bounces one receives nowadays because a mail was sent in one's name to a no longer existing email address. I assume that these addresses are also used as forged from-addresses.
      • And nowadays some of the worms are grabbing message IDs and thinking they're addresses. I know they've have been trying to deliver mail to addresses like 20040304003305.51802.qmail@[one of our domains]. Even worse, they're sometimes chopping off bits from the front of valid addresses and from message IDs, so they're using all kinds of invalid fragments. And MyDoom makes up addresses for domains it finds by adding common first names (joe, mary, adam, and many more) as users.