Slash Boxes
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
More | Login | Reply
Loading... please wait.
  • I got it once, and then cmd-J'd it in Eudora, so it is now filtered automatically ... lemme see ... yeah, I got it the first time, and then once more.
  • Seen it twice so far. Definitely odd -- no sign of an attachment or anything, so if it's a real virus or worm, someone's got a really pathetically put-together mail client out there...
    • I bet anything that this is a spam harvester. Is it HTML mail? If it is, look for an image embedded in it, or any offsite href. Those hrefs are typically generated uniquely for every recipient and if you open or preview the email in a browser-like viewer, then the remote site knows which email addresses they are hitting are live.

      Even if it's not HTML mail, I think it's written to attempt to illicit a response from you and if you do, bang, they've got a "verified" email for their spam databases.

      • The ones I got didn't show these characteristics either. No HTML, no web bugs, no multipart, no nothing. The received headers even looked unforged -- if it was a forgery it was a darned good one, better than any of the spammers I've seen so far.
        • Huh.

          Could still be trying to get you to respond to harvest your address.

          I wonder if someone modified one of the worms to generate this as a joke.... Kinda funny, actually.

  • Yes, I got it once. No attachments. No HTML body. No obvious point.
  • So those are the little things that slow you down in your efforts to release and maintain 5.8.1. :-)

    I am not sure whether I got it. I no longer look too closely into my spam-inbox. And the times when I actually read some of the spam (for having a good laugh) have long passed.
    • Well, this "duck" dodged my spam filters, and I was kind of curious of what's up with that, since as people noted, there was no viral payload or address-harvesting links in it...

      I spent much of Friday and Saturday retuning my spam filters for the "you have a virus" bounce storm of SoBig.F (still going at the rate of 400-600/day for me...)
      • > still going at the rate of 400-600/day

        Ummm. I don't know where I got that number from. About 200/hour is the right ballpark, so about 2400/day.
        • Argh, it seems that I have completely lost my arithmetics these days. Those who were paying attention noticed that there was no sense in my calculation since there are in fact 24 hours a day, not 12... let's try once again: it looks like I get 1600-2400 spam/virus/bounce messages a day. In the beginning of August I "only" got 200-400 a day.

      • That must be a real plague (I now heard it from you, from Nick Clark...from many people). I only get about two or so bounces each week.

        I guess my email addresses just don't show up often enough in public (although I took no measures at all to protect them). Maybe my university already filters them out.

        Gosh, only thinking about it makes me sick...I wonder whether my machine could deal with it at all.
  • I think this is a sobig side-effect. There's an autoresponder on -- send it mail and it sends you a message from a duck. (No, I don't know why. But, then, I can't think of a reason why not either) I bet there's someone out there with both your e-mail address and that one (it's on, so it's probably in someone's cache) as well as our pal sobig. Mail forged as from you goes to the autoresponder, and you get messages from ducks.

    Could be worse--"I e