Ever get BOMBARDED with junk mail? *Read* (1 Viewer)

[Michael Allred]

Ok tonight I got slammed with junk mail, truly slammed, smacked around and slapped silly. It was like "Fantasia" except instead of walking brooms, it was a stream of e-mail.
Before anyone asks, no, my primary address is not nor has it ever been, posted anywhere on the net. Only a small group of friends even know it exists, I have NEVER gotten spam at my primary. I use a cheapie Yahoo account for internet biz.
Anyway, back to the onslaught on e-mail.
They weren't really "spam" as nothing was being avertised/sold. They were all basically variations of a couple of themes but all of them had an attachment of some kind (I couldn't open them anyway.) Somewhere in the text there were removal notices but unlike regular spam, there was no way to do so (yes, I know not to reply to removal instructions.)
The sender's address seemed to be from a personal account (unlike the [email protected]'s we've all seen) and in fact it was a .edu address. So I wrote to it.....it bounced back. Ok, fake addy afterall.
Then I noticed something. I was gonna forward it to a friend of mine when a new e-mail address showed up in the strange message. It was an AOL account. The actual text was "X-apparently originating from (withheld)@aol.com" so you guessed it, I wrote to them.
I got a response this time from a real person. They claimed not to have sent any of the messages. Ok, so why were they originating from his/her address then?
In the space of a half an hour, I got almost 50 e-mails then it trailed off to 2 every 10 minutes or so. Nothing has arrived in oh, the last hour (knock on wood) or so. A friend of mine said something similar happened to him. He got 100+ in 1 day all from the same bogus address. He said it was probably computer automated and it stopped after 24 hours.
So has anyone else ever experienced this? It was driving me BONKERS, lemme tell ya (and no, I cannot block e-mails at my primary address I'm sad to say.)
Let's hope I've seen the last of this kind of activity.

 

[Cam S]

hmm, sounds like someone maybe played a prank on you, or it could be some form of a new virus, who knows. I've done the same sort of thing to a few of my friends, and it isn't hard at all.

 

[Wayne Bundrick]

The e-mails might have been sent by a worm/virus. Somebody who knows your e-mail address may have contracted the virus and it sent itself to everybody he/she knows. It's especially suspicious because all of the messages had attachments and the messages were variations on a couple of themes.

Better make sure your antivirus software is up to date and advise your friends to do the same.

 

[Kevin P]

What were some of the attachment names? Did they end in .exe, .vbs, .bat, .com .pif, or .lnk? If they do, someone with your address on their computer got infected with a virus and it's sending itself out to you (and others, I'm sure).

The X-Apparently-From header, or Return-Path header will often reveal the actual sender, even if the virus spoofs the From: address.

Also, what were some of the subject lines? With this info I can confirm what virus or worm you got.

KJP

 

[Keith Mickunas]

Isn't this the Klez worm, or something like that? Somehow your e-mail address ended up on this person's pc, either from an e-mail that was passed onto them, or in the cache from some website where your address was posted. The worm searches through and finds e-mail addresses, forges the from address, and grabs a random file as an attachment. Its strange that its sending you so much, but what you describe sounds like a variant of this worm. Klez (or whatever it was called) was big news a few months back.

 

[Michael Allred]

What were some of the attachment names? Did they end in .exe, .vbs, .bat, .com .pif, or .lnk?

Yup, those and others like x-midi, x-wav, etc.

When I woke up today, there were only 2 such e-mails so maybe they are dying off.

 

[Kevin P]

It was probably the Klez worm, or maybe BugBear. If you post some of the subject lines I can confirm for you.

KJP

 

[Vince Maskeeper]

It is absolutely a worm. Some actually pull emails from a central document (rather than pulling from the users address book which was the standard for years)-- and it spreads itself by emailing itself from the infected machine to the people on the list.

It's likely your email got into a list and so a couple dozen different computers all started trying to send the worm to you.

You said you were unable to open the attachments? Does this mean you tried to launch the files and nothing happened? If so, it's very likely you are now infected as well, and possibly your computer is now being used to bombard other people with viruses.

I'm always surprised when I see a posting or a question like this-- since Worms are now pretty old and so most people have seen/heard/encountered the concept by now.

-Vince

 

[Michael Allred]

Well I got a few more tonight, here's the text of it;

shakeit.scr (octet-stream attachment)

The howard.kent address is bogus (as previously stated.)

 

[Kevin P]

Michael, I found some information on the email you received. They are one of the Yaha worms. I have to say I've never seen Yaha in the wild before, but it must be out there if you're receiving them.
Click here for information from Symantec on Yaha.E, one of the more common variants.
If you launched the attachment, go here to download a removal tool from Symantec. Then install Norton Antivirus, or another good anti-virus tool, UPDATE IT TO THE LATEST DEFINITIONS, and then scan your system.
If you have any other questions, feel free to post.
KJP

 

[Michael Allred]

Well I forwarded 1 of these messges to my Yahoo address and used their virus software to check out the attachments. No virus was detected.

Anyway there seems to be a pattern now. I get 2 in the morning, 2 in the afternoon and 2 at night.

 

[Kevin P]

Are you running an anti-virus program? It's possible that it eliminated the worm from the message before you forwarded it to your Yahoo account. When in Yahoo, scan any attachment that ends in .exe, .bat, .pif, .com .lnk or .scr.

KJP