automated social engineering at it's best (maybe?)

[jjohnson at sunrise-linux.com (miah)]

If sophic.org is your domain, why aren't you publishing SPF and
checking it on incoming mail?  That would basically stop any incoming
mail claiming to be from you.

-miah


On Wed, Jul 28, 2004 at 02:07:26AM +0900, Derek Martin wrote:
> Dear Abby,
> 
> > Dear user blu at sophic.org,
> 
> What, an ISP can't figure out who's attached to one of their e-mail
> addresses and name them by name?  Should I be suspicious?
> 
> > Your account has been used to send a huge amount of spam during this
> > week. 
> 
> Really?  Fascinating...
> 
>     $ telnet localhost 25
>     Trying 127.0.0.1...
>     Connected to localhost.
>     Escape character is '^]'.
>     220 thoth.sophic.org ESMTP Sendmail 8.12.8/8.12.8; Tue, 27 Jul
>     2004 12:42:17 -0400
>     helo me
>     250 thoth.sophic.org Hello localhost [127.0.0.1], pleased to meet
>     you
>     mail from: invalid at pizzashack.org
>     250 2.1.0 invalid at pizzashack.org... Sender ok
>     rcpt to: blu at sophic.org
>     550 5.1.1 blu at sophic.org... User unknown
> 
> On second thought, I really don't think so.
> 
> > Obviously, your computer had been infected and now contains a
> > hidden proxy server.
> 
> Obviously, this e-mail is itself a virus.
> 
> > Please follow instruction in order to keep your computer safe.
> 
> Not likely.
> 
> > Best regards,
> > sophic.org technical support team.
> 
> Right.  Oh, wait; that would be me, and I didn't send this e-mail.
> 
> So, anyone have any good procmail recipies for this bogosity?  I'm still
> getting basically no spam, but what can you do when your friends don't
> know how to take care of their PCs?  I think I got about a hundred
> copies of this (or one of a few similar ones) in the last 3 days.
> Sigh...
> 
> There's one with a total message size of ~39-40k.  There's another
> with a message size of ~170k.  Recipies for these (or any other
> annoyance virus) will be appreciated.
> 
> NOTE:  The address mentioned in this e-mail is one which I used only
> to post to BLU, about 2 years ago or so (longer, I think actually).
> So (in this case, at least) this virus is probably coming to me by way
> of the infected PC of a (possibly former) BLU member.  
> 
> If you're cluless or lazy about keeping your PC in good health, you
> might want to save your freinds' inboxes and check out some of the
> links below...
> 
> All the security fixes that Microsoft has finally gotten around to
> fixing in their spare time (it must be the right link, it comes up
> completely blank in Mozilla):
> 
>   http://windowsupdate.microsoft.com/
> 
> Good free personal firewall software:
> 
>   http://www.zonelabs.com/
> 
> Good free (for personal use) Anti-virus software:
> 
>   http://www.free-av.com/
> 
> Thank you,
> Annoyed In SK
>   
> [There was meant to be some humor in this message, albeit sarcastic.
> If you didn't see it, try harder next time...  ;-)]
> 
> -- 
> Derek D. Martin    http://www.pizzashack.org/   GPG Key ID: 0xDFBEAD02
> -=-=-=-=-
> This message is posted from an invalid address.  Replying to it will result in
> undeliverable mail.  Sorry for the inconvenience.  Thank the spammers.
>