Ask HN: What is this email virus?
I just received yet another spam message -- from a friend. This is the third spam email I've gotten in the past month or so, and it shows that it circulates to the sender's contact list. I think I know what is happening. Some of my less technical friends/relatives have picked up a virus somehow which accesses their address book, but what is it? It sends just a link in the message like ----pills.com, and comes legitimately from them at their hotmail/gmail account. Solving the spam issue completely would be a great startup, I think.
7 comments
[ 3.5 ms ] story [ 27.3 ms ] threadSecond of all the only real way, that I can think of, to solve the spam problem (as spammers are perpetually one step ahead) would be a limited web of trust which isn't really a useful way to do email.
I received an email from my neighbor the other day with the title EMERGENCY. The email is below:
-----------------------
This had to come in a hurry and it has left me in a devastating state, it's an EMERGENCY. I'm in some terrible situation and I'm really going to need your help now. Few days ago, unannounced, I went on a trip to Glassglow, Scotland (United Kingdom) and unfortunately for me I got robbed by thieves, Everything I had on me were stolen, including my phone, credit card and cash and now I'm stranded right now.My return flight leaves in few hours time but I need some money to clear some bills, I didn't bring my cell phone along since I didn't get to roam them before coming over. So all I can do now is pay cash and get out of here quickly.
I do not want to make a scene of this that is why I did not call my house, this is embarrassing enough. I was wondering if you could loan me some cash, I'll refund it to you as soon as I arrive home just need to clear my hotel bills and get the next flight home, As soon as I get home I'll def refund it immediately.
Write me if you are willing to help so I can let you know how to get the money to me here.
Angela.
-----------------------
I thought that there was something wrong with it but as a matter of courtesy I was not going to contact her family - in the case it was a legitimate email. Instead I decided to walk my dog and go over to her house to check if she was indeed in Scotland. As it turned out she was oblivious to what had happened and yes she was in the US not in Scotland.
It appears that the spammers/crooks (whatever you want to call them) hijacked her email address, changed her security question, changed her secondary email address so that the password reminder is routed to them, wiped all the contact information after they sent the email above to everyone.
She also told me that a lot of people called her phone offering to give her money to help with the situation.
A similar email was received by my boss from one of our common acquaintances. Needless to say that she did not send that email either.
Is this the new "Nigerian" scam? I don't know, but it would not hurt to employ an aggressive password changing policy.
As for your last point - solving the spam startup - yeah it would be great if we could do that, or even easier it would be to convince every company that holds a mail server to not allow any email unless the domain has SPF records. This way spoofing will cease to exist (people impersonating email identities). Once spoofing is gone, spam mail server IPs can easily be blocked.
/0.02 USD
I'm thinking these people may have somehow embedded spyware on the victim's computers, and monitored their password that way. This is quite an advanced attack, and even bypasses SPF records, because I checked the email headers, and they legitimately had everything A-okay and authenticated, as if the person really sent it from their own account.
http://www.google.com/postini/threat_network.html