Linking spam/attacks from and to addresses

Over the past few days I've had, not quite a deluge but scores of emails
with binaries, coming from all over the place as one would expect,
with different subjects. But they are all sent to my main email address,
alan @ clifford.ac from a very illustrious address, postel @ isi.edu.
Have I been picked out to be honoured in this way or do you all get them?

I haven't seen this before - is this a trend? Flooding a recipient with
emails with a from address that one might be expected to trust? In this
case, it hasn't really worked but I can think of a couple of rather
tenuous links between the two addresses that might have let a computerised
attack program to link them.

--
Alan

( If replying by mail, please note that all "sardines" are canned.
There is also a password autoresponder but, unless this a very
old message, a "tuna" will swim right through. )

Re: Linking spam/attacks from and to addresses

This is a MIME GnuPG-signed message. If you see this text, it means that
your E-mail or Usenet software does not support MIME signed messages.
The Internet standard for MIME PGP messages, RFC 2015, was published in 1996.
To open this message correctly you will need to install E-mail or Usenet
software that supports modern Internet standards.

--=_mimegpg-commodore.email-scan.com-13013-1138405996-0007
Content-Type: text/plain; format=flowed; charset="UTF-8"
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
X-Mime-Autoconverted: from 8bit to quoted-printable by mimegpg

Alan Clifford writes:

>=20
> Over the past few days I've had, not quite a deluge but scores of email=
s=20
> with binaries, coming from all over the place as one would expect,=20
> with different subjects. But they are all sent to my main email addres=
s,=20
> alan @ clifford.ac from a very illustrious address, postel @ isi.edu.=20
> Have I been picked out to be honoured in this way or do you all get the=
m?

Just you.

> I haven't seen this before - is this a trend? Flooding a recipient wit=
h=20
> emails with a from address that one might be expected to trust? In thi=
s=20
> case, it hasn't really worked but I can think of a couple of rather=20
> tenuous links between the two addresses that might have let a computeri=
sed=20
> attack program to link them.

This is probably another flavor of Microsoft ActiveVirusâ„=A2 making =
the rounds,=20
which mails itself to the addresses pulled from the clueless boobs' addre=
ss=20
book, using another entry from the address book as the return address.



--=_mimegpg-commodore.email-scan.com-13013-1138405996-0007
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.7 (GNU/Linux)

iD8DBQBD2rJsx9p3GYHlUOIRAvd2AJ0cjN8XoshOXek1odpTvdxWPjhl/QCd HTiJ
luOp7X3eJ/10g43PGRA/LKQ=
ßSO
-----END PGP SIGNATURE-----

--=_mimegpg-commodore.email-scan.com-13013-1138405996-0007--

Re: Linking spam/attacks from and to addresses

On Fri, 27 Jan 2006, Alan Clifford wrote:
> I haven't seen this before - is this a trend? Flooding a recipient with
> emails with a from address that one might be expected to trust?

It's been going on for years. I've received numerous emails allegedly
from Jon and other individuals who died years ago.

I've also received numerous bounces from emails that were allegedly sent
by me at addresses that I haven't used in nearly 20 years (but there was
still a forwarding at that address...note the past tense...).

This ghoulish form of identity theft comes from harvesting email addresses
from RFCs and old mailing list archives. The whole purpose is to get spam
through to people who trust by From or Return-Path address. If an address
is in an RFC, it's being misused by the bad guys.

-- Mark --

http://staff.washington.edu/mrc
Science does not emerge from voting, party politics, or public debate.
Si vis pacem, para bellum.