I've been working on one computer that reported sending spam (and worse) emails to other email addresses in the community. The sender's address seems to be from that computer. However, this may or may not be the case. I'm working with a technical group, [url]http://www.bleepingcomputer.com[/url], to understand whether or not this one computer is the source of the emails. The diagnostics I've run have indicated some problems, though not necessarily "smoking gun" indicators that this computer is the source. I've worked at fixing the problem and I'm still working on it (as you might see from my entries-aninkling- on bleepingcomputer). My best guess right now is that this computer is NOT the source of the problem.
Here's how the mass mailer works. It infects someone's computer. It sets up its own email engine. In sophisticated "bots", it even communicates with its master, say in Russia. That master may be working on its own, or it may be an exchange organization that sells the use of the infected computer to other groups. These groups then "order" emails to be sent. This is done for a fee. The master sends orders to the infected computer. The computer generates a mass mailing based on the order. When the emails are being built, the emailer will pick an email address from the list it has constructed from either address books on the computer or by logging the keyboard, and send the emails with that address as the sender and the return address. Anybody that receives the email things it is from the email address that has been inserted.
In order to defeat this thing, we have to find the computer or computers with the bots. This means looking behind the scenes at the email messages- at the email source- where, hidden away, are IP addresses and, if it is a more destructive email, email addresses and urls hidden in the message. That will give some idea of what is going on, hopefully leading to the source.
No comments:
Post a Comment