[G4] Spammer attack / virus

[jj4 at sympatico.ca]

Yes,  I have seen all this before.  You are blacklisted because

1) Your ISP has been a victim of a spammer using an open relay within 
their system and the Whole Domain is blacklisted.
eg, My ISP gets blacklisted from time to time because someone has sent 
copious spam from their sympatico.ca server.  I phone them up and they 
fix it, but it take a week or so for them to solve the problem and 
contact the blacklist people and get their name cleared.
eg.  I have also had my own email used as the return path by a spammer 
- f in annoying, that.  I was getting bounce notices for email I never 
sent.

Advice:  Tell your ISP about the blacklist as it is really their 
problem, not yours.  Hang on and the ride will end in a while.  Or if 
you can change your email address easily then do so.  Generally once 
they abuse you for a bit they stop.  You may have comprimised your own 
address at some point or maybe they got it from a posting on the web or 
a confirmed spammer address list or about a million other places your 
address may exist.

2) Remember these acts are not attacks on your system, they are attacks 
on your ISPs systems - your address is just adversly affected 
temporarily.  Key word - temporarily!

3) Have you ever looked at your Router Log (on your router).  I have 
seen mine "under attack for 3-6 hours at a time every 3-5 seconds with 
someone trying to gain entry down port after port using my IP number.  
That is an attack on my personal computer.  But a router with NAT 
firewall repells all that - they are looking for a windows box with no 
router and a few open ports.  Not on my Mac nor with my Router will 
they find an open port.  The ports on a Mac are all closed unless you 
open them and your Router will not allow anything though without your 
computer requesting it.  And in OSX you must type the password to 
install a program.  Locked up tighter than a drum.

jj



On 19-Sep-05, at 2:23 PM, g4-request at listserver.themacintoshguy.com 
wrote:

>  Spammer attack / virus
>
>
> I have been getting increasing spam attacks since mid year.  As a 
> result of this
> problem I have now got a blacklisted IP for spam which I am not sending
> although it is possible it is my computer doing it without my 
> knowledge.
>
> I started getting mail that seemed to be from me but to numerous names 
> that
> are fictitious. Example stan at tonyjohansen.com, frank at tonyjohansen.com,
> stella at tonyjohansen.com etc.   At their peak I was getting about 6 a 
> day,
> but they have died down to just a few a week now but in their place 
> have
> come mails that appear to be from my ISP and with subjects like 
> 'Warning:
> Account About To Be Cancelled' They all have attachments which I don't 
> open
> and my ISP says they are not genuine.
>
> At first I thought it was an outside party, possibly someone who has 
> me in
> their address book, but now that I have discovered I have been 
> blacklisted
> for spam, I suspect it is in my computer. While I have no AV I do have 
> Macro
> Virus Protection enabled in MS Office. Additionally I use Hotmail, 
> Mail and
> Entourage. I have my 3 main email addresses separate, one on Hotmail, 
> one on
> Entourage, one on Mail. Hotmail seems not to be affected, but 2 
> separate
> email addresses, one from my ISP, the other from one of my websites and
> hosted away from the ISP with another company are equally affected 
> with each
> getting spoof mail from the server connected to that email address. 
> That is
> the mail that comes from my website email adress is on Mail only while 
> the
> email address from my ISP is on Entourage and that is where I get the 
> spoofs
> that claim to be from my ISP.
>
> Anyone any experience in what precisely I am looking for and how to 
> get rid
> of it? And protect my self in future?
>
> Tony.
> Mac OS 10.3.9  eMac   cable broadband