[Virtualacorn-list] Unexpected message on this mail list...

Vince M Hudd vince at softrock.co.uk
Wed Nov 4 16:27:13 GMT 2009 

Jeremy Nicoll - virtualacorn <jn.ml.vac.83 at wingsandbeaks.org.uk> wrote:
> Vince M Hudd <vince at softrock.co.uk> wrote:
  
> > TBH, I'd be inclined to not change just yet - as soon as you post with
> > the new address you'll be opening it up. It's probably better to wait
> > until the infected machine is cleared ...

> Good point. 

Perhaps a better approach would be to only allow posts to that address if
they are from the list or one of the list admin addresses? Although that
would then rule out anyone replying to you at that address off-list, so
maybe not. :/

> > Or should I suspend him anyway, even though it's only a *suspicion*
> > (albeit strong) that he has malware on his machine sending out spam?
 
> Don't know...  Presumably the likelihood of that depends a bit on what
> email client this person uses

He's now replied to me, and doubts it's his machine, but has said he'll
check. As for the email client, he's using MPro for Windows.

As I think I said, the relaying server IP address in one of yours and the
one I received could just be a coincidence (it's clearly an open/b0rken
server, which spammers make use of in general, or one which is spam
friendly), and that mine came through (as a moderation request) as a post to
a mailing list due to that address being harvested from the website (though
why just that one defeats me) - so the person I've matched to both could be
entirely innocent. (In which case, identifying the real owner of the
infected machine will be impossible).

The only thing we *can* be sure of is that the one you received must surely
be from someone on this list if you've definitely not used that address
elsewhere (and having known you online for a number of years now, I'm
inclined to believe you are very thorough about that sort of thing).

> - ie how easily malware could have found out my address.  I'm guessing -
> but maybe this is wrong? - that those of us who use either RO clients, or
> obscure Windows ones (me) are much less likely to have the problem, unless
> the malware thingy scans every file on a machine looking for possible
> addresses.

This I don't know, but these day's I'd guess they do - there's absolutely no
sane reason to tie it to looking at a particular client's address book when
scanning files for likely addresses is a matter of triviality. Sure, it
could be a time consuming task - but are they going to worry about that when
it's not running on their own machine, using their own resources?

-- 
Vince M Hudd
Soft Rock Software

More information about the Virtualacorn-list mailing list