Sign in with
Sign up | Sign in
Your question

Abuse reporting/cookies, muffins and bagles

Last response: in Windows XP
Share
Anonymous
August 14, 2005 8:30:03 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

I have just reported an email abuse incident…
From: <myuserid@charter.net>
{Received: from 213.252.72.10.dim-co-volokolamskoe.rmt.ru
(HELO Panferov.net)}
To: <myuserid@myisp>

Zip attached was called “Work and taxes.zip�

Because it was obviously suspect, I right clicked it in Outlook
to pick up detail for abuse report. In this venue, one sees
attachment name + dump plus the fact that it actually came
out of .ru / Russia. On looking further, charter.net or
charter.com smells pretty bad to me as well. I then blocked
the unopened email which supposedly dropped it from server.
I don’t like the fact that myuserid is in use at another ISP.
I wonder how else one should react to a similar situation;
isn’t it best to report the “abuse� so that it can be followed
up on. I wonder if my ISP does that?
Anonymous
August 14, 2005 11:13:55 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

It was a virus laden email. Many viruses forge the return address, and
there is nothing you can do about it.

Tom
"Will" <Will@discussions.microsoft.com> wrote in message
news:A70E1EA9-4BC2-487A-88CE-14D6E53E118F@microsoft.com...
|I have just reported an email abuse incident.
| From: <myuserid@charter.net>
| {Received: from 213.252.72.10.dim-co-volokolamskoe.rmt.ru
| (HELO Panferov.net)}
| To: <myuserid@myisp>
|
| Zip attached was called "Work and taxes.zip"
|
| Because it was obviously suspect, I right clicked it in Outlook
| to pick up detail for abuse report. In this venue, one sees
| attachment name + dump plus the fact that it actually came
| out of .ru / Russia. On looking further, charter.net or
| charter.com smells pretty bad to me as well. I then blocked
| the unopened email which supposedly dropped it from server.
| I don't like the fact that myuserid is in use at another ISP.
| I wonder how else one should react to a similar situation;
| isn't it best to report the "abuse" so that it can be followed
| up on. I wonder if my ISP does that?
Anonymous
August 14, 2005 11:13:56 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

For:
tompepper@mvps.invalid

This does not answer question.

"Tom Pepper Willett" wrote:

> It was a virus laden email. Many viruses forge the return address, and
> there is nothing you can do about it.
>
> Tom
> "Will" <Will@discussions.microsoft.com> wrote in message
> news:A70E1EA9-4BC2-487A-88CE-14D6E53E118F@microsoft.com...
> |I have just reported an email abuse incident.
> | From: <myuserid@charter.net>
> | {Received: from 213.252.72.10.dim-co-volokolamskoe.rmt.ru
> | (HELO Panferov.net)}
> | To: <myuserid@myisp>
> |
> | Zip attached was called "Work and taxes.zip"
> |
> | Because it was obviously suspect, I right clicked it in Outlook
> | to pick up detail for abuse report. In this venue, one sees
> | attachment name + dump plus the fact that it actually came
> | out of .ru / Russia. On looking further, charter.net or
> | charter.com smells pretty bad to me as well. I then blocked
> | the unopened email which supposedly dropped it from server.
> | I don't like the fact that myuserid is in use at another ISP.
> | I wonder how else one should react to a similar situation;
> | isn't it best to report the "abuse" so that it can be followed
> | up on. I wonder if my ISP does that?
>
>
>
August 14, 2005 11:13:57 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Will wrote:

> For:
> tompepper@mvps.invalid
>
> This does not answer question.

Yes, it does. Your original post is a bit confusing, but sifting through
the verbiage the only question asked is this one:

>> | I wonder how else one should react to a similar situation;
>> | isn't it best to report the "abuse" so that it can be followed
>> | up on. I wonder if my ISP does that?

>
> "Tom Pepper Willett" wrote:
>
>> It was a virus laden email. Many viruses forge the return address,
>> and there is nothing you can do about it.

Mr. Willett's answer was correct. You can report the "abuse" if it makes
you feel better, but it will probably do no good since many viruses
spoof the "from" line. There is no way to know for sure that the
"abuse" actually occurred by the supposed sender, either. You should
just delete these sorts of emails which are very common, or set up
filters in your email client to delete them.

As for your last question, there is no way for any of us to know what
your ISP (Eastlink in Canada?) does about abuse reports. Contact them
and find out.

What has most probably happened is:

1. You have a friend who has your email address in their computer's
addressbook. This friend's computer is infected with a virus that sends
copies of itself to all email addresses it finds on the infected
computer. The virus may also spoof the "from" line. Now someone else in
your friend's addressbook gets a virus-laden email with your name in
the "from" line. This person now writes you an angry email but of
course, it isn't your machine that's infected at all but your friend's.

2. And/or your machine is infected with a virus that is doing this.

3. And/or you signed up for something, used your real unmunged email
address somewhere, or otherwise got your email address harvested.

If you still think your question was not answered, then please post back
with a better description of what you need to know.

Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User
Anonymous
August 14, 2005 1:38:02 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Thanks for detail Malke. If I get something meaningful from Abuse I will post
it here. For starters I’d like mail ISP/Outlook able to filter by Country
acceptable to me. Russia is not on my list. Aside from the damage it can do
to users, if this garbage is slowing down the internet, then it is in
everyone’s best interest for it to be fixed because it will otherwise only
get worse.
Logic says to solve problem at source rather than after; solution being for
mailer (Outlook Etc.) to test uncertified code attachments on sender computer
or on ISP server that can take the (S)hit.

"Malke" wrote:

> Will wrote:
>
> > For:
> > tompepper@mvps.invalid
> >
> > This does not answer question.
>
> Yes, it does. Your original post is a bit confusing, but sifting through
> the verbiage the only question asked is this one:
>
> >> | I wonder how else one should react to a similar situation;
> >> | isn't it best to report the "abuse" so that it can be followed
> >> | up on. I wonder if my ISP does that?
>
> >
> > "Tom Pepper Willett" wrote:
> >
> >> It was a virus laden email. Many viruses forge the return address,
> >> and there is nothing you can do about it.
>
> Mr. Willett's answer was correct. You can report the "abuse" if it makes
> you feel better, but it will probably do no good since many viruses
> spoof the "from" line. There is no way to know for sure that the
> "abuse" actually occurred by the supposed sender, either. You should
> just delete these sorts of emails which are very common, or set up
> filters in your email client to delete them.
>
> As for your last question, there is no way for any of us to know what
> your ISP (Eastlink in Canada?) does about abuse reports. Contact them
> and find out.
>
> What has most probably happened is:
>
> 1. You have a friend who has your email address in their computer's
> addressbook. This friend's computer is infected with a virus that sends
> copies of itself to all email addresses it finds on the infected
> computer. The virus may also spoof the "from" line. Now someone else in
> your friend's addressbook gets a virus-laden email with your name in
> the "from" line. This person now writes you an angry email but of
> course, it isn't your machine that's infected at all but your friend's.
>
> 2. And/or your machine is infected with a virus that is doing this.
>
> 3. And/or you signed up for something, used your real unmunged email
> address somewhere, or otherwise got your email address harvested.
>
> If you still think your question was not answered, then please post back
> with a better description of what you need to know.
>
> Malke
> --
> Elephant Boy Computers
> www.elephantboycomputers.com
> "Don't Panic!"
> MS-MVP Windows - Shell/User
>
August 14, 2005 6:19:43 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

FWIW---A lot of the things coming from China and Russia are originating
from right here in Florida, USA

"Will" <Will@discussions.microsoft.com> wrote in message
news:6F30396A-A71C-40AE-873B-01968AB3ACF6@microsoft.com...
> Thanks for detail Malke. If I get something meaningful from Abuse I will
> post
> it here. For starters I'd like mail ISP/Outlook able to filter by Country
> acceptable to me. Russia is not on my list. Aside from the damage it can
> do
> to users, if this garbage is slowing down the internet, then it is in
> everyone's best interest for it to be fixed because it will otherwise only
> get worse.
> Logic says to solve problem at source rather than after; solution being
> for
> mailer (Outlook Etc.) to test uncertified code attachments on sender
> computer
> or on ISP server that can take the (S)hit.
>
> "Malke" wrote:
>
>> Will wrote:
>>
>> > For:
>> > tompepper@mvps.invalid
>> >
>> > This does not answer question.
>>
>> Yes, it does. Your original post is a bit confusing, but sifting through
>> the verbiage the only question asked is this one:
>>
>> >> | I wonder how else one should react to a similar situation;
>> >> | isn't it best to report the "abuse" so that it can be followed
>> >> | up on. I wonder if my ISP does that?
>>
>> >
>> > "Tom Pepper Willett" wrote:
>> >
>> >> It was a virus laden email. Many viruses forge the return address,
>> >> and there is nothing you can do about it.
>>
>> Mr. Willett's answer was correct. You can report the "abuse" if it makes
>> you feel better, but it will probably do no good since many viruses
>> spoof the "from" line. There is no way to know for sure that the
>> "abuse" actually occurred by the supposed sender, either. You should
>> just delete these sorts of emails which are very common, or set up
>> filters in your email client to delete them.
>>
>> As for your last question, there is no way for any of us to know what
>> your ISP (Eastlink in Canada?) does about abuse reports. Contact them
>> and find out.
>>
>> What has most probably happened is:
>>
>> 1. You have a friend who has your email address in their computer's
>> addressbook. This friend's computer is infected with a virus that sends
>> copies of itself to all email addresses it finds on the infected
>> computer. The virus may also spoof the "from" line. Now someone else in
>> your friend's addressbook gets a virus-laden email with your name in
>> the "from" line. This person now writes you an angry email but of
>> course, it isn't your machine that's infected at all but your friend's.
>>
>> 2. And/or your machine is infected with a virus that is doing this.
>>
>> 3. And/or you signed up for something, used your real unmunged email
>> address somewhere, or otherwise got your email address harvested.
>>
>> If you still think your question was not answered, then please post back
>> with a better description of what you need to know.
>>
>> Malke
>> --
>> Elephant Boy Computers
>> www.elephantboycomputers.com
>> "Don't Panic!"
>> MS-MVP Windows - Shell/User
>>
Anonymous
August 14, 2005 7:17:07 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

"Frank" <bbunny@bqik.net> writes:
>FWIW---A lot of the things coming from China and Russia are originating
>from right here in Florida, USA

A surprising proportion of the internet fraud in the U.S. flushes out
of Florida. But some claim spam and internet fraud isn't the only
sort of fraud that Florida seems to specialize in.

Something you can try, if you wish, based on my decades of working
with spam.

The "From" has been forged by every spammer and virus on the net for
years, that tells you nothing, ignore it.

If you look at the headers of the message and in particular at the
topmost "Received" line you will sometimes see two different
domain names, sometimes only one, and sometimes just an ip address.
The first name on that line is also often forged, the second seems
to be less often forged. And the ip address is fortunately rarely
forged. You can use that ip address to look up the domain of the
last computer to relay that to you. You type the scrape the ip
address into your clipboard and choose the appropriate database:

For most of the U.S.
www.arin.net/whois/index.html
For most of South America
lacnic.net/en/index.html
For Brasil, always a popular spam/fraud source
registro.br/index.html
For most of Europe and eastern Europe
www.ripe.net/perl/whois/
For most of Asia
www.apnic.net
For most of Africa, an increasing source of fraud flushing
www.afrinic.net

With a little experience you will know from the first number
in the IP address which of these to use. Those will look up
the ip address and sometimes give you an abuse address you
can send the complete message to, minus any big binaries,
politely asking them to WHACK their little net vandal.

You can try similar things with Received lines further down
the list, but the first one that is forged means that it and
all the rest will be meaningless trash just trying to divert
attention from the real scum.

If the scum is using web pages you can report to them too,
spammers seem to dislike having their web pages cut off far
more than they dislike having their hijacked mail source
cut off. There are sources out there that will turn a domain
name into an ip address, search for "nslookup" and see what
you find.

You can also use
www.abuse.net/lookup.phtml
to often find an abuse email address for a domain name.

There are other ways of doing this, other people will perhaps
say that their way is much better than anybody else's way.
But you can with a little practice find a way you can use
to help report net scum.

It likely won't make spam and virus disappear from the world
but if you want to you can do your little part to help combat
fraud, spam and virus on the net

56572 SWEN virus email received and reported

>"Will" <Will@discussions.microsoft.com> wrote in message
>news:6F30396A-A71C-40AE-873B-01968AB3ACF6@microsoft.com...
>> Thanks for detail Malke. If I get something meaningful from Abuse I will
>> post
>> it here. For starters I'd like mail ISP/Outlook able to filter by Country
>> acceptable to me. Russia is not on my list. Aside from the damage it can
>> do
>> to users, if this garbage is slowing down the internet, then it is in
>> everyone's best interest for it to be fixed because it will otherwise only
>> get worse.
>> Logic says to solve problem at source rather than after; solution being
>> for
>> mailer (Outlook Etc.) to test uncertified code attachments on sender
>> computer
>> or on ISP server that can take the (S)hit.
>>
>> "Malke" wrote:
>>
>>> Will wrote:
>>>
>>> > For:
>>> > tompepper@mvps.invalid
>>> >
>>> > This does not answer question.
>>>
>>> Yes, it does. Your original post is a bit confusing, but sifting through
>>> the verbiage the only question asked is this one:
>>>
>>> >> | I wonder how else one should react to a similar situation;
>>> >> | isn't it best to report the "abuse" so that it can be followed
>>> >> | up on. I wonder if my ISP does that?
>>>
>>> >
>>> > "Tom Pepper Willett" wrote:
>>> >
>>> >> It was a virus laden email. Many viruses forge the return address,
>>> >> and there is nothing you can do about it.
>>>
>>> Mr. Willett's answer was correct. You can report the "abuse" if it makes
>>> you feel better, but it will probably do no good since many viruses
>>> spoof the "from" line. There is no way to know for sure that the
>>> "abuse" actually occurred by the supposed sender, either. You should
>>> just delete these sorts of emails which are very common, or set up
>>> filters in your email client to delete them.
>>>
>>> As for your last question, there is no way for any of us to know what
>>> your ISP (Eastlink in Canada?) does about abuse reports. Contact them
>>> and find out.
>>>
>>> What has most probably happened is:
>>>
>>> 1. You have a friend who has your email address in their computer's
>>> addressbook. This friend's computer is infected with a virus that sends
>>> copies of itself to all email addresses it finds on the infected
>>> computer. The virus may also spoof the "from" line. Now someone else in
>>> your friend's addressbook gets a virus-laden email with your name in
>>> the "from" line. This person now writes you an angry email but of
>>> course, it isn't your machine that's infected at all but your friend's.
>>>
>>> 2. And/or your machine is infected with a virus that is doing this.
>>>
>>> 3. And/or you signed up for something, used your real unmunged email
>>> address somewhere, or otherwise got your email address harvested.
>>>
>>> If you still think your question was not answered, then please post back
>>> with a better description of what you need to know.
>>>
>>> Malke
>>> --
>>> Elephant Boy Computers
>>> www.elephantboycomputers.com
>>> "Don't Panic!"
>>> MS-MVP Windows - Shell/User
>>>
!