Spammers Using Ham Calls for Bogus Emails

I wanted to let my fellow Operators know that as late, I have seen many Spam letters that contained legitimate ham radio call signs as part of the spammers masked email address. I can only guess as to where they are getting these from. Imagine my fury when I saw my own call attached to a spam letter for illegal cable boxes. I tried to alert the ISP but was sent a note back they knew nothing of this activity. We all know this is a crock, but these are the same ISP groups who will allow these slime balls to work to fill your family's email with Porno!

There is legislation being drafted to stop ALL forms of spamming on the internet, and super fines and possible Jail time for the scum who refuses to cooperate and cease sending out the junk. Please help support these efforts by lawmakers. it will be the only way to regain robbed bandwidth, stolen callsigns, and halt the distribution of the filth these creeps are sending to our families and us!

KB2SEO
Drew

 

IF i find a spammer using my call sign what should i do? im only 13 .





73's
KD7SDY

 

Spam isn't the only problem. Emails are being sent over the net supposedly from Hams via the ARRL mail server. Each email contains a virus. I received nine such emails in one week, each one with a virus that Norton Anti Virus detected. I contacted the Hams whose call signs were being used and they obviously were shocked and surprised. I then contacted the ARRL and got absolutely no help or response??? To avoid getting further emails and virus' I had to temporarily suspend my arrl.net email address. I thought the ARRL would've been more helpful, obviously I was wrong. Has anybody else had this problem?

Bob WQ4BOB

 

</span><table border="0" align="center" width="95%" cellpadding="3" cellspacing="1"><tr><td>Quote (KD7SDY @ July 24 2002,14:11)</td></tr><tr><td id="QUOTE">IF i find a spammer using my call sign what should i do? im only 13 .





73's
KD7SDY[/QUOTE]<span id='postcolor'>
You will need to track the originating IP address:

Ex:
Received: from ljn9dezowba903 ([24.164.248.47]) by mail3.new.rr.com with Microsoft SMTPSVC(5.5.1877.537.53);
Tue, 23 Jul 2002 18:33:27 -0500

Do a whois lookup on the IP address in this example "24.164.248.47" to find the IP address owner:

ServiceCo LLC - Road Runner (NET-ROAD-RUNNER-5)
13241 Woodland Park Road
Herndon, VA 20171
US

Netname: ROAD-RUNNER-5
Netblock: 24.160.0.0 - 24.170.127.255
Maintainer: SCRR

Coordinator:
ServiceCo LLC (ZS30-ARIN) abuse@rr.com
1-703-345-3416

And then report the problem to them.

 

Spammers have taken on a new tactic as of late. The software they use only sends hundreds through an open relay server before switching servers to continue on. They also change the from address on the fly using addresses in the send file. It is getting harder and harder to track and block spammers.
http://www.tenforward.com/support/spampage.htm

And as far as Viruses go, the Klez virus forges the sender from the address book of the infected machine.
http://news.com.com/2100-1001-916945.html has some good information on this.

 

I'm a victim too. They even send me the e-mails with my own "callsign"@arrl.net address on them!

 

kc7wgs,

I feel your pain and know what you are saying.  But even if you update your virus package you can still be bitten by certain viruses that can disable most popular virus scanner software.  I am NOT suggesting that you don't use a virus scanner I am suggesting that computer users should not get careless just because they have a scanner with the latest DAT files.

As far as a call sign being used as a SPAMMER address, this is not usually someone pirating your call as an e-mail address.  What is actually happening is a program is going out and attaching to the e-mail server and using it as a relay.

Be warned that what appear to be picture files can actually be virus infected executables.   Never, never, never open any attachment file that has any of the following extensions without scanning.  Only open things that you are EXPECTING to receive from someone.  If you have no idea who sent the e-mail, and it has an attachment, DELETE without reading.

bat
com
csc
doc
dot
(the last two listed can contain VB scripts in MS Word)
EXE
GMS
GZ*
HLP (can contain HTML codes)
HT* (see above)
INI
JS* (JAVA
OCX
OLE
REG (Opening one of these can really make for a bad day&#33
RTF
SCR
SYS
VBS
VXD


Did I miss any?

 

I personally hate spam and I was aware of this problem one of the big problems is that hams all trust each other which is a very nice thing but I think it is a loophole that is being exploited by these piles of trash.

 

Hi all

 One thing is the use of a good firewall yes it cost money but it's worth it.  I have seen people with 2000 or 3000 dollars computers and no protection on those computers they are asking for it.  Live and learn.  

 

I believe that ANYONE who uses a computer that is connected to the net, that Dosen't have Virus Software and or a firewall, (and this REALLY true if running a cable modem) deserves to have thier computer destroyed by a virus. and before you start screaming at me there's a FREE virus software out there.

http://www.grisoft.com

73

 

The previous post was right about the viruses. The Klez virus is one the most prevelant ones at this time. It will send e-mails form your computer, using addresses in your address book.

Get a virus scanner, use it routinely, and UPDATE IT weekly. And use a firewall. There are many available, many free. A little precaution goes a long way. The only blame to the one that "sent the e-mail" is he/she didn't have a virus scanner and firewall in place.

You can't avoid all the spam, but you can sure cut down on it and avoid getting infected yourself!

Do you ground your radio, tower, antenna? Do you have low pass filters and lightening protectors? Do you have virus scanners and a firewall? They all do the same thing, protect you.

Have fun with the hobby and don't let the jerks out there get to you! 73's
Scott

 

Yes, I've gotten the things via the arrl server.  I've gone so far as to offer to pay for the programming to block what isn't authorized.  

Their answer (& I have the emails to prove it) is that I shouldn't give anyone on the net the address.  Their 1st email to me said that it was all because my email was on QRZ!!!  

NO, you can make your server require authorization to use the "all" address.

I just re-activated the address after a 3 month hiatus.  Today I received the most obscene email of them all.

BTW very few members have ever complained about SPAM, therefore it's not a problem.

You tell me and then we'll all know!  I think I'll get the rig set up and go try to talk to the ISS, this is depressing

 

Yes, I too receive spam via my arrl.net email address. I have complained and received the same reply, in essence nothing. They (ARRL) told me that the spammers have figured out that a callsign listed in the FCC database sent via arrl.net stands a good chance of going through. They said they can't block them.
I set up email filters to delete all of them I can, and set up new filters for the ones that get through. Norton Antivirus is well worth the money. Anyone with email and no virus protection, out of date virus protection, or opens any email executable they get without checking, deserves what they get IMHO. microbe, KV4CT

 

I BEGAN TO BE SPAMMED AFTER REGISTERING WITH EHAM!!!!!!!!! AGGGGGHHHHHHHH!

 

Reiterating, as if it needs to be said.

1. Use a spam filter if possible. Most browsers also permit the use of other filters, but you need a thousand different ones to stop spam.

2. I have learned to first of all read my list of emails on the server before they are downloaded to my computer, but not all email programs offer that capability. That way when I look at the list, if there is something (and there always are several, despite a spam filter that sends nearly 100 a day to the email graveyard) I don't recognize as being of interest to me, I can delete it from the email server before it ever gets opened or even sent to my computer.

3. Use anti-virus software. Frankly, I avoid Microsoft Outlook, also. That way I don't even have an Outlook address book, as Outlook isn't even operational.

4. Never, no never, never, never, even "look" at an attachment you weren't expecting, no matter what it professes to be, photos, porno, stories, your mother's combat boots. If there is an attachment to an email message, don't sneak a peak. Instead, compose a NEW message (not a reply-to) to the person who sent the attachment and ask him/her what it is and why he/she sent it. If he can't tell you, go back and delete it.

5. If you go to that message in some email programs, just 'going there' will cause you problems. That's why, if you can do it, read your mail on the server, (item 2) and even then, no matter what, don't open an attachment unless you can verify what it is by contacting the sender. Note: Some email programs won't even show that there is an attachment. If you get an email with basically no text, don't try to figure out if there is hidden text. Delete it.

6. Be aware, when you get viruses or spam with ham call return addresses, it is probably without their knowledge. And yes, the ARRL sent out a bulletin on the virus that swept through their address book, theyi apologized for the inconvenience, and they updated virus software. So don't say they did nothing. They did quite a bit, and I no longer get virus from the ARRL address. They also cut down on forwarded spam by doing some other work on their server. Yes, they did respond. But they can't elminate it all. Incidentally, I've found that immediately after posting things on QRZ, I got a rash of viruses, so the ARRL is not the only address book being raided.

7. Practice "safe computing."

8. When you get junk mail that has a line in it about "unsubscribing" or "to be removed from this list" the instant you respond to that, their software determines that you are a valid IP address and you are immediately added to many more list servers. Those "unsubscribe" or "remove" lines are address builders. Don't reply to them! Just delete the message.

9. When you log onto a porno site, (as well as a few commercial sites) your IP address is also seized and forwarded to several other similar sites. And if a message comes from those sites (and it will) the instant you highlight it to delete it, you will find it logs you on, as it has your identifier, and in some cases, the only way to get off the site is to close your browser, delete your history and cache information, and log off the web! But by then, your IP has already been forwarded to another dozensites of the same type. Mostly these are porno, but some sales sites are now using the same gimmick. Solution? Try item 2 above - delete the stuff before it gets to your computer, and never, ever open it. If you can't do that, don't try to click on it. Try to install filters, but you may find yourself building more filters than you can imagine!

10. Arrrgggggh! Stop this crazy, pathetic, sad-sack nonsense of "send this to everyone you love and if you love me send it back to me." What a pitiful, sad, lonely, idiotic cry for attention. Like sending a chain letter to yourself. If that's the best way you can think of to get attention, go kiss a telephone pole. This crap clutters the web, - there are literally millions of these things running around out there daily - but it also pyramids virus and spam operations. The instant I see "send this back to me" I delete it. Please do the same! Blanket emails, whether it's these things, or jokes, or inspirational things, multiply the web load by the millions every few seconds. If you send it to one person and it says send it to ten and he does, and they send it to ten more, in a matter of a few seconds it is a million emails. Whoever invented the electronic chain letter must be rolling in laughter in his grave.

Have fun. Safe computing!

73
Ed