[amsat-bb] Re: (no subject)

Tony Langdon vk3jed at gmail.com
Mon Jun 7 17:31:23 PDT 2010

At 09:08 AM 6/8/2010, Larry Teran wrote:
>SPAM get out
>On Mon, Jun 7, 2010 at 1:42 PM, Simone T <terrando at gmail.com> wrote:

<snip to avoid propagating spam URL further>

These ones are the result of the account's owner getting infected 
with something, and a spam bot hijacking their account.  Complaining 
about the spam does nothing (never does).  The most successful 
approach has been to inform the affected person of the problem, and 
get them to scan their PC with something like the free scanner from 
www.malwarebytes.org , or another good malware scanner, then change 
their webmail password.

There is a pattern to this sort of spam/infection:

1.  It ALWAYS comes from a webmail capable address (I have seen 
Yahoo, Gmail and Hotmail accounts infected).

2.  It always features a single line with a URL, maybe with one line 
of generic text "Hey, look at this" or similar.

How I discovered it was the account owner's PC being infected was 
that I posted an advisory message in the group that was getting spam, 
and suggesting everyone check their PC for malware.  The account 
owner (that the spam claimed to come from) came forward and described 
what happened, and that they had fixed their system, once made aware 
of the problem.  Subsequent instances of this type of spam have 
revealed a similar pattern.  This was first sighted a few months ago.

Anyway, hope this helps people affected by this sort of problem to 
find and remove the offending malware.

73 de VK3JED / VK3IRL

More information about the AMSAT-BB mailing list