Spammers with a virus is heaven on tracking

Forum Moderators: DixonJones

Message Too Old, No Replies

Spammers with a virus is heaven on tracking

When spammers get viruses - seeing their phishing

cyberkat

8:28 pm on Sep 25, 2003 (gmt 0)

I had created a temporary email address (mailto) link on one of my webpages to study a spammer's activities. Ran the page until I caught one then deleted the page. Left the email address active and received my first series spam and reported them all. There was no more email until the spammer got infected.
Since then the box filled with the email containing the W32.Swen.A@mm [Symantec], Swen [F-Secure],
W32/Swen@mm [McAfee], W32/Gibe-F [Sophos], Worm Swen.A virus apon reading the raw text of these emails.
I have reported all information to the ip isp owners and currently reviewing their access logs also.
I love how viruses can work for the good of tracking spam.

ukgimp

7:58 am on Sep 26, 2003 (gmt 0)

A good spammer will not use their own email address. Perhaps I have read your post wrong :).

cyberkat

7:20 pm on Sep 27, 2003 (gmt 0)

The single spammer that had havested this address as an evaluation of trapping. We had received 1 email shortly after our access logs showed our site pages hit. We removed our page from the server. Reported the spammer with logs. The page has been removed for months and recently we received email containing the W32.Swen.A@mm. There was only that one harvest that got the temp email account, which all this mail is being sent.
By evaluating, the infected spammer has been using dialup accounts while infected with thus virus. Thus sending emails from the dialup accounts sent by the virus while the spammer sent their own spam. When ever the spammer is on the virus works in the background. The spammer probaly doesn't even realize the virus is giving away his every move. :)
Just received confirmation from some isp. Currently tracking users accounts that have been stolen by this spammer. I do know that the area that they have tracked it to is Boca Raton, FL area where the various accounts have been accessed.

jjohnstn

2:47 pm on Sep 30, 2003 (gmt 0)

Not surprising.... Boca Raton is a known spammer haven:

[nytimes.com...]