I'm a spammer

Posted on:May 10 2006

According to my ISP, I am a spammer. They are accusing me of sending out tons of mails, and if I don't stop, they will cut my internet connection. the mail looked like that:

Sehr geehrter Kunde,

Uns liegen Aufzeichnungen vor, die belegen, dass von Ihrer IP-Adresse aus elektronische Post als Massensendung oder zu Werbezwecken verschickt wurde. Da eine solche Handlung gegen unsere Nutzungsbedinungen (http://subscriber.chello.at/support/fair_use_policy.html#email) und geltendes Recht verstoesst, moechten wir Sie bitten in Zukunft davon Abstand zu nehmen.

Sollten sich derartige Vorfaelle wiederholen oder gar haeufen, koennten wir uns gezwungen sehen Ihren Versendezugang ueber die chello-Server bzw. je nach Schwere sogar Ihren Anschluss still zu legen. (....snip)

Uh. I really didn't spam anyone. The only possibility is that a spam bot infected my PC. But I really didn't find one, and I cannot imagine how this could have happened, having all security patches installed, using a (stupid) router, firewalls, alternative browsers and other stuff like this. Hm. What now? Reinstall windows?

Comments:

Hm ... how about installing a virus scanner like Kaspersky? ^^

Maverick

Quote
2006-05-10 20:22:00

did this, but they didn't find something. dito for antispyware tools.

niko

Quote
2006-05-10 20:35:00

How about sniffing outgoing tcp traffic, setting filters for smtp, and logging everything?

Gothi[c]

Quote
2006-05-10 20:52:00

Perhaps you should install a software firewall and take a look at the activities at your ports.
If it is spyware or something like this there must be some trafic that a software firewall can notice

Fre4LeTy

Quote
2006-05-10 20:53:00

Maybe someone have stolen your IP-address? Did you turn-off your PC?

puh

Quote
2006-05-10 21:34:00

Are they basing that judgement on traffic, or reports from recipients based on spoofed email headers? I get lots of bounced spam messages that claim to have been sent by someone with one of my domains, clearly spoofed.

Try AdAware for spyware removal, and something like AVG or BitDefender for Virus / Trojan defense.

steve

Quote
2006-05-10 22:12:00

Maybe you are answering so many mails about irrlicht that they assumed you are a spammer, because no one would send so many "real" mails. ;)

Matthias

Quote
2006-05-11 09:17:00

Dunno how good your ISP is...

Phone them up, and ask for help !! If they are any good, they'll get the idea real quick and remove you from the blacklist. May not help with the problem, but it'll certainly help if they are planning on banning you.

Braneloc

Quote
2006-05-11 12:16:00

The truth is much simpler.

It is possible to send an email to anyone coming from anyone in case the SMTP server does not require authorization. Even if it does, it's sometimes possible to find another one.

Zeux

Quote
2006-05-11 13:05:00

sure, I contacted them, but no answer yet. lets see.

niko

Quote
2006-05-11 21:03:00

They should at least provide some log data (and information how they obtained it). I understand you got a dial-in conection (dsl or whatever) with changing IPs. So, the statements about possible faked sender domains or open smtp daemons shouldn't apply here.

As said above, I'd consider
> a hijack of your pc while maybe running during the night (hey, loading pr0n again?!)
> a spam bot on your local machine

Ah, and yes, I'd re-install my system. After they prove their statements, of course.

miq

Quote
2006-05-13 23:05:00