virus: "SPAM WARS" ESCALATE -- A McLUHAN POST (Not Arch.)

Reed Konsler (konsler@ascat.harvard.edu)
Mon, 19 May 1997 23:07:21 -0400 (EDT)


>Mime-Version: 1.0
>Date: Mon, 19 May 1997 17:47:47 +0100
>To: mcluhan-list@astral.magic.ca
>From: mclr@astral.magic.ca (Comm Office)
>Subject: "SPAM WARS" ESCALATE -- A McLUHAN POST (Not Arch.)
>Sender: owner-mcluhan-list@astral.magic.ca
>Precedence: bulk
>Reply-To: mclr@astral.magic.ca
>
>[Notes: "delist" instructions to this e-list are
>appended to the end of each "regular" posting. They
>also appear at the end of the postings in our
>Archives at <www.mediaguru.org>. Because of the
>size of this list, only proper de-list messages
>will be processed!]
>
>[This is a special, "non-archived" post for the
>McLuhan-List. If you want to keep the material,
>"save" it to your own system because it will NOT be
>kept in our Archives]
>
>
>WOW! Talk about synchronicity! About the same time that we notified you, our
>readers, about "SPAM WARS" it looks like several have actually started.
>Many of you
>have taken time to update us on news you have captured, including, of
>course, the
>Compuserve lawsuit against CyberPromotions, and related activities. The most
>outrageous, however, is repeated below (thanks to
>tony@wheel.dcn.davis.ca.us) --
>the upshot of it is that THE SPAMMERS ARE NOW USING COMMANDO TACTICS
>AGAINST THOSE WHO TAKE AN ANTI-SPAM position! Read this yourself and
>decide.
>
>We said in 94 that the Internet was like the "wild west" and unfortunately
>it will take lawmakers to stop the bulk of the junk email (in most BUT NOT ALL
>jurisdications -- some are "outside the law").
>
>Until then, WELCOME TO THE SPAM WARS!
>
>------ as received ------
>
>>>Date: Thu, 15 May 1997 20:01:52 -0400
>>>From: Jim Youll <jim@newmediagroup.com>
>>>Subject: newmediagroup.com headers were forged in junk e-mailing;
>>> retaliation against my public anti-SPAM activities
>>>
>>>We are a very small company. We are being attacked electronically, because
>>>of my public anti-spam stance:
>>>
>>>(A) Our server was subjected to an inbound bombing from the hijacked
>>>servers into our mailserver last night (14 May 1997).
>>>
>>>(B) Thousands of messages were sent OUT today (15 May) from the same
>>>hijacked servers, resulting in a torrent of complaining, hostile, violent
>>>mail to our mailboxes. Some people began to mailbomb us with large
>>>documents.
>>>
>>>I have 99.9% confidence that the hostile messages were injected into the net
>>>from a computer dialed into enterprise.net, a UK ISP, and have the
>>>corroborating records to prove it, at least everything I can get without
>>>cooperation from enterprise.net. I am unable to reach anyone at
>>>enterprise.net who will assist in this investigation.
>>>
>>>The messages were relayed off nevwest.com and freenet.carleton.ca SMTP
>>>servers.
>>>
>>>The administrators at these sites have not been terribly supportive, though
>>>they claim to be working on it. They have also received quite a bit of
>>>inbound mail, but appear somewhat unsure about what to do or ``how that
>>>happened''. They've asked me if *I* sent the messages.
>>>
>>>Complete details of the attack and my anti-junkmail posting which started
>>>all this appear here:
>>> http://www.agentzero.com/junkmail
>>>
>>>The message I have sent out follows. I need support from the UK. I am
>>>prepared to do whatever it takes to get a prosecution.
>>>
>>>-- quoted message follows --
>>>
>>>My domain newmediagroup.com is under attack by someone who doesn't like my
>>>MILITANT, PUBLIC ANTI-SPAM stance. To date, their actions have included
>>>sending apparently several thousand e-mail messages, forged showing my name
>>>as the sender. In addition, this same party or someone working with them
>>>conducted a denial-of-service attack on our system last night, 14 May. See
>>>http://www.agentzero.com/junkmail, including system logs clearly showing the
>>>terrorists' use of third-party unsecured SMTP servers as relays (which you
>>>will also see by looking at the headers of the messages that were sent).
>>>
>>>Their attack has also included threats of harm against me.
>>>
>>>PLEASE let people know this did not originate at newmediagroup.com. It is a
>>>complete forgery. We are TRYING to investigate and at the moment have a
>>>number of backbone carriers and MCI security, involved. I am doing all I
>>>can. PLEASE tell people to stop writing to complain. This did not come
>>>from us. We don't spam. I am FIGHTING spam and that is why I was targeted
>>>in this manner. When you see their mail-bomb messages to me, you will
>>>understand.
>>>
>>>I am seeking cooperation from the sites that were used as relays. Sheila,
>>>apparently an administrator at freenet.carleton.ca. (office@ is their e-mail
>>>address; if you have received junk that bounced off their mailer, I STRONGLY
>>>suggest you contact them and demand the holes be closed.) Carleton Freenet
>>>has notified me (15 May 1997, 1600 EDT by e-mail) that they will not release
>>>their SMTP logs, which would show the origin of the message injected into
>>>their mailer. A man reached at nevwest.com said he had ``one technician
>>>working on it'' but really didn't understand the specifics, and was not very
>>>excited about helping. This is all very exciting for electronic terrorists,
>>>I am sure.
>>>
>>>New Media Group (and I in particular!) do not send or generate commercial
>>>e-mail. Ever. We are a small Internet presence provider working closely
>>>and on-site with clients in the Midwestern US. Only. We do not seek,
>>>service, or advertise to anyone outside that area, and we do not use e-mail
>>>for advertising.
>>>
>>>Copies of all logs and the threatening messages which came here have been
>>>forwarded to security officers at all ISPs we could identify, and at the
>>>security offices of backbone providers involved in this. We're trying, but
>>>it will be difficult to identify who did this. We're trying. I fully
>>>intend to press criminal and civil charges at the very moment an indictment
>>>becomes feasible.
>>>
>>>The reason we have been targeted is that I (personally, not this company)
>>>have been leading a campaign AGAINST junk e-mail. Please help me find out
>>>who did this.
>>>
>>>If you look at the headers, you will see that the messages did not come from
>>>here. The incoming messages threatened more attacks unless I stop my
>>>campaign to free people from unwanted junk e-mail. This is terrorism, plain
>>>and simple and I call on the entire Internet community to help track down
>>>the responsible parties. I will appreciate any assistance you can provide.
>>>
>>>I am offering a reward of $1,000 for information leading to the arrest and
>>>conviction of the perpetrators of this crime.
>>>
>>>NOTE ADDED 16 May 1997:
>>>
>>>We were hit again overnight 15 to 16 May. This time messages were sent to
>>>many addresses in the U.S. Primarily the incoming has been bouncing due to
>>>bogus or no-longer-in-use names at these locations. The nature of the
>>>addressing suggests that the names were culled from newsgroups and other
>>>public sources, and that the system doing the gathering went back some
>>>distance in time to get them, as many were expired.
>>>
>>>... It's been a busy couple of days. We have received approximately 2,500
>>>undeliverable messages in the last few hours. (Normal is 20-50 per day.)
>>>The incoming complaints and attacks are slowing, because I think people are
>>>learning that jim@newmediagroup.com is ANTI-junk. Word is getting out, and
>>>hopefully that will help in the future.
>
>end post

---------------------------------------------------------------------
Reed Konsler konsler@ascat.harvard.edu
---------------------------------------------------------------------