Bogus Emails: Birther virus?

I just got this email from Gerry Nance to the Obama Conspiracy Theories email address. You might remember Nance as an early participant in the Birther Movement. I featured him in an article about a year ago. Any time a Birther of note tries to communicate with me, I’m interested, so I clicked on the shortened hyperlink following “What do you think of this?” and I ended up on a web page made to look like MSNBC (but not at MSNBC) touting a work at home scheme.

I have no thought that Nance sent the email intentionally. It’s just another in a long line of emails forged to come from someone I know, but aren’t from them. The connections seem to be from folks that I am friends with on Facebook, or from folks who have appeared on this web site. Nance’s email came from a Yahoo email server with an att.net email address (which is normal for AT&T customers).

It’s a little spooky, however, that somebody found the direct email to the site, which isn’t actually on the site. I guess Nance had my email address in his address book. I might have had him in mine too.

Update:

Ha! Just got another one from “Walter Francis Fitzpatrick III,” this time to my personal email address. The headers indicate it came from Gmail. Fitzpatrick is not in my address book; I checked.

The headers of both of these emails look legit to me (and I have some experience reading email headers) and they indicate that they came from the email accounts of the persons named. That suggests that they have both had their accounts compromised. So far, fingers crossed, I haven’t had any complaints of spam emails coming from me.

Update 2:

I don’t know whether this is just an inflated comment on my article or whether there is a full-fledged outbreak of email virus infection among the Birthers. Orly Taitz published this headline yesterday:

Obots hijacked the e-mail accounts of most of my supporters and investigators. This is an additional charge for the RICO complaint

I only mentioned two, but now it’s “most of my supporters and investigators.” WOWZERS!

About Dr. Conspiracy

I'm not a real doctor, but I have a master's degree.
This entry was posted in Lounge and tagged . Bookmark the permalink.

14 Responses to Bogus Emails: Birther virus?

  1. Dave says:

    The usual mechanism is that a virus looks at the address book and/or saved emails on the infected machine and picks one address at random to send email to, and another address at random to forge as the “from.” If that’s the case here, the clue would be whose computer would have both those addresses on it.

    If one were really interested, you can figure out a lot from examining the full headers of the email message you got. The “Received” lines trace all the mail servers it passed through, and will show at the least the IP address of the infected machine the message came from.

  2. roald says:

    Someone figured out the password to an email account I access via a web site. With those credentials, they were able to send email that appeared to be coming from me. I had to change the both the password and the password hint before I got rid of them. A couple of years later, I still check the sent folder for messages I did not send.

  3. elmo says:

    Better do a thorough scan of your computer. When you click on a link like that in an email, you can be allowing the virus program access to your own email address book.

    This happened to my husband.

  4. A good suggestion.

    I ran a full scan (there is a quick scan scheduled on a weekly basis) and if found 4 things, a trojan downloader and some Java exploits. The Java exploits were for Java 7 SE, but I’m running Java 6. Still, it didn’t look like there was much, and it’s cleaned now.

    It looks like I got the things before the virus definitions for them were released. I’ve now changed my scheduled scan to do a full scan.

    elmo: Better do a thorough scan of your computer.

  5. JRC says:

    Dr. Conspiracy:
    A good suggestion.

    I ran a full scan (there is a quick scan scheduled on a weekly basis) and if found 4 things, a trojan downloader and some Java exploits. The Java exploits were for Java 7 SE, but I’m running Java 6. Still, it didn’t look like there was much, and it’s cleaned now.

    It looks like I got the things before the virus definitions for them were released. I’ve now changed my scheduled scan to do a full scan.

    Sorry to bother, but Java 5-7 should be uninstalled from your computer unless you absolutely need Java. There is an exploit. I mentioned in chat on RC’s show a couple weeks ago.

    Anyway, here is a link about the issue and exploit.

    http://www.zdnet.com/java-update-doesnt-prevent-silent-exploits-at-all-7000010422/?s_cid=e539

  6. I have a critical application in Java.

    JRC: Sorry to bother, but Java 5-7 should be uninstalled from your computer unless you absolutely need Java. There is an exploit. I mentioned in chat on RC’s show a couple weeks ago.

  7. JRC says:

    http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0422

    Sorry this is the link that talks about earlier versions of Java. If you have something you really need, then I can’t say whether to stay with 6 or upgrade to 7 and try the fix. Just keep an eye on things. The other problem going on now is uPNP, just so you know.

  8. JRC says:

    And I’m an idiot. The link I gave says that Java 6 doesn’t seem to fall for the exploit. My apologies. I’m fairly certain I’ve read it was. 🙁 Again Sorry.

  9. JRC says:

    In my defense, I most likely read it there, and then they updated. Of course it was my responsibility to recheck, and the failure was still on my part.

  10. aesthetocyst says:

    The Obot worm revealed right on schedule!

    Cause, you know, the perfect time for that final flip of the bird wouldn’t be 2nd-term Inauguration Day, but rather 9 days later. Heh.

  11. Monkey Boy says:

    Java 6 does have a vulnerability. So, I updated to java 7 and also got a vulnerability.

    I program in java, so removing or disabling it is a non-starter; however, my browsers–google chrome and opera, allow me to disable plugins which I have done for java. So, I can surf without worrying about that particular thing.

    Whenever I need java in a browser (for doublecrostics, I enable java for the session.

  12. This article has been updated.

  13. Java 7, release 13 is supposed to fix it.

    Monkey Boy: Java 6 does have a vulnerability. So, I updated to java 7 and also got a vulnerability.

  14. SueDB says:

    The other problem going on now is uPNP
    Either go into your router settings (the box that plugs into the cable modem – for most folks) and uncheck the checkbox authorizing upnp. Then go to the system panel (under administrative tools) in the control panel and right click the entry for upnp – if it isn’t turned off . turn it off.

    I use NOSCRIPT on my browsers along with Adblock Plus. – Malwre Bytes, Spybot S&Destroy… Windows…works good when it isn’t screwed up…One of these days I will have it working good.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.