Jump to content

Email Spam From Keenpeople.com?


Milbank

Recommended Posts

I recently did a Google search for a local geocaching organization and this "KeenPeople" site popped up. For some reason the description of the site made me believe that the site I was looking for had merged with this one. This was entirely false. I saw nothing of interest in the "KeenPeople" site. I got a negative vibe from the way they directed me to thier site. I don't trust this site, especially now that they are apparently emailing Geocaching members by getting the information from our profiles.

Link to comment

I doubt they're stealing people's email addresses from their profiles. The guy who runs Keenpeople is a geocacher himself, and I think he'd know a little bit better.

 

And I have to agree to Stunod and Demp, I'm actually registered with them, and on a mailing list associated with the site, and I don't think I've ever gotten anything other than my registration email...

 

Maybe you should talk to the owner of the site about this...

Link to comment
I recently did a Google search for a local geocaching organization and this "KeenPeople" site popped up.  For some reason the description of the site made me believe that the site I was looking for had merged with this one.  This was entirely false.  I saw nothing of interest in the "KeenPeople" site.  I got a negative vibe from the way they directed me to thier site.  I don't trust this site, especially now that they are apparently emailing Geocaching members by getting the information from our profiles.

Your email address is only displayed in your profile if you choose it to be. (and if you do display it, don't be suprised if you get spam)

 

You got directed to their site thru a google search, and you think that something is fishy about that?? I don't understand...

Edited by Stunod
Link to comment

Okay....maybe I'm being a little too critical. A few too many black helicopters flying around my head or something.

 

When I did the Google search for "Colorado Geocachers" looking for a local organization (I had been to the site before but fogot the name) I got this as a return:

 

KeenPeople.com .... Colorado Geocaching Association (CACHE) This is the home of CACHE - the Colorado Association of Cache Hunting Enthusiasts. ...

 

I navigated the KeenPeople site and found no reference to the Colorado organization I was looking for. It certainly wasn't the homepage. I eventually found the sight I was looking for and it was still active. So, yes, I did find that a little strange.

Link to comment
A few too many black helicopters flying around my head or something.

 

You too! ;)

 

The email was from questions@keenpeople.com

The email said ">foto3 and MP3" and had a attachment "Gary.scr (22.4KB)"

I try to open the file, but nothing happens.

 

What is a scr file?

 

I tried to scan the file with nortons, but can't.

 

Now go ahead and tell me it's a virus. :P

Link to comment
A few too many black helicopters flying around my head or something.

 

You too! ;)

 

The email was from questions@keenpeople.com

The email said ">foto3 and MP3" and had a attachment "Gary.scr (22.4KB)"

I try to open the file, but nothing happens.

 

What is a scr file?

 

I tried to scan the file with nortons, but can't.

 

Now go ahead and tell me it's a virus. :P

Yeah, that's almost definately some kind of email worm, either in your computer or in the Keenpeople computer...

 

But it's certainly not spam advertising...

Link to comment
Now go ahead and tell me it's a virus.  ;)

Yep, without even looking I'd say it's a virus.

 

Many worms, and other bad code, is hidden in different files, .SCR being a common one.

 

NEVER ... EVER ... run a suspicious attachment!

 

EVER!

 

Never, never, never, never, never, never, never...

 

You now need to run a good virus program.

 

Oh, and...

I try to open the file, but nothing happens.
...yes, it did. You just couldn't see what. A sure sign it was some form of virus. Edited by CoyoteRed
Link to comment
Now go ahead and tell me it's a virus. ;)

It's a virus and as I posted in my initial post, it's not from the actual from address. All the latest email viruses spoof the FROM address and don't show the actual infected user.

 

If you want, get the headers of the email and paste it into a page I wrote at http://www.levinecentral.com/mail_parse and look at the source of the 1st hop. If it shows an IP address, click on it and it will tell you the domain of the machine used to send the originating message.

Link to comment

Well I just did a Norton Anti virus scan on my whole system and it did not find anything, ;)

 

I did a norton update a couple of day's ago to.

 

I feel a bit better now, but I'm still worried.

 

I'm going to back up my photo's just in case.

 

I have not had to do a full re install for years, but last time I did the one thing I lost and missed the most on the computer was all the photo's I had of my son.

 

Now I back the photo's up onto cd's every few months.

 

Thanks for the replies,

Link to comment

Actually, Norton is pretty good about releasing updates, you just have to get them. Most people don't update the virus definition very often, or at all. I've seen Norton release 20 updates in a single day, and usually release several every single day. Of course, if you don't download them and install them, they can't help.

Link to comment

The update (and first reported case) of the AG and AH variants of Beagle/Bagle came out on Saturday (the 17th).

 

If you haven't updated since Saturday night, then you are at risk.

 

In the future, you may want to setup a nightly (2-3 AM) download check for your Norton/McAfee updating service. You should also heed the advice above: turn off any auto-open attachment functions for your mail program and never open an attachment unless you were expecting it from someone you know.

 

Beagle/Bagle is annoying, but can be fixed fairly easily without much havoc to your system (when it runs, lots of processes get killed and your computer becomes a mailer just like the one that sent the worm/virus to you and it puts copies in any Peer-to-Peer file sharing folders it can find). Other viruses are not so nice.

Link to comment
Well I just did a Norton Anti virus scan on my whole system and it did not find anything, :blink:

You received the virus in an email. In order to get infected, you would need to open the attachment. If you had up to date anti virus software, it should catch it then if it didn't catch it when it came in through email as mine does.

 

If you didn't successfully open the attachment, you won't get infected.

 

I've also receive dozens of emails daily that are bounce/rejection emails related to virus/worms where my email address (or an address in my domain) has been used as the FROM address. If the mail is undeliverable, I get a bounce message from the TO mail server. If the TO system has anti virus scanning, it many times replies back to tell me it couldn't deliver an email since it contained a virus. This last part is extra annoying because the anti virus scanners should know that the FROM address isn't real and NOT reply back since all it does is cause (as the virus does) another unnecessary email going through all the worlds mail servers. Maybe someday they will learn and not reply back to know spoofed addresses!

Link to comment

The Trend Micro's on-line virus scan found over 500 files infected, but could not clean them.

 

I could delete them, but was not sure if that is what I should do, so I search symantec.com and they had a program to download for the different beagle worms.

 

I followed the symantec instuctions step by step and did a scan with it's program I downloaded.

 

Symantec also found over 500 files infected. It deleted them to repair the problem.

It made a log of the files it deleted and they all look like files the worm must have created. I don't really understand it all.

 

Anyway Symantec program said my computer was clear of the virus so I scanned it again with the Trend Micro's on-line virus scan and it did not find anything. :blink:

 

Thanks to everyone for all the help. :D

Link to comment

I just got this email from my ISP, does it ever stop?

 

Attention: gps@wat.midco.net

 

A virus was found in an Email message sent to you.

Our Email scanner intercepted it and stopped the entire message

before it reached you. No further action is required on your part.

 

If you were expecting a message with an attachment

from questions@keenpeople.com you may want to contact them and ask them to re-send

after a thorough virus scan of their computer. If you do not

know questions@keenpeople.com or were not expecting a message with an attachment from

them, the blocked message may have been the work of a virus

infecting their computer.

 

If you have questions, please contact us at support@midco.net or

call us at 1-800-888-1300. To learn more about MidcoNet virus protection,

please go to www.midcocomm.com/midconet_pcprotection.php.

 

The message sent to you had the following envelope:

 

MAIL FROM: questions@keenpeople.com

RCPT TO:  gps@wat.midco.net

 

... and with the following headers:

 

---

MAILFROM: questions@keenpeople.com

Received: from unknown (HELO DSuddarth_XP.org) ([12.28.226.67])

          (envelope-sender <questions@keenpeople.com>)

          by avin1.midco.net (qmail-ldap-1.03) with SMTP

          for <gps@wat.midco.net>; 20 Jul 2004 12:52:55 -0000

Date: Tue, 20 Jul 2004 08:52:55 -0500

To: "Gps" <gps@wat.midco.net>

From: "Questions" <questions@keenpeople.com>

Subject: Re:

Message-ID: <niarzkeceteocsbxxpa@wat.midco.net>

MIME-Version: 1.0

Content-Type: multipart/mixed;

        boundary="--------rldybujfxeildaxtvvaz"

 

---

Link to comment

Sadly no it doesnt stop. My geocaching email account and 1 other email account I use was for 1 month getting hit daily with 20+ virus's (all deleted). .scr files are usually screensavers (not sure if someone above posted that). Though they are used mainly now to transfer virus since most people know not to run an .exe or a .bat file.

 

As for recieving the emails, basically your emailwas found somewhere by a spammer and added to the list and you will recieve msg's off n on for a few weeks. It will after time die down.

 

Couple things I do before opening an attachement. 1st anyone I know directly that sends me an email is to write they are sending me attachements. How many, and the name of the files. Those that send me an email with a attachement without the above text will get 1 of 2 results. Either straight to the trash, or a reply asking, what is this? Both of which keep me safe. (for the most part, not including wurms).

Link to comment

Officially we do not spam. Our email address get tons of spam like everyone else. We hate spam just as much as you do. Yes, if your email address is on a webpage you'll get spamed.

 

KeenPeople.com does not spam. In fact we send out very few emails to anyone other than direct responses.

Link to comment

Although you can hide your email address in your profile, you leave it up for grabs if you post it in a msg or web page anyplace on the net when you write it out as an actual email address and it turns into a mailto: link. Sometimes maybe even if it doesn't. They might just have the crawler filtered to pick up a string with @ in it.

Example: mymail@home.com will be picked up by the spammers crawler bots and added to a spam list which will eventually be sold to no telling how many spammers.

To get around the crawlers, you just write it as

mymail at home dot com

Some people like to just add something to it like

mymail@nospam.home.com

and tell you to remove the obvious. I prefer the other way.

 

Never assume the spam you recieved originated from the actual address in the From: field. Especially if a hitchhiker is attached.

Edited by Larry.s
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...