[mephastopholes]

Hello all...
I can't remember which website, or web order that this may have originated from, but I'm now getting a whole crapload of spam. What worries me is that I've been getting quite a few that are completely blank; no sender or recipient name... only the time and size, which is usually 0.5 kb... nothing else what so ever.
PC's at work have been shut down at work due to spyware w/in the last couple of months; now, mind you, part of the reason that I've stuck w/ Macs is the fact that they're less prone to virus, spyware etc., I don't want this to make me over confident w/ my machine and shrug this issue off... has anyone else experienced this or is anyone aware of this being an issue?
Thanks in advance...

[Big Mac]

If you're worried about spyware and viruses on your Mac, don't worry - you're still safe. I've never gotten completely blank spam - that's got to be a pretty inefficient sales model. If you want to know more about the messages, press command+shift+h to view the full headers.

[ghporter]

What you're seeing is almost certainly spyware/virus attacks aimed at PCs, and you don't have to worry about your Mac getting infected because code for PCs just does NOT work on Macs. This will even be true when Apple switches to Intel processors; the code is aimed at the OS, not the processor.

However, do make sure you completely delete all of these spams so you don't accidentally pass any of their filth to a Windows-using coworker. Yes, you CAN be responsible for that sort of thing with a Mac, so pay attention and scrub your mail as soon as you get the crap.

[tooki]

FWIW, I have gotten empty spams before. I think they still come all the time -- but my email provider's spam filter catches them.

tooki

[amazing]

those emails with blank subject and from lines are the Davinia.B email worm. Here's the Symantec description:

"VBS.Davinia.B is an email worm that mails a message written in HTML to everyone in your Microsoft Outlook address book."
"The message has no subject line and appears blank, but it contains HTML code that starts Internet Explorer and attempts to download and open a Microsoft Word 2000 document"

http://securityresponse.symantec.com...davinia.b.html

It doesn't infect or affect the Mac, natch, but it's sure a pain deleting them all. The further description also states that the infected target MS Word 2000 doc has been deleted off the server, so nothing further happens, or so we're led to believe.

What it means is that someone who has Windows and your email address is infected, and their PC is spewing out this stuff. See if you can identify any clues in the headers?

[Apfhex]

BTW, amazing, mephastopholes is talking about emails with no SENDER, either.

Who's the ISP? If it's Comcast, then you're not alone, *lots* of users have been getting these emails and in most cases they do not contain viruses, they are genuinely totally blank (that is not to says yours don't contain viruses though, but with a Mac you're safe). Let me guess, "Sending client does not conform to RFC822 minimum requirements," right?

[mephastopholes]

thanks for the responses... apfhex, you are correct, the isp is comcast, but i haven't gone so far as to take a look at the full header info or anything of that sort yet... i just mark them as junk and completly delete them from Mail when i get a chance... i'll check out the header info later...
so its reassuring to hear that there shouldn't be much to worry about in terms of spyware, but is there a way to block or filter them in Mail?

[amazing]

Originally Posted by Apfhex

BTW, amazing, mephastopholes is talking about emails with no SENDER, either.

Who's the ISP? If it's Comcast, then you're not alone, *lots* of users have been getting these emails and in most cases they do not contain viruses, they are genuinely totally blank (that is not to says yours don't contain viruses though, but with a Mac you're safe). Let me guess, "Sending client does not conform to RFC822 minimum requirements," right?

Yes, blank senders as well, that's listed in my post under "blank subject and from lines".

In the past, seemingly blank emails have contained html all colored in white, so it doesn't show up visually, but it's still there. Presumably that's what's happening here.

If you use "whois" to trace the infected IP, you'll see they're coming from all over. I've seen IPs in Japan, St Louis, Queensland (Australia). I'm scratching my head trying to figure out how my email address got into address books that far away.

[Millennium]

Originally Posted by mephastopholes

thanks for the responses... apfhex, you are correct, the isp is comcast, but i haven't gone so far as to take a look at the full header info or anything of that sort yet... i just mark them as junk and completly delete them from Mail when i get a chance... i'll check out the header info later...
so its reassuring to hear that there shouldn't be much to worry about in terms of spyware, but is there a way to block or filter them in Mail?

Theoretically, if you keep telling Mail that it's spam, it should eventually start doing so automatically. Mail's spam filter works that way; when you tell it that a specific message is spam, it remembers what you told it, and compared new e-mails to the ones that you told it was spam. This lets it tailor its filtering to your specific needs.

The messages are a nuisance, and they do probably carry spyware. However, that spyware cannot infect you, because you're not using Windows and Outlook or IE. Even if such spyware were to be written for the Mac, you would have to deliberately download and run the attachment in order to run it, because no Mac mail program automatically runs software embedded in e-mails just because you read or download the e-mail.

[rickey939]

Originally Posted by amazing

those emails with blank subject and from lines are the Davinia.B email worm. Here's the Symantec description:

"VBS.Davinia.B is an email worm that mails a message written in HTML to everyone in your Microsoft Outlook address book."
"The message has no subject line and appears blank, but it contains HTML code that starts Internet Explorer and attempts to download and open a Microsoft Word 2000 document"

http://securityresponse.symantec.com...davinia.b.html

It doesn't infect or affect the Mac, natch, but it's sure a pain deleting them all. The further description also states that the infected target MS Word 2000 doc has been deleted off the server, so nothing further happens, or so we're led to believe.

What it means is that someone who has Windows and your email address is infected, and their PC is spewing out this stuff. See if you can identify any clues in the headers?

Awwww, that explains it. I've been getting these left and right the past few days! Arrgghh...

[Apfhex]

Originally Posted by amazing

Yes, blank senders as well, that's listed in my post under "blank subject and from lines".

In the past, seemingly blank emails have contained html all colored in white, so it doesn't show up visually, but it's still there. Presumably that's what's happening here.

Sorry, I read you post multiple times and I still missed that. I suggested that the emails being sent to Comcast users contained no viruses/spyware because users on the Comcast.net forums were reporting that they inspected the raw content of the messages and there was nothing at all in them beyond the non-compliant header. Using Mail's "Raw Source" view I also see nothing else in these messages (I have 8 of them sitting in my Junk mailbox right now). I was able to filter them by adding a rule that says to move all messages that do NOT contain "@" in the From field to the Junk mailbox.

[mephastopholes]

hello all...
jsut wanted to follow up... i was anticipating setting up a rule as stated above, but have noticed that the empty emails have seemingly ended (at least for now)... ya'll must have said something loud enuf for comcast to hear...
thx for all of the input again...



now, for that dang spam...