EMERGENCY REQUEST FOR HELP (AND A HEADACHE I DON'T NEED)
In the last two hours, I've started receiving dozens of bounce emails from various sites, all of them claiming that variations on the threeyearofhell.com email address have mailed them. Most of these files had attachments on them, and those attachments seemed particularly dodgy: they seem to be a payload for the SOBER.O virus or some variant. Most of them, however, had this standard SOBER.O text in them:
Account and Password Information are attached!Visit: http://www.threeyearsofhell.com
Now, here's the disasterous part. Somehow, this seems to have spammed a large number of addresses at USCourts.gov. Yes, that's right, a copy of this virus, seeming to come from my address, appears now to have landed in the inboxes of a completely unknowable number of judges. Or maybe I'm lucky: most of the bounce messages seem to be variations of proper email addresses.
I've now taken a couple of hours away from studying for exams to scan this--and all my other--hard drives to a fare-the-well. I've found nothing. I'm skeptical that these are being sent from my machine anyway: the email address most commonly used (blog--at--threeyearsofhell.com, replace --at-- with @) is one that I don't use to send outgoing mail. Furthermore, none of the addresses that are bouncing back come from my machine--it looks like they came from someone who either (a) had a list of judges on their site for clerkship purposes, and (b) had mailed the "contact me" address at my site. [1] Given that much of my readership is law students, though, that doesn't narrow it down much.
(Another reason that I'm skeptical that the mail is coming from my computer: to the best of my knowledge there's not a list of federal judges on my PC. I'm that far behind in considering clerkships.)
Does anyone know how I might track down the source of this problem? Some of the emails have source IP addresses, but TraceRT can only get so far as some locations in Atlanta that aren't particularly helpful.
In the meantime, if you're one of my readers, and especially if you've sent me an email recently, I'd ask you to please update your virus software and scan your hard drive. It can't hurt.
Just my luck, eh?
[1]: There's also the possibility that rather than poor fortune, someone's doing this intentionally. The last thing on earth I need just before clerk season is every Article III judge in the country getting an email from "me" with a nifty viral payload. But that's more paranoid than I care to be. UPDATE: To make it clear: it would be easy for this to be a coincidence. I really don't think it's intentional.
UPDATE II: One of the bounce messages has now included a copy of the virus. Does anyone know how to take one of these apart? There might be some clues on exactly where it came from.
Comments
Posted by: martin | May 4, 2005 5:29 AM
Posted by: Jonathan Link | May 4, 2005 7:47 AM
Posted by: Anthony | May 4, 2005 10:41 AM