Main Menu

Bogus Emails: Birther virus?

I just got this email from Gerry Nance to the Obama Conspiracy Theories email address. You might remember Nance as an early participant in the birther movement. I featured him in an article about a year ago. Any time a birther of note tries to communicate with me, I’m interested, so I clicked on the shortened hyperlink following “What do you think of this?” and I ended up on a web page made to look like MSNBC (but not at MSNBC) touting a work at home scheme.

I have no thought that Nance sent the email intentionally. It’s just another in a long line of emails forged to come from someone I know, but aren’t from them. The connections seem to be from folks that I am friends with on Facebook, or from folks who have appeared on this web site. Nance’s email came from a Yahoo email server with an att.net email address (which is normal for AT&T customers).

It’s a little spooky, however, that somebody found the direct email to the site, which isn’t actually on the site. I guess Nance had my email address in his address book. I might have had him in mine too.

Update:

Ha! Just got another one from “Walter Francis Fitzpatrick III”, this time to my personal email address. The headers indicate it came from Gmail. Fitzpatrick is not in my address book; I checked.

The headers of both of these emails look legit to me (and I have some experience reading email headers) and they indicate that they came from the email accounts of the persons named. That suggests that they have both had their accounts compromised. So far, fingers crossed, I haven’t had any complaints of spam emails coming from me.

Update 2:

I don’t know whether this is just an inflated comment on my article or whether there is a full-fledged outbreak of email virus infection among the birthers. Orly Taitz published this headline yesterday:

Obots hijacked the e-mail accounts of most of my supporters and investigators. This is an additional charge for the RICO complaint

I only mentioned two, but now it’s “most of my supporters and investigators.” WOWZERS!

Print Friendly

14 Responses to Bogus Emails: Birther virus?

  1. avatar
    Dave January 30, 2013 at 5:03 pm #

    The usual mechanism is that a virus looks at the address book and/or saved emails on the infected machine and picks one address at random to send email to, and another address at random to forge as the “from.” If that’s the case here, the clue would be whose computer would have both those addresses on it.

    If one were really interested, you can figure out a lot from examining the full headers of the email message you got. The “Received” lines trace all the mail servers it passed through, and will show at the least the IP address of the infected machine the message came from.

  2. avatar
    roald January 30, 2013 at 5:28 pm #

    Someone figured out the password to an email account I access via a web site. With those credentials, they were able to send email that appeared to be coming from me. I had to change the both the password and the password hint before I got rid of them. A couple of years later, I still check the sent folder for messages I did not send.

  3. avatar
    elmo January 30, 2013 at 6:05 pm #

    Better do a thorough scan of your computer. When you click on a link like that in an email, you can be allowing the virus program access to your own email address book.

    This happened to my husband.

  4. avatar
    Dr. Conspiracy January 30, 2013 at 6:58 pm #

    A good suggestion.

    I ran a full scan (there is a quick scan scheduled on a weekly basis) and if found 4 things, a trojan downloader and some Java exploits. The Java exploits were for Java 7 SE, but I’m running Java 6. Still, it didn’t look like there was much, and it’s cleaned now.

    It looks like I got the things before the virus definitions for them were released. I’ve now changed my scheduled scan to do a full scan.

    elmo: Better do a thorough scan of your computer.

  5. avatar
    JRC January 31, 2013 at 1:07 am #

    Dr. Conspiracy:
    A good suggestion.

    I ran a full scan (there is a quick scan scheduled on a weekly basis) and if found 4 things, a trojan downloader and some Java exploits. The Java exploits were for Java 7 SE, but I’m running Java 6. Still, it didn’t look like there was much, and it’s cleaned now.

    It looks like I got the things before the virus definitions for them were released. I’ve now changed my scheduled scan to do a full scan.

    Sorry to bother, but Java 5-7 should be uninstalled from your computer unless you absolutely need Java. There is an exploit. I mentioned in chat on RC’s show a couple weeks ago.

    Anyway, here is a link about the issue and exploit.

    http://www.zdnet.com/java-update-doesnt-prevent-silent-exploits-at-all-7000010422/?s_cid=e539

  6. avatar
    Dr. Conspiracy January 31, 2013 at 1:09 am #

    I have a critical application in Java.

    JRC: Sorry to bother, but Java 5-7 should be uninstalled from your computer unless you absolutely need Java. There is an exploit. I mentioned in chat on RC’s show a couple weeks ago.

  7. avatar
    JRC January 31, 2013 at 1:16 am #

    http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0422

    Sorry this is the link that talks about earlier versions of Java. If you have something you really need, then I can’t say whether to stay with 6 or upgrade to 7 and try the fix. Just keep an eye on things. The other problem going on now is uPNP, just so you know.

  8. avatar
    JRC January 31, 2013 at 1:20 am #

    And I’m an idiot. The link I gave says that Java 6 doesn’t seem to fall for the exploit. My apologies. I’m fairly certain I’ve read it was. :( Again Sorry.

  9. avatar
    JRC January 31, 2013 at 1:33 am #

    In my defense, I most likely read it there, and then they updated. Of course it was my responsibility to recheck, and the failure was still on my part.

  10. avatar
    aesthetocyst January 31, 2013 at 2:49 am #

    The Obot worm revealed right on schedule!

    Cause, you know, the perfect time for that final flip of the bird wouldn’t be 2nd-term Inauguration Day, but rather 9 days later. Heh.

  11. avatar
    Monkey Boy January 31, 2013 at 6:48 am #

    Java 6 does have a vulnerability. So, I updated to java 7 and also got a vulnerability.

    I program in java, so removing or disabling it is a non-starter; however, my browsers–google chrome and opera, allow me to disable plugins which I have done for java. So, I can surf without worrying about that particular thing.

    Whenever I need java in a browser (for doublecrostics, I enable java for the session.

  12. avatar
    Dr. Conspiracy February 1, 2013 at 9:10 am #

    This article has been updated.

  13. avatar
    Dr. Conspiracy February 2, 2013 at 4:39 pm #

    Java 7, release 13 is supposed to fix it.

    Monkey Boy: Java 6 does have a vulnerability. So, I updated to java 7 and also got a vulnerability.

  14. avatar
    SueDB February 4, 2013 at 10:25 am #

    The other problem going on now is uPNP
    Either go into your router settings (the box that plugs into the cable modem – for most folks) and uncheck the checkbox authorizing upnp. Then go to the system panel (under administrative tools) in the control panel and right click the entry for upnp – if it isn’t turned off . turn it off.

    I use NOSCRIPT on my browsers along with Adblock Plus. – Malwre Bytes, Spybot S&Destroy… Windows…works good when it isn’t screwed up…One of these days I will have it working good.