dlish

recently i got thi email which ive posted below.. not sure if this is a scam or not, but i just wanted to see if anyone knows anything about it. i never intended to reply, and i never do ..but this one was different than all the other emails ive gotten (like the nigerian scam etc).. so just wanted to see what you guys think...

anyways..here it is...
Hi - (my email address)@hotmail.com

Please be assured that you will not receive this e-mail again, it is a one off mailing!

Recently I received a chain letter (A piece of mail that was forwarded to me) that contained your e-mail along with several other peoples.

I thought that as your e-mail address was contained in one of these chain letters (forwards) you might have others that you would be willing to send to me. I know that this might sound a bit bizarre but I can assure you that this is a serious request. I am involved in a research project that is based over the next year, we are analysing Internet mail and trying to come up with some fairly accurate results as far as trends and patterns are concerned, we also need some accurate data regarding the type of mail that circulates around the internet, we know that 69% of all mail is Spam but what we don’t know is what % of that Spam accounts for chain mail (forwards of any type, something that has been forwarded to you, a piece of mail that has formed part of a chain).

I would be very grateful if you would be kind enough to forward absolutely anything and everything that remotely resembles chain mail, forwards of any type (even the rude ones). This project is based over the next year and I need at least 500,000 forwards for this project to be a success, so please keep them coming the more the better and don’t worry I have some pretty huge mail boxes to cope with this.

I would be most grateful if you would be kind enough to forward this e-mail to all your friends & family as I need as many as I can get my hands on for the project to be successful
Please send all chain mail (forwards) to the following address. gemma28@research-project.org

Everyone that helps will receive a copy of our results and findings in January of next year so please help if you can.

Thanks

Gemma

Reference No - (OB58P71ZMLE)

You will only receive this mail the once, it will not be sent to you again and your e-mail address will not be passed on, however to conform to the law we must give you the opportunity to have your e-mail removed from our list. Please reply with the word delete to have your address removed.

__________________
An injustice anywhere, is an injustice everywhere

I always sign my facebook comments with ()()===========(}. Does that make me gay?
- Filthy

paulskinback

My one golden rule - don't do it

who knows what the purpose is, or whether or not it should be done - spyware etc is not what you need

Unless you want a dead PC

__________________
'Everything that can be invented has been invented.- - 1899, Charles Duell, U.S. Office of Patents.

'There is no reason anyone would want a computer in their home.' - Ken Olson, 1977, Digital Equipment Corporation

CSflim

I don't think it is a scam email. The only thing that they could benefit from you replying to them is that they would then know that your account is active.
However, one thing which is noticeable in that mail is the lack of any dates. Since they are asking this mail to be forwarded around, it will be given an indefinite lifespan - far outliving the research project. If it were genuine I would have not expected such an oversight.

__________________

cyrnel

In addition to the above warnings, participating in chain-messaging is a violation of many-an-ISP's terms of service.

__________________
There are a vast number of people who are uninformed and heavily propagandized, but fundamentally decent. The propaganda that inundates them is effective when unchallenged, but much of it goes only skin deep. If they can be brought to raise questions and apply their decent instincts and basic intelligence, many people quickly escape the confines of the doctrinal system and are willing to do something to help others who are really suffering and oppressed." -Manufacturing Consent: Noam Chomsky and the Media, p. 195

Reese

It's most likely just another way to gather email addresses. The email address' domain name isn't a legit site, there's no date mentioned, and there's no website to visit to get more information or even a real name of the person doing the project.. If you reply to get taken off their list you confirm to them that your address is active, if you forward everything to them they confirm you're active and get hundreds of other email addresses.

__________________
“It is better to be rich and healthy than poor and sick” - Dave Barry

Astrocloud

Yeah, it's called harvesting. They are harvesting your email so that you can be spammed in the future.

ngdawg

People still open emails from unknown senders??? You're lucky you didn't get a fatal virus
Never ever forward things like that....besides the fact that your friends will probably get pissed, you might very well be exposing yourself and them to a lot more than annoying spam.

__________________
Don't blame me. I didn't vote for either of'em.

Astrocloud

Unless you set your email tool to automatically open attachments -you can not get a virus from merely opening emails.

ngdawg

Why take the chance since, if you don't know who the sender is, you wouldn't know what's attached, etc?....And weren't some of the warnings last year about just opening certain captioned emails? Still think it's a risk that's totally avoidable. There's enough computer-killing crap out there as it is and seemingly harmless links, etc., from people I know have caused me grief.

__________________
Don't blame me. I didn't vote for either of'em.

Astrocloud

Even if the email is from someone you know -it could be a virus... Probably even a higher percentage chance of it because many virus's take over people's mailbox's. Just keep your virus software updated and don't open attachments.

Bryndian_Dhai

This is what Snopes.com had to say about Gemma's project:

Gemma Brown

Text of report:

Claim: Gemma Brown is collecting spam and chain e-mails for a university study.

Status: False.

Example: [Collected via e-mail, 2005]

Sent from Gemma Brown.

I recently received a chain letter (A piece of mail that had been forwarded to me) that had your e-mail address in it along with several other peoples.

I thought that as your mail address was on one of these chain letters (forwards) you may have others that you would be willing to send to me. I know that this might sound like a daft request but I can assure you that this is a serious request. I am involved in a university project that is based over a year and we are analysing Internet mail, we are trying to ascertain trends and patterns to come up with some fairly accurate statistics regarding the type of mail that circulates around the internet, we know that 70% of all mail is spam but what we don’t know is what percentage of that spam accounts for chain mail (forwards of any type, something that has been forwarded to you, a piece of mail that has formed part of a chain).

Please send absolutely anything and everything that remotely resembles chain mail, forwards of any type (even the rude ones). My project is based over a year and I need one million forwards for this project to be a success, so please keep them coming and don’t worry I have some pretty huge mail boxes.

I would be grateful if you would be kind enough to forward this piece of mail to all your friends as I need as much help as I can get.

Please send all chain mail (forwards) to the following address. gemma17@research-project.org

Everyone that helps will receive a copy of our results and findings in January of next year so please help if you can.

Thanks
Gemma

Reference No - (3OMOZF5WS17)

You will only receive this mail the once, it will not be sent to you again and your e-mail address will not be passed on, however to conform to the law we must give you the opportunity to have your e-mail removed from our list. Please reply with the word delete to have your address removed.

Origins: Multiple versions of this purported "university project" message have been circulating since early 2004, using a variety of different e-mail contact addresses at the research-project.org domain (e.g., gemma3, gemma4, gemma15, gemma17). We've found no evidence that this message is connected to a university research project or any other legitimate purpose, or that such as person as 'Gemma Brown' even exists, however.

The web site www.research-project.org has never displayed anything other than a "This site is currently under construction" notice, and the domain was registered by someone using an e-mail address from Who-Remembers-Me.com, a site that has been the subject of numerous spamming complaints.

Last updated: 1 November 2005

__________________
“When facism comes to America it will be wrapped in the flag and carrying a cross.”
~Sinclair Lewis

Martian

Yeah, the only thing about this that has to do with education is that it's a textbook example of email harvesting. You set up an inbox, ask people to forward stuff to it for 'study'.. then you set up a simple script that pulls out any strings conting *@*.* ... suddenly you have hundreds of emails which can be sold to advertisers for profit.

Best thing to do is to ignore it.

As to viruses, it is possible to get a virus from opening an email under the right circumstances. The two possibilities are via an OE exploit or via an IE exploit. I can't list any off the top of my head, but from time to time an exploit will come out in Internet Explorer that allows someone to run malicious code via a website being displayed. You can embed stuff like that in an email. The alternative is Outlook Express, which through unsecure settings can be made to open attachments and what-not automatically. If you don't use either of those programs you're probably safe, so long as you don't open any attachments.

I still don't open emails from unknown senders for the simple fact that it's not worth my time. If I don't know who's sending me something it's probably spam and can safely be ignored.

__________________
I wake up in the morning more tired than before I slept
I get through cryin' and I'm sadder than before I wept
I get through thinkin' now, and the thoughts have left my head
I get through speakin' and I can't remember, not a word that I said

- Ben Harper, Show Me A Little Shame

JStrider

heres a bunch of info someone dug up
http://www.joewein.de/sw/spam-gemma-...ch-project.htm

__________________
-=JStrider=-

~Clatto Verata Nicto

xepherys

a) It may or may not be spam. As mentioned before, some spammers will harvest and then verify emails. Or, perhaps someone just wants that email address spammed with replies?

b) You cannot get a virus, trojan horses or other malware without opening an attachment. May email application, including Microsoft Outlook, open the text by default into a view window. Text alone cannot damage your PC. HOWEVER, just because an attachment has a .txt extension does NOT mean it is safe.

c) No, don't click on LINKS from, or open ATTACHMENTS on email from unknown senders. This is obviously a good plan.

d) Forwarding mail outbound cannot put spyware on your PC. *boggle*


While I agree with safe rather than sorry, it helps to be informed of what the actual issues are.

dlish

thanks guys... i do open emails from people i know cos its called 'running a business'. i give my card out to people, and some decide to contact me via email at some point, so i cant really ignore emails from senders i dont know.

thanks for all your help guys.

__________________
An injustice anywhere, is an injustice everywhere

I always sign my facebook comments with ()()===========(}. Does that make me gay?
- Filthy

oldtimer

That is absolutely incorrect as Martian & ngdawg clearly pointed out. And that makes me pissed as A LOT of people follow your thinkin'. Opening attachments is NOT the only way to contract a virus. Believe it or not there was a exploit in the picture file type of WMF [Windows Meta file] that will surreptitiously download crap onto your computer w/o any form of notification or prompt. There are different methods other than attachments by embedding in emails.

As a general rule of thumb: NEVER OPEN THAT CRAP! Even if you have attachments set to automatically not show b/c some pics hotlink therefore do not have attachments in the 1st place. The classic saying fits this situation: Curiousity killed the cat - the "pc" in this case.

Example 1 & 2

Educate yourselves, please! The ignorance is getting annoying. I'm not crying wolf.

__________________
Slowly but surely getting over the loss of TFP v. 3.0.
Where the hell am I?....
Showering once a month does not make you a better person.

"The ultimate measure of a man is not where he stands in moments of comfort, but where he stands at times of challenge and controversy."
Martin Luther King, Jr.

Jinn

While I cannot speak for the poster above who said that email alone cannot hurt you, they are semantically correct -- Plain Text EMails cannot harm your computer.

I understand that you may have read about exploits in Outlook or Internet Explorer, but I must say again; plaintext emails cannot have executable code contained within, and can therefore NOT harm your computer in any way-shape-or-form.

In the same way that reading my post cannot harm your computer in any way, neither can reading plaintext email. The "exploits" you're talking about are because Microsoft chooses to allow certain emails to imbed HTML and executable content, not because email is inherently insecure. By shoehorning "web" features into an email client like Outlook, Microsoft allows for the possibility of imbedded (and likely malicious) executable code. If you were, for example, to view the email in a viewer like Thunderbird (http://www.mozilla.com/thunderbird/) or a web-viewer with HTML disabled, such as Gmail (www.gmail.com), you would find that these "exploits" were nonexistant.

You may even have known what I just said, but chose to omit it from your post. I think it's far more friendly to provide a workaround solution than to chastise someone for doing something, and warning them not to do it in the future. In this case, you can open any damn email you want as long as you use a non-"dynamic" viewer.. one that does not support imbedding or HTML formatting instructions. If you're going to get in a huff and warn everyone about the latest "WARNING WARNING VIRUS" news release you read, you might want to educate yourself and others on the TRUE ramifications before crying wolf.

__________________
"I'm typing on a computer of science, which is being sent by science wires to a little science server where you can access it. I'm not typing on a computer of philosophy or religion or whatever other thing you think can be used to understand the universe because they're a poor substitute in the role of understanding the universe which exists independent from ourselves." - Willravel

oldtimer

Jinn, I agree wholeheartedly plain text emails are safe and you're right, I was aware. But he was referencing spam in general and he was plain wrong when saying only attachments had to be opened to be exploited. Futhermore, how do you know a e-mail is plain text before you open it? Much less the type of protection varies from one e-mail carrier to the next. Hotmail is the most commonly exploited I believe, among a lot of generic ones.

I also forgot to mention I use both Firefox [religiously] and Thunderbird [once in a while]. And to say, if you're really curious go to you local library and use their computers. Or, as you mentioned use a browser/e-mail client innoculate against this. I didn't recommend them b/c they're not very popular even though I like them - people are complacent w/ IE and in turn, a lot of sites render correctly w/ IE and not Firefox. As for TB, I was never an OE kind of guy, much less TB, and assume most people are preferential to what's default and recognizable to them [OE]. Sorry if I'm not all about giving people alternatives, they usually don't care or have the time to master a new application.

There was no hostility meant. Just plain anger at the status quo [not to mention every kind of *ware other than soft & hard ] and how that bit of "advice" seems to circulate and thought of as always right. It's not.

__________________
Slowly but surely getting over the loss of TFP v. 3.0.
Where the hell am I?....
Showering once a month does not make you a better person.

"The ultimate measure of a man is not where he stands in moments of comfort, but where he stands at times of challenge and controversy."
Martin Luther King, Jr.

xepherys

Again, I will now educate YOU. First of all, embedded images ARE, in fact, attachments. Some application will show them, by default, in the properly embedded areas. These should be treated the same as attachments. If you use an application that automatically views embedded files, you should disable that option. Much more than WMF files can be embedded and many can be dangerous. Again, Outlook and many other applications will show you text in another panel automatically. Also, as dlishguy pointed out, sometimes the less obvious subjects HAVE to be opened if you are using business email. Care can be taken to allow viewing of TEXT ONLY (as I said before) without attachments, embedded files, RTF, HTML or anything other than 100% plaintext. You can THEN choose to fully open the email if you need/want to. *sigh* It's fine to preach, just be sure you understand WHAT you are preaching. Hell, even webmail applications will often not show embedded objects or HTML images FOR THAT VERY REASON. Squirrel Mail, for instance, requires you to click a link to "Show Unsafe Images" which actually means ALL images by it's own definition. I agree, the ignorance is getting annoying. Email is easily the #1 form of communication in today's world for many people. It's not always easy to say for sure that something is bad. Hell, many viruses spread via attachments sent to you by people YOU KNOW. So you can't use the rule "If you don't know the sender, don't open it" because that doesn't assure your safety either. So what then? Never open ANY email? Again, be VERY careful with attachments, make sure embedded files do not show in your preview pane (easy to configure, default in many cases nowadays).

Edit:

As a side note, I want to explain my qualifications in this matter. This is not a "toot my own horn" issue, but so that it's not just more ignorant assumption being put out or just what I've read or heard. I am a Security Services Manager for a security services firm. 50+ hours per week are spent by me protecting my clients from malware, spam, viruses, botnets and other nasties and the miscreants behind them. I do this for small, medium and large (national/global) companies. I agree with what oldtimer is saying... you don't KNOW what it is... that's why you should ALWAYS use a plaintext-only preview pane. Then you can see the basis for the content AND be safe in your viewing. Maybe I wasn't clear enough in my first post... I apologize. Embedded files ARE attachments... Outlook is just good at opening them unless you tell it not to by default. Happy emailing!

xepherys

For the sake of the TFP, I will not remove the above post. I wanted to apologize in advance if anyone felt I was being cocky or the like. It just seems, in my day-to-day experience, that a LOT of people take their views and uneducated opinions about security and preach them as cold, hard fact. I just want to get the correct and true word out there to help my fellow TFPers. *hugs*

oldtimer

Basically my comments were about webmail [email viewed in the broswer] in general but I wanted to see your reply first to see your grasp on things. Yours seem to be heavily-centered on email clients, those I'm not blasting.

Of course, I was only providing one example. It even branches to non-image objects contained in the e-mail.

Exactly per webmail safeguards [some people find this annoying though and disable it]. When I said hotlinked images are not attachments - this is true in webmail. Take Hotmail for example, there is no paper clip indicating an attachment when you hotlink images [amongst other things hidden in HTML coding]. Therefore making the email seem less harmful than it could potentially be.

Thanks for agreeing. And you did recommend that rule, as I'm sure you're aware. But I don't advocate that rule for the very reason you said. I was operating on the more easily pre-conceived notion of "SPAM". Specifically judging from the horribly, fake looking domains in the sender's email (best defense so far that should be adopted by ALL web e-mail: Gmail's mouseover sender name w/o opening email), if there isn't a falsified 1st & last name to obscure it (you're forced to open it to learn), and by looking at the 95% of time ridiculously named subject lines - they are very easy to spot.

Understandably, you say spam is disguised as coming from contacts. But even then the subject titles ["family photos" opposed to "nude girls" is obviously going to trick you] should alert you or at least make you privvy to a behavior not of your comrades, unless you frequently exchange photos of yourselves and the like then you're doomed. Much less, ALL attachments are scanned by major web-based clients nowadays. Yet the problem is this isn't always fullproof b/c they're usually brand new viruses exploiting brand new flaws in the application [most commonly IE].

I'm not saying "Never open ANY email". NEVER open ANY suspicious email. Period. Use your common sense.

By all means, toot it! I love the work people in your field do and appreciate it day in and day out. But I've personally dealt with these demons myself and heavily immersed myself in this area. If I'm guilty of anything, it is for lack of detail [I didn't want to nerd out anybody] and more robust compilings making for a good example [I was pressed for time]. But again, I was never debating this in OE or any email client specifically. But web e-mail opened in a browser.

Lastly, not everybody's computer has the same level of protection as we would deem "acceptable" - people on old OS'es, lack of Windows Updates, zero anti-virus, Active X enabled, Java enabled, VBScript enabled, etc. That's why it's best to teach people to avoid reading that particular questionable e-mail [staying in webmail now] altogether. Just sayin'. Hopefully it will teach that rare innocent sender to revise his e-mail habits.

__________________
Slowly but surely getting over the loss of TFP v. 3.0.
Where the hell am I?....
Showering once a month does not make you a better person.

"The ultimate measure of a man is not where he stands in moments of comfort, but where he stands at times of challenge and controversy."
Martin Luther King, Jr.

Astrocloud

As far as opening image files... Consider those files as attachments. You should set your computer to not open them unless you give your okay. In fact -if you want to be completely safe -don't surf the internet either.

xepherys

oldtimer-

I'm glad we agree... sorry I didn't see it at first, lol.