theoldwolf | Entries tagged with spam

In the last week my journal has been inundated with spam comments from multiple bot accounts. The spam message is always the same:

Hey This is hard for me because I have never done anything like this.. but I have a huge crush on you. I have never been able to tell you for reasons which you would quickly identify as obvious if you knew who this was. I'm really attracted to you and I think you would be wanting to get with *Read FULL Card Here* http://hornylove.unudulmaz.bork [link obfuscated]

The URL redirects to a porn site being run by citysex.com - the WHOIS info is below.

[Querying whois.verisign-grs.com]
[whois.verisign-grs.com]
Whois Server Version 2.0
Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.
   Domain Name: CITYSEX.COM
   Registrar: ENOM, INC.
   Whois Server: whois.enom.com
   Referral URL: http://www.enom.com

   Name Server: DNS5.TNCSERVERS.NET
   Name Server: DNS6.TNCSERVERS.NET
   Status: clientTransferProhibited
   Updated Date: 08-dec-2011
   Creation Date: 06-jan-1999
   Expiration Date: 06-jan-2013

Today's bot accounts were sundzregmemi, owenoo9, wenawe, and dopentingvil. The bots are regularly reported to LiveJournal, and they seem to be working to delete them quickly, but the flood continues.

Things like this are more an annoyance than anything else - I've reported the abuse to Enom, not really hoping that they can do anything about it, or care to, but I've done all I can.

I just wondered if anyone on my F-list has been plagued by similar messages?

EDIT: Based on the consensus expressed in the commentary below, I changed my comment status to "friends only," which stopped the spam cold. I don't like having to do this, but it saves me the constant cleanup.

Current Mood: annoyed

From: Teng <teng_za@yzplas.com>
To: [address obscured]
Subject: [SPAM] We are China Plastic & Metal moulding and products plant offer
competitive service

Hello Potential customer and friend,

Hello.

Permit me to introduce our company and why you might consider developing a mutually advantageous business relationship with us.

Our company has more than 15 years experience in moulding, aluminium and plastic processing. we employ 20 professional technicians and buy 4000M2 of mould making in house and have a wide range of mould making machines and equipment, such as machining center, electric pulse, milling machine, wire cutting machine, etc., and use CAD/CAM/CAE design techniques, which allows us to fulfill comprehensive and continuous production, resulting in cost reductions, time saving and quality improvements. We mainly manufacture barrels, electric tools, auto accessories, bags and cases, fans, dust cleaners, rubber articles, small household appliances, glass fiber reinforced plastic moulds and many other products. We also make the moulds for small objects such as toothbrush, pens, small gears ....
Our plastic lines produce finished and semi-finished plastic products.

We are interested in discussing your requirements and look forward to working with you.

Best regards
Ms. Hoo
Yazhou mould co., ltd.
Yuyao, Ningbo, Zhejiang
www.yzmoldings.com

My response:

buxie

Which, more or less, says "I don't do business with spammers."

Current Mood: cynical

In my mailbox this morning:

From: "Pharmacy!Express,#1016849 |the gate i am sorry to,"
Subject: FW: 0rdÐµr# 1016849 Doing her all night with no breaks is a priceless ability'-
To: austral_neo_progressive@yahoo.com, lilreeree1980@yahoo.com

Au t hori s edirid eeems irle leseri on lin e

http://y.ahoo.it/ywVxqG+?/2012/6/and not very clean none of [link obfuscated]

Why would anyone with more than a third-grade education, seeing something like this in their mailbox, be prompted to click on the link?

Dear Russian Criminals, please die in slow agony now.

Current Mood: annoyed

Livejournal user and friend

thefoxaroo sent me this - an interesting piece of junk that showed up in his mailbox. I've never seen one like it.

My name is This is Asiliya. I'm from Azerbaijan. It's independetseparate
muslim country.

I'm 28 years old. You can seedescry my fotophotograph with this my
lettermessage. I really hopedesire that you will likeplease this. I'm very
tendersoft and sensitivesensory girl. I've never marriedringed and I have no
kids.

I'm very lonelylone in my life. I'm looking forlook for goodsatisfactory
and strongheavy manguy. Maybe this mansoul mate is you.

I found your e-mail address in internationaltransborder datingdate agency.
So I would likefetch to speaksay with you more by e-mail and learnknow you
betterrater. So if you stillso far free from seriousgrave relations, I will
be wait for you answerreturn.

I hopedesire I didn't taketake up too much of your free time when you read
this letter.
Asiliya

What I find intriguing is the doubling-up of synonyms. I'm terribly curious as to what mechanism the writer is using to create this message. Obviously they are using dictionary lookup of some sort, but the result is doubleplus crazywild.

And as far as that goes, I'm a goodsatisfactory and strongheavy manguy, but I'm already takenmarried.

Current Mood: curious

Recently two email addresses which are linked to businesses that I run have been flooded with Russian pharmacy spam. These addresses have been quiet for years, but apparently the spammers were able to scrape them from somewhere. Interestingly enough, both Comcast and Gmail filter these types of ads on the front end, so I never see them, but these two addresses are linked to Hostgator, which has no such front-end spam filters; however, they are kind enough to flag them as spam based on the following criteria:


[URIs: rxsexpills03.ru]    Contains an URL listed in 5 separate blocklists
0.0 HK_NAME_DRUGS          From name contains drugs
4.4 KB_RATWARE_OUTLOOK_MID KB_RATWARE_OUTLOOK_MID
1.6 RCVD_IN_BRBL_LASTEXT   RBL: RCVD_IN_BRBL_LASTEXT
[187.114.172.92 listed in bb.barracudacentral.org]
0.0 HTML_MESSAGE           BODY: HTML included in message
1.3 RDNS_NONE              Delivered to internal network by a host with no rDNS
1.8 LONGWORDS              Long string of long words
0.0 TO_IN_SUBJ             To address is in Subject
0.0 T_REMOTE_IMAGE         Message contains an external image
0.0 SUBJ_OBFU_PUNCT_FEW    Possible punctuation-obfuscated Subject: header

The only thing visible in the email are the above images, but behind the images are long strings of random text:

telling offices mattocks meantime you transmutation shown islands dat unto former miracle passengers swilldown let remedy herbstinking traveller comte arrived recall bow nose short bedlam philosophers between stomach expugnatory wolves fine big quod worth put secured arimaspes prisoners longskirted loads roasted jasper arch platonic wolves convocated estienne occidental dingdong. each farthingale packing nick bowl administer delectable woodporter anchovy news cups gave overthrow cups friar archer gave hereafter reckoning thither [...]

These are designed to thwart Bayesian spam filtering, but for the most part are not effective.

Click on the link, and you are redirected to an ever-changing URL, which AVG promptly blocks:

In other words, not only are they trying to sell you worthless, counterfeit drugs and steal your credit card information, but you're also downloading some sort of virus. AVG outlines the nature of the Pharmacy Spam Exploit; Symantec provides a detailed explanation as to how the Pharmacy Spam operation is structured; and the Spamhaus project provides a list of the world's 10 most prolific spammers. I do not doubt that this latest flood of hqiz is coming from one of these operations.

While stemming the tide may seem like an impossible task, it is somewhat comforting to know that there are people out there working on it, and - as can be seen with the Estonian gang - can have success in shutting down illegal operations.

I'm grateful to providers like Comcast who filter this stuff out before it even gets to my computer, and to those working to combat this plague; also to AVG, which provides protection against countless threats and exploits.

Moral: Practice safe computing, don't click on unknown links in email messages, and make sure you have good anti-virus protection running on your machine.

Current Mood: tired

Stay away from these people.

Hello If you are using Google AdWords or other pay per click advertising, you probably know that in order to be listed on top of search engine you need to bid highest price per click than your competitors, and you need to pay each time someone clicks on your link on paid search results. In most cases this is too hard and too expensive for most of people, so we developed less expensive and more simple solution. In few words, Our Banner Technology will put your website above all your competitors without Pay Per Click Charges, and you will not have competitors on keywords that you choose during whole year, and if you decide to continue, you'll have first right now renewal. We guarantee you traffic for your keyword and Prime Positioning during whole year. Watch our demonstration video in order to get more info about our technology: http://www.firstpagebanner.info/demo.html Or see our online demo: - Go to our websites Online Demo - Type keyword that you need and your website [deleted] in online demo form - Click on Go and you'll see how it will look like For a personal demonstration and pricing, fill out our online quote form, or call us today. Best Regards, http://www.firstpagebanner.info

First: I would never do business with anyone that spams me.

Second: Their English is abominable. This leads me to believe this is a disreputable offshore outfit, here today and gone tomorrow. Registered on 20-Apr-12 in Scottsdale, AZ, through domainsbyproxy.com, a sleazy subsidiary of GoDaddy.com.

Third: keyword SEO is so 1990's, these people are targeting the ignorant. Sadly, they will probably make enough from untutored suckers to cover their costs and walk away with a tidy profit, only to begin another scam.

Current Mood: annoyed

Beware the "Pimsleur Approach". NOTE: This is not about the "Pimsleur Method," which I happen to endorse - it's about a very shady company that has been contracted as an affiliate marketer for that language acquisition system.

We're talking about rampant spamming, and deceptive marketing practices; I must get several of their spam mails each week, and the complaints board are full of unhappy people.

Look at their website:

Most people sign up for the $9.95 offer without reading the (†) box, which states:

† Pimsleur Rapid Fluency Purchase Program:
One month after you receive your Quick & Simple you'll begin receiving 30 day trial copies of advanced Pimsleur courses in the language you selected. Each course is yours to try for 30 days. You'll receive a new course once every 60 days. For each course you keep we'll bill you in four monthly payments of $64. Remember, there's never an immediate obligation to buy any course because of the 30-day trial period provided with each shipment. And you may cancel future shipments at any time by calling 1-877-802-5283. See Key Details.

The "Key Details" spell out in greater detail your obligation to receive and be charged $256.00 for each additional course they send you, the first 30 days after you place your initial order, and every 60 days thereafter.

Yes, it's all there on the website, but cleverly hidden in small, gray type which most people won't read. The complaints boards are rampant with people being charged recurring fees, difficulty obtaining refunds, rude customer support agents (a hallmark of shady operators who bully unhappy customers), and of course, the unbridled spamming.

Stay far away from this company. I'll be writing more about the actual Pimsleur Method later, but if you want to check it out, just head for your local library. It's a good bet they have several of the beginner courses there for you to check out for free and see if you like the method. If you can't find anything at your branch, go directly to Pimsleur's site - they offer a free lesson with each language so you can see how it works. If you decide you like the method, head over to Amazon where you can usually find the courses at a significant discount.

Just don't have anything to do with this sleazy "Pimsleur Approach" outfit.

This has been a public service announcement from The Old Wolf.

Current Mood: annoyed

The spam email I got advertising a PC Tuneup package leads to this address if I were to click on the image (the only kind of spam that gets through Comcast's filters these days:)

PHYSICATIONORS.INFO/polookie/gobbliegookkittykat/leaddrive/pc/pcu.asp

That sure looks like an outfit I'd want to do business with... Not!

Current Mood: aggravated

Rather than restricting Unsolicited Commercial Email (UCE), the CAN-SPAM act of 2003 was effectively a blanket permission for spammers to ply their trade. I have noticed that while many email providers, including mine (Comcast) have effective up-front spam filters, a good deal continues to slip through, mostly those consisting of random alphabet-soup headers and an image.

I wish the act included this verbage:

Every unsolicited commercial email must contain the following words in plain text in the body of the message: 'This may be an unsolicited commercial email.'

Harsh penalties would apply to all spammers who fail to include this disclaimer. This would allow spammers to continue to operate (legally, if not morally) under the existing act, and would give consumers the tool needed to filter out such hqiz if they do not wish to receive it. Legitimate vendors could then give their customer base the opportunity to white-list them, or to "opt-in" rather than forcing them to opt out of further mailings.

I hate spam with a passion, and would love to see it eliminated altogether.

Current Mood: annoyed

Second spam comment in the same thread in two days. CAPTCHA enabled for anonymous commmenters, but it still got through. Looks like it's coming from the same location in the Netherlands - suggestions by friends include a spoofed IP address or an unwitting part of a botnet. Very annoying, to say the least. No idea how to stop this hqiz from showing up in my journal.

Current Mood: annoyed

Apparently the raft of spam I mentioned in my last post is an attempt by an internet troll to get my goat - he or she or it [subsequently referred to as (s)he-it] has moved from posting annoying drivel on the webcomic forum that I frequent, to individual attacks on various members. This is legally actionable, if only there were a way to identify the wretched loser.

Today I received an email from a clairvoyant that - instead of offending me - gave me a good laugh to start the day. You can see it here. Apparently (s)he-it signed me up for a bunch of different nonsense using sophomoric names. The result was, in this case, excruciatingly funny.

I can only hope that at some point karma pays this pathetic waste of human cytoplasm back for the negativce energy (s)he-it is pumping into the universe.

From: taona@samart.co.th
To: undisclosed-recipients: ;
Subject: Account Verification

NOTICE: Comcast Internet Service subscribers

This message is from Comcast Messaging Center to all email account owners.We are
currently upgrading our data base and e-mail account center. We are deleting all
unused Comcast account to create more space for new accounts.You must reply to
this email address To prevent your account from closing, you will Have to
update it below so that we will know that it's a present used account.

CONFIRM YOUR EMAIL IDENTITY BELOW

Email Username :
EMAIL Password :
Date of Birth :
Warning Code :
Country or Territory :

Warning!!!Account owner (Comcast .com.net) is to update His or Her
account with in 24 Hours of receiving this warning will lose His or Her
account permanently.Kindly note that all details should be sent to to admin
manager.

Email:comcastaccount.update@ymail.com
THank you for using Comcast !
Warning Code:CNETIX2G99JBD
Comcast.net user is now a member of mySIGN-IN.
THanks, Management.

Yup, that's an official-looking email alright. Better send the information so my account isn't closed down...

Current Mood: aggravated
Current Location: Home
Current Music: Surfin' USA

So here's this in my mailbox:

>

Looked authentic enough, but when I clicked it, I was grateful I hadn't been drinking anything.

( Punchline behind the cut )
Silly spammers...

Current Mood: amused
Current Location: Home
Current Music: Jan-Edward Vogels - The Conversation

According to antivirus maker Symantec, 87 percent of e-mail traffic in the past year was spam, compared to just under 70 percent in 2008. More than 40 trillion spam messages were sent according to Symantec, which monitors about a third of the world's e-mail traffic. That's about 5,000 spam messages for every person on the planet.

More of that spam is harboring malicious software, or "malware," -- 2 percent of spam contained malware, a 900 percent increase from the previous year.

So much for the Can-Spam act... probably one of the most toothless pieces of legislation ever enacted by our mealy-mouthed "representatives". Notice those quote marks, folks. They sure as shootin' don't represent me.

If I look at the hqiz that fills up my Gmail spam folder, it pretty much follows Symantec's most recent spam report categorization:

Fortunately, Comcast (my home email provider) has fairly robust internal spam filters, so I don't see most of these. What gets through are exclusively one type of spam, where the body of the message contains nothing but an image with a link - for some reason Comcast can't seem to handle these yet. The bulk of what comes through are work-at-home scams, degree scams, açai berry scams, and the occasional Russian pharma piece.

87% of all email is spam, much of it criminal in nature, with virtually no solutions in sight. Wow... whoever could come up with a comprehensive solution to that problem would deserve the global medal of honor.

Current Mood: annoyed
Current Location: Home

Every now and then you find a company that has a soul as well as a bottom line. I reported another Nigerian Spammer to the relevant ISP, and today got this back from Outblaze:

Thank you for contacting the outblaze.com abuse desk.

The account you reported is now terminated, along with today's quota of sundry other Nigerian generals, bankers, engineers, attorneys and relatives of dead dictators.

Outblaze is one of the largest providers of webmail services in the world. As a responsible ISP, we hate spam, and we do not allow our network to be abused by spammers.

There is only one thing that we hate more than spammers - 419 (nigerian) scam artists abusing our systems.

I love it. These guys get a huge thumbs up from me.

Current Mood: amused
Current Location: Home

"Thout money, but he had for manager one Ethan Knowles, a cool-headed, tireless veteran of campaign battles, with David acting as assistant and speech maker. David was elected, went to the capital, and was honored with the office of speaker by unanimous vote. He had his plans carefully drawn for the election of Hume, who came down on the regular train and established headquarters at one of the hotels, surrounded by a quiet and determined body of men. Wilksley's supporters, a rollicking lot, had come by special train and were quartered at a club, dispensing champagne and greenbacks promiscuously and freely. There was also a third candidate, whose backers were non-committal, giving no intimation as to where their strength would go in case their candidate did not come in as a dark horse. When the night of the senatorial contest came the floor, galleries, and lobby of the House were crowd"

For the love of Mogg, Comcast - get your act together and filter this trash before it ever gets to me. I don't need Viagra or Cialis, and nothing you can sell me will "enlage" anything. I don't care to support this network of Russian hqiz-eaters.

Current Mood: infuriated
Current Location: Home
Current Music: Circle of Life

Over the last month or so, my mailbox has been flooded with spam from two predominant sources. One is the ever-present Canadian Pharmacy, which comes with a bunch of baysian-bypassing garbage, and then a distorted image prompting me to type "www.ba36.com" (or whatever this week's URL is) into my browser. I've seen this sort of garbage before, but for a long while Comcast managed to filter most of it out. I hope they get on top of this one.

The second is more puzzling. The headers will vary (the last one said "$1K Wal-Mart Gift Card"), but the message is usually blank, and consists only of an attached file with the following characteristics:

Named "hello recipient -re-cbhra".
The last letters change regularly.
Always 3K in size, although the actual length varies
Seem to contain random garbage, with the exception of the first characters, which are always (in HEX) "86 d9 a5 6e 87 72"
AVG Free never detects a virus in the attachment.

I've gotten 13 of these since the 10th of August, and it's just the geek in me that wonders what the purpose of these emails is...

As to the spammers... give me about 30 minutes with them, tied to chairs in a deserted hangar somewhere in the middle of Nevada... and a cattle prod.

Current Mood: aggravated
Current Location: Home
Current Music: Hey Jude