Jump to content

Recent increase in Chinese spam


Recommended Posts

Since a few days, I'm getting a lot of spam from China. Here's my latest one:

http://www.spamcop.net/sc?id=z5486059763z0...e8ef8310c852cdz

Are other people seeing the same thing or is it just me?

Link to comment
Share on other sites

I think most of mine is currently coming through a botnet - mostly European origins, eastern Europe certainly over-represented, a bit of Chile, Brazil, a few from China, none of it appearing in blocklists, much marked by SC as "no master". Quite low volume, easily identified as spam, very little would be seen by the average recipient. Pretty pathetic really.

Link to comment
Share on other sites

I think most of mine is currently coming through a botnet - mostly European origins, eastern Europe certainly over-represented, a bit of Chile, Brazil, a few from China, none of it appearing in blocklists, much marked by SC as "no master". Quite low volume, easily identified as spam, very little would be seen by the average recipient. Pretty pathetic really.

Most of my spam is also “easily identified†and “pretty pathetic†but these days (this week, let's say) I'm seeing an increase by an order of magnitude or so, with subjects usually either in Chinese or in gobbledygook, and coming from IP sources in .cn — It's the increase that alarms me. What did I do wrong? Oh well, maa shallah, now that the sh** is in the fan, let's get our bats and give the molehills a good getting-go!

Link to comment
Share on other sites

Most of "my" spam comes via Yahoo accounts that I've got forwarded to my server. Rejecting mail that arrives via one of Yahoo's servers is easy enough; adding a check of the purported sender's address against a local whitelist isn't that difficult either.

Link to comment
Share on other sites

Most of "my" spam comes via Yahoo accounts that I've got forwarded to my server. Rejecting mail that arrives via one of Yahoo's servers is easy enough; adding a check of the purported sender's address against a local whitelist isn't that difficult either.

Most of my spam arrives via gmail, which I read by POP, and which lets me get false positives and mark false negatives on their webmail pages. Whitelisting isn't difficult, that's not the problem. The problem is that when I suddenly start getting several tens of spam messages a day instead of hardly a handful, and practically all of them from China, it is bound to raise my eyebrows.

Link to comment
Share on other sites

Most of my spam arrives via gmail, which I read by POP, and which lets me get false positives and mark false negatives on their webmail pages. Whitelisting isn't difficult, that's not the problem. The problem is that when I suddenly start getting several tens of spam messages a day instead of hardly a handful, and practically all of them from China, it is bound to raise my eyebrows.

try MailWasher to POP for you

In

Settings

spam Tools/Origin of spam

Click "+ ADD" button

in "Filter Name" box call it China

in "domain to validate" box put

cn.countries.nerd.dk

And no spam will go to your inbox, it ill be ready for reporting to you super secret spamcop email address

MailWasher can also detect Chinese characters in

spam Tools//My Filters

Yes it's Freeware

Link to comment
Share on other sites

I'm on openSUSE Linux.

OK the countrywide block list for China is

cn.countries.nerd.dk

Not sure what options Linux have for spam filtering?

Gmail I've found they are quite good at keeping spam from inbox

As for increase in China spam yes seems to be a spammer there using Chinese Botnet infected email servers

To add the CBL to spam fitter add

cbl.abuseat.org

http://cbl.abuseat.org/lookup.cgi?ip=61.155.13.213

http://cbl.abuseat.org/lookup.cgi?ip=222.128.33.148

http://cbl.abuseat.org/lookup.cgi?ip=61.135.173.100

And so-on

Link to comment
Share on other sites

OK the countrywide block list for China is

cn.countries.nerd.dk

Not sure what options Linux have for spam filtering?

Gmail I've found they are quite good at keeping spam from inbox

As for increase in China spam yes seems to be a spammer there using Chinese Botnet infected email servers

To add the CBL to spam fitter add

cbl.abuseat.org

http://cbl.abuseat.org/lookup.cgi?ip=61.155.13.213

http://cbl.abuseat.org/lookup.cgi?ip=222.128.33.148

http://cbl.abuseat.org/lookup.cgi?ip=61.135.173.100

And so-on

I use the "Junk" filtering facilities built into SeaMonkey (and Thunderbird). For instance I could create a filter (just as I would for any email filter) but with as action "Set Junk Status To" "Junk" (for a blacklist) or "Set Junk Status To" "Not Junk" (for a whitelist). But anyway most of those Chinese spam messages are already correctly filtered away to my Junk folder (inside SeaMonkey) with no particular intervention on my part, that's how "pathetic" they are, as Farelf said above. The few that aren't correctly detected I mark as Junk manually, thus teaching the Bayesian filters.

Well, oh, well. Let's just report as many of those botnet messages as seems reasonably feasible, and the spam blocklist barriers will someday go up against them (inshallah, as my neighbours would say).

Link to comment
Share on other sites

... Oh well, maa shallah, now that the sh** is in the fan, let's get our bats and give the molehills a good getting-go!

Like your spirit, Tony!

... Well, oh, well. Let's just report as many of those botnet messages as seems reasonably feasible, and the spam blocklist barriers will someday go up against them (inshallah, as my neighbours would say).
Yep, but irritating for some of those who report in bulk (via e-mail submission) when some of those botnets seem to be loaded with "no master" sending IP addresses. Let's just reiterate - it is not necessary that an abuse desk be contacted for the SCBL to be loaded. Sending a report to the proper abuse address for a zombie computer has the potential to easily locate and have the compromised machines cleaned by the legitimate owner - but there are cached and locked SC report routing records, addresses not supplied with reports by SC decision (etc.) with all sorts of considerations about cache refreshing, possible blocking of SC lookups, review periods for locked/over-ridden report routing and so-on. Above and beyond that, it seems to me that distressingly few ISPs seem to be into such botnet suppression/AUP enforcement behaviour. But the SCBL is fed by reporter submissions regardless.

"Masha'Allah" and "Insha'Allah" are phrases some of my neighbours use too - but most of them are 4,000 km away and don't spam a lot. But then some of their neighbours do, like crazy. Then there's the Chinese and the niggling suspicion about spam and other cybercrime as instruments of State policy. Nah, that's just "conspiracy theory", isn't it? Well, that's what they want you to think :lol:

Link to comment
Share on other sites

Like your spirit, Tony!

Yep, but irritating for some of those who report in bulk (via e-mail submission) when some of those botnets seem to be loaded with "no master" sending IP addresses. Let's just reiterate - it is not necessary that an abuse desk be contacted for the SCBL to be loaded. Sending a report to the proper abuse address for a zombie computer has the potential to easily locate and have the compromised machines cleaned by the legitimate owner - but there are cached and locked SC report routing records, addresses not supplied with reports by SC decision (etc.) with all sorts of considerations about cache refreshing, possible blocking of SC lookups, review periods for locked/over-ridden report routing and so-on. Above and beyond that, it seems to me that distressingly few ISPs seem to be into such botnet suppression/AUP enforcement behaviour. But the SCBL is fed by reporter submissions regardless.

"Masha'Allah" and "Insha'Allah" are phrases some of my neighbours use too - but most of them are 4,000 km away and don't spam a lot. But then some of their neighbours do, like crazy. Then there's the Chinese and the niggling suspicion about spam and other cybercrime as instruments of State policy. Nah, that's just "conspiracy theory", isn't it? Well, that's what they want you to think :lol:

I used to report by forward-as-attachment, then a few years ago my ISP (who blocks any connection to an SMTP server other than its own ones) decided to blackhole any outgoing email with attached spam. I didn't like it at first, but now I've taken to the routine: I order my spam most-recent-first in my mailer's Junk folder, then, one by one, I "View source" on them (without opening them, of course) and paste that in the SC form — for those which are newer than my "average reporting time" (7 hours at the moment) by the time I get to them. Older ones I move to Trash without reporting. This way I still get time to do something else than reporting spam, and the most important ones (those likely to be "caught in the act") get reported in priority.

Yes, those "nomaster[at]devnull" reports puzzled me — how can someone send mail without a registered service provider? But as you said, they still get entered into the blocking lists, all the more so since there's nobody at the other end of the line to tell you that action has been taken; so, I report them just like the rest, no special treatment for or against.

spam as instrument of state policy — yes, it has turned up in the news a couple of times recently, about different (but always totalitarian) countries. Well, that's several floors above me, let's let the diplomats, secret services, and investigation journalists handle that as best they can, I'm not going to complain about things I can obviously do nothing about. As Marcus Aurelius said: “O Gods! Give me patience to endure what I cannot change, strength to change what I can and must, and wisdom to tell them apart from each other.â€

Link to comment
Share on other sites

  • 1 year later...

i am too receiving many chinese spam and i have report it everytime to spamcop but to no avail over the month. does spamcop follow up my report about this chinese spam? it doesnt decrease at all while other spam from other countries decrease at least 50%.

can any of spamcop representative give an explanation about this?

Thank you in advance,

Andre

Link to comment
Share on other sites

I would like to reiterate my suggestion that spamcop should create a new blocklist containing all sites that have non-functional abuse addresses, either because they refuse spamcop reports, pass the reports to the spammer, all addresses bounce, or no addresses can be found. Tag each type separately, and let the users decide if we want to accept them or not. The data already exists in spamcop's database, it just needs to be made available to the end users.

Link to comment
Share on other sites

Hi, Andre,

...If I understand correctly, the quick answer to your question is that SpamCop does nothing to block spam you receive (unless your e-mail provider is using the SpamCop blacklist to block or filter spam and, even then, the sources from which you are receiving spam may not be on the blacklist) and in any event does not target spam but rather individual sources of spam (IP addresses of machines that originate spam). One person by her/himself can never get a spam source added to the blacklist.

...For more detailed information, please have a look at the SpamCop Wiki (also labeled as SPAMCOPWIKI or SCWiki) article "What is the SpamCop Blocking List (SCBL)? and/ or the SpamCop FAQ articles in the "SpamCop Parsing and Reporting Service" section.

Link to comment
Share on other sites

Hi, Andre,

...If I understand correctly, the quick answer to your question is that SpamCop does nothing to block spam you receive (unless your e-mail provider is using the SpamCop blacklist to block or filter spam and, even then, the sources from which you are receiving spam may not be on the blacklist) and in any event does not target spam but rather individual sources of spam (IP addresses of machines that originate spam). One person by her/himself can never get a spam source added to the blacklist.

...For more detailed information, please have a look at the SpamCop Wiki (also labeled as SPAMCOPWIKI or SCWiki) article "What is the SpamCop Blocking List (SCBL)? and/ or the SpamCop FAQ articles in the "SpamCop Parsing and Reporting Service" section.

dear Steve,

my server does not use SBL, what I mean is the report that everyday I sent to spamcop report and after a few weeks some spam from europe or other countries beside china is decreasing but has no efect on chinese spam.

i want to ask spamcop did the ISP in chinese not cooperate enough in fighting spam or just because they handle it very slow?

thank you for coresponding my post.

Link to comment
Share on other sites

dear Steve,

my server does not use SBL, what I mean is the report that everyday I sent to spamcop report and after a few weeks some spam from europe or other countries beside china is decreasing but has no efect on chinese spam.

i want to ask spamcop did the ISP in chinese not cooperate enough in fighting spam or just because they handle it very slow?

thank you for coresponding my post.

send a SC tracking URL

One can get better than just SpamCop reporting

SpamCop by itself is not bad and does try to contact the ISP involved

Link to comment
Share on other sites

<snip>

SpamCop by itself is not bad and does try to contact the ISP involved

...True but only as a result of SpamCop reporter (our) submissions and only if we or SpamCop don't turn off the reporting; not in the way that Andre seems to believe they may:
<snip>

i want to ask spamcop did the ISP in chinese not cooperate enough in fighting spam or just because they handle it very slow?

<snip>

Unless the ISP abuse desk contacts SpamCop, SpamCop does not follow up on the spam reports (at least that I am aware).

...Andre: as discussed elsewhere in the SpamCop Forum (use the "Search for --" facility at the top of the screen to search for "China" OR "Chinese" to find other Forum posts, if you wish), some Chinese ISPs and e-mail providers do seem to be either ineffective in stopping their spammers or uninterested in doing so. I also receive spam with what appear to me to be Chinese characters (it's is possible that they are traditional Japanese) which seem to come from sources outside the Orient.

Link to comment
Share on other sites

...Andre: as discussed elsewhere in the SpamCop Forum (use the "Search for --" facility at the top of the screen to search for "China" OR "Chinese" to find other Forum posts, if you wish), some Chinese ISPs and e-mail providers do seem to be either ineffective in stopping their spammers or uninterested in doing so. I also receive spam with what appear to me to be Chinese characters (it's is possible that they are traditional Japanese) which seem to come from sources outside the Orient.

I guess its true because the american government once complaint about the attack from china and until now no authorities in china try to solved it, it seems that they aware of it and just let the spammer, cracker and hackers in china to roam free on internet. :angry:

i guess i have to block any incoming from chinese ISP and also email in kanji (fortunately my company not in business with china, hk, or japan) :rolleyes:

Link to comment
Share on other sites

I guess its true because the american government once complaint about the attack from china

<snip>

...A little different -- I doubt that t he US authorities were complaining to China about spam (noting that you did not mention "spam" here).
and until now no authorities in china try to solved it, it seems that they aware of it and just let the spammer, cracker and hackers in china to roam free on internet. :angry:
...Unless, of course, it involves cracking or hacking against China's interests or to proliferate information that the Chinese government deems offensive.
i guess i have to block any incoming ... email in kanji

<snip>

...That's one of my tricks! Also Cyrillic for the East European spammers.
Link to comment
Share on other sites

...A little different -- I doubt that t he US authorities were complaining to China about spam (noting that you did not mention "spam" here)

:D ofcourse the US not complaining about spam from china (somehow i imagine pentagon staff were mad because spamming advertise from china :lol: ). i mean the china authorities not interested on blocking their spammer, crackers and hackers that attack other countries :ph34r: . maybe they consider them as their ninja digital soldier.

ok, good day to you steve. back to adding settings to my mail server.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...