Jump to content


Photo

Recent increase in Chinese spam


  • Please log in to reply
21 replies to this topic

#1 A.J.Mechelynck

A.J.Mechelynck

    Advanced Member

  • Membera
  • PipPipPip
  • 209 posts

Posted 07 April 2013 - 05:00 AM

Since a few days, I'm getting a lot of spam from China. Here's my latest one:
http://www.spamcop.n...e8ef8310c852cdz
Are other people seeing the same thing or is it just me?
Best regards,
Tony

#2 ananda

ananda

    Newbie

  • Members
  • Pip
  • 6 posts

Posted 07 April 2013 - 05:05 AM

Most of my spam is coming from Belarus. George

#3 Farelf

Farelf

    What Life?

  • Membersph
  • PipPipPipPipPipPip
  • 6,768 posts

Posted 07 April 2013 - 07:51 AM

I think most of mine is currently coming through a botnet - mostly European origins, eastern Europe certainly over-represented, a bit of Chile, Brazil, a few from China, none of it appearing in blocklists, much marked by SC as "no master". Quite low volume, easily identified as spam, very little would be seen by the average recipient. Pretty pathetic really.
Plus ca change, plus c'est la meme chose

#4 A.J.Mechelynck

A.J.Mechelynck

    Advanced Member

  • Membera
  • PipPipPip
  • 209 posts

Posted 07 April 2013 - 09:06 AM

I think most of mine is currently coming through a botnet - mostly European origins, eastern Europe certainly over-represented, a bit of Chile, Brazil, a few from China, none of it appearing in blocklists, much marked by SC as "no master". Quite low volume, easily identified as spam, very little would be seen by the average recipient. Pretty pathetic really.

Most of my spam is also “easily identified” and “pretty pathetic” but these days (this week, let's say) I'm seeing an increase by an order of magnitude or so, with subjects usually either in Chinese or in gobbledygook, and coming from IP sources in .cn — It's the increase that alarms me. What did I do wrong? Oh well, maa shallah, now that the sh** is in the fan, let's get our bats and give the molehills a good getting-go!
Best regards,
Tony

#5 lisati

lisati

    Advanced Member

  • Membera
  • PipPipPip
  • 212 posts

Posted 07 April 2013 - 01:47 PM

Most of "my" spam comes via Yahoo accounts that I've got forwarded to my server. Rejecting mail that arrives via one of Yahoo's servers is easy enough; adding a check of the purported sender's address against a local whitelist isn't that difficult either.

#6 A.J.Mechelynck

A.J.Mechelynck

    Advanced Member

  • Membera
  • PipPipPip
  • 209 posts

Posted 07 April 2013 - 02:04 PM

Most of "my" spam comes via Yahoo accounts that I've got forwarded to my server. Rejecting mail that arrives via one of Yahoo's servers is easy enough; adding a check of the purported sender's address against a local whitelist isn't that difficult either.

Most of my spam arrives via gmail, which I read by POP, and which lets me get false positives and mark false negatives on their webmail pages. Whitelisting isn't difficult, that's not the problem. The problem is that when I suddenly start getting several tens of spam messages a day instead of hardly a handful, and practically all of them from China, it is bound to raise my eyebrows.
Best regards,
Tony

#7 petzl

petzl

    Been There

  • Memberp
  • PipPipPipPip
  • 1,575 posts

Posted 08 April 2013 - 04:58 AM

Most of my spam arrives via gmail, which I read by POP, and which lets me get false positives and mark false negatives on their webmail pages. Whitelisting isn't difficult, that's not the problem. The problem is that when I suddenly start getting several tens of spam messages a day instead of hardly a handful, and practically all of them from China, it is bound to raise my eyebrows.

try MailWasher to POP for you
In
Settings
spam Tools/Origin of spam
Click "+ ADD" button
in "Filter Name" box call it China
in "domain to validate" box put
cn.countries.nerd.dk
And no spam will go to your inbox, it ill be ready for reporting to you super secret spamcop email address
MailWasher can also detect Chinese characters in
spam Tools//My Filters
Yes it's Freeware

#8 Geek

Geek

    Advanced Member

  • Membera
  • PipPipPip
  • 228 posts

Posted 08 April 2013 - 05:22 AM

Since a few days, I'm getting a lot of spam from China.
...
Are other people seeing the same thing or is it just me?


Here too :(

#9 A.J.Mechelynck

A.J.Mechelynck

    Advanced Member

  • Membera
  • PipPipPip
  • 209 posts

Posted 08 April 2013 - 06:17 AM

[...]
try MailWasher to POP for you
[...]

Operating System: Works with Windows 7 and 8, Windows Vista, XP

I'm on openSUSE Linux.
Best regards,
Tony

#10 petzl

petzl

    Been There

  • Memberp
  • PipPipPipPip
  • 1,575 posts

Posted 08 April 2013 - 07:03 AM

I'm on openSUSE Linux.

OK the countrywide block list for China is
cn.countries.nerd.dk
Not sure what options Linux have for spam filtering?
Gmail I've found they are quite good at keeping spam from inbox

As for increase in China spam yes seems to be a spammer there using Chinese Botnet infected email servers
To add the CBL to spam fitter add
cbl.abuseat.org
http://cbl.abuseat.o...p=61.155.13.213
http://cbl.abuseat.o...=222.128.33.148
http://cbl.abuseat.o...=61.135.173.100
And so-on

#11 A.J.Mechelynck

A.J.Mechelynck

    Advanced Member

  • Membera
  • PipPipPip
  • 209 posts

Posted 08 April 2013 - 12:59 PM

OK the countrywide block list for China is
cn.countries.nerd.dk
Not sure what options Linux have for spam filtering?
Gmail I've found they are quite good at keeping spam from inbox

As for increase in China spam yes seems to be a spammer there using Chinese Botnet infected email servers
To add the CBL to spam fitter add
cbl.abuseat.org
http://cbl.abuseat.o...p=61.155.13.213
http://cbl.abuseat.o...=222.128.33.148
http://cbl.abuseat.o...=61.135.173.100
And so-on


I use the "Junk" filtering facilities built into SeaMonkey (and Thunderbird). For instance I could create a filter (just as I would for any email filter) but with as action "Set Junk Status To" "Junk" (for a blacklist) or "Set Junk Status To" "Not Junk" (for a whitelist). But anyway most of those Chinese spam messages are already correctly filtered away to my Junk folder (inside SeaMonkey) with no particular intervention on my part, that's how "pathetic" they are, as Farelf said above. The few that aren't correctly detected I mark as Junk manually, thus teaching the Bayesian filters.

Well, oh, well. Let's just report as many of those botnet messages as seems reasonably feasible, and the spam blocklist barriers will someday go up against them (inshallah, as my neighbours would say).
Best regards,
Tony

#12 Farelf

Farelf

    What Life?

  • Membersph
  • PipPipPipPipPipPip
  • 6,768 posts

Posted 08 April 2013 - 03:13 PM

... Oh well, maa shallah, now that the sh** is in the fan, let's get our bats and give the molehills a good getting-go!

Like your spirit, Tony!

... Well, oh, well. Let's just report as many of those botnet messages as seems reasonably feasible, and the spam blocklist barriers will someday go up against them (inshallah, as my neighbours would say).

Yep, but irritating for some of those who report in bulk (via e-mail submission) when some of those botnets seem to be loaded with "no master" sending IP addresses. Let's just reiterate - it is not necessary that an abuse desk be contacted for the SCBL to be loaded. Sending a report to the proper abuse address for a zombie computer has the potential to easily locate and have the compromised machines cleaned by the legitimate owner - but there are cached and locked SC report routing records, addresses not supplied with reports by SC decision (etc.) with all sorts of considerations about cache refreshing, possible blocking of SC lookups, review periods for locked/over-ridden report routing and so-on. Above and beyond that, it seems to me that distressingly few ISPs seem to be into such botnet suppression/AUP enforcement behaviour. But the SCBL is fed by reporter submissions regardless.

"Masha'Allah" and "Insha'Allah" are phrases some of my neighbours use too - but most of them are 4,000 km away and don't spam a lot. But then some of their neighbours do, like crazy. Then there's the Chinese and the niggling suspicion about spam and other cybercrime as instruments of State policy. Nah, that's just "conspiracy theory", isn't it? Well, that's what they want you to think :lol:
Plus ca change, plus c'est la meme chose

#13 A.J.Mechelynck

A.J.Mechelynck

    Advanced Member

  • Membera
  • PipPipPip
  • 209 posts

Posted 08 April 2013 - 03:53 PM

Like your spirit, Tony!
Yep, but irritating for some of those who report in bulk (via e-mail submission) when some of those botnets seem to be loaded with "no master" sending IP addresses. Let's just reiterate - it is not necessary that an abuse desk be contacted for the SCBL to be loaded. Sending a report to the proper abuse address for a zombie computer has the potential to easily locate and have the compromised machines cleaned by the legitimate owner - but there are cached and locked SC report routing records, addresses not supplied with reports by SC decision (etc.) with all sorts of considerations about cache refreshing, possible blocking of SC lookups, review periods for locked/over-ridden report routing and so-on. Above and beyond that, it seems to me that distressingly few ISPs seem to be into such botnet suppression/AUP enforcement behaviour. But the SCBL is fed by reporter submissions regardless.

"Masha'Allah" and "Insha'Allah" are phrases some of my neighbours use too - but most of them are 4,000 km away and don't spam a lot. But then some of their neighbours do, like crazy. Then there's the Chinese and the niggling suspicion about spam and other cybercrime as instruments of State policy. Nah, that's just "conspiracy theory", isn't it? Well, that's what they want you to think :lol:

I used to report by forward-as-attachment, then a few years ago my ISP (who blocks any connection to an SMTP server other than its own ones) decided to blackhole any outgoing email with attached spam. I didn't like it at first, but now I've taken to the routine: I order my spam most-recent-first in my mailer's Junk folder, then, one by one, I "View source" on them (without opening them, of course) and paste that in the SC form — for those which are newer than my "average reporting time" (7 hours at the moment) by the time I get to them. Older ones I move to Trash without reporting. This way I still get time to do something else than reporting spam, and the most important ones (those likely to be "caught in the act") get reported in priority.

Yes, those "nomaster[at]devnull" reports puzzled me — how can someone send mail without a registered service provider? But as you said, they still get entered into the blocking lists, all the more so since there's nobody at the other end of the line to tell you that action has been taken; so, I report them just like the rest, no special treatment for or against.

spam as instrument of state policy — yes, it has turned up in the news a couple of times recently, about different (but always totalitarian) countries. Well, that's several floors above me, let's let the diplomats, secret services, and investigation journalists handle that as best they can, I'm not going to complain about things I can obviously do nothing about. As Marcus Aurelius said: “O Gods! Give me patience to endure what I cannot change, strength to change what I can and must, and wisdom to tell them apart from each other.”

Edited by A.J.Mechelynck, 08 April 2013 - 04:04 PM.

Best regards,
Tony

#14 andre77

andre77

    Newbie

  • Members
  • Pip
  • 4 posts

Posted 08 July 2014 - 12:14 PM

i am too receiving many chinese spam and i have report it everytime to spamcop but to no avail over the month. does spamcop follow up my report about this chinese spam? it doesnt decrease at all while other spam from other countries decrease at least 50%. can any of spamcop representative give an explanation about this? Thank you in advance, Andre

#15 techie

techie

    Member

  • Members
  • PipPip
  • 41 posts

Posted 08 July 2014 - 03:59 PM

I would like to reiterate my suggestion that spamcop should create a new blocklist containing all sites that have non-functional abuse addresses, either because they refuse spamcop reports, pass the reports to the spammer, all addresses bounce, or no addresses can be found. Tag each type separately, and let the users decide if we want to accept them or not. The data already exists in spamcop's database, it just needs to be made available to the end users.

#16 turetzsr

turetzsr

    What Life?

  • Membersph
  • PipPipPipPipPipPip
  • 5,255 posts

Posted 08 July 2014 - 04:05 PM

Hi, Andre,
...If I understand correctly, the quick answer to your question is that SpamCop does nothing to block spam you receive (unless your e-mail provider is using the SpamCop blacklist to block or filter spam and, even then, the sources from which you are receiving spam may not be on the blacklist) and in any event does not target spam but rather individual sources of spam (IP addresses of machines that originate spam). One person by her/himself can never get a spam source added to the blacklist.
...For more detailed information, please have a look at the SpamCop Wiki (also labeled as SPAMCOPWIKI or SCWiki) article "What is the SpamCop Blocking List (SCBL)? and/ or the SpamCop FAQ articles in the "SpamCop Parsing and Reporting Service" section.

..Regards,
...Steve T

...A Happy SpamCop.net reporting user (not an employee)
...Please avoid replying via e-mail, as it is not secure


#17 andre77

andre77

    Newbie

  • Members
  • Pip
  • 4 posts

Posted 10 July 2014 - 03:45 AM

Hi, Andre,
...If I understand correctly, the quick answer to your question is that SpamCop does nothing to block spam you receive (unless your e-mail provider is using the SpamCop blacklist to block or filter spam and, even then, the sources from which you are receiving spam may not be on the blacklist) and in any event does not target spam but rather individual sources of spam (IP addresses of machines that originate spam). One person by her/himself can never get a spam source added to the blacklist.
...For more detailed information, please have a look at the SpamCop Wiki (also labeled as SPAMCOPWIKI or SCWiki) article "What is the SpamCop Blocking List (SCBL)? and/ or the SpamCop FAQ articles in the "SpamCop Parsing and Reporting Service" section.


dear Steve,

my server does not use SBL, what I mean is the report that everyday I sent to spamcop report and after a few weeks some spam from europe or other countries beside china is decreasing but has no efect on chinese spam.

i want to ask spamcop did the ISP in chinese not cooperate enough in fighting spam or just because they handle it very slow?

thank you for coresponding my post.

#18 petzl

petzl

    Been There

  • Memberp
  • PipPipPipPip
  • 1,575 posts

Posted 10 July 2014 - 05:30 AM

dear Steve,

my server does not use SBL, what I mean is the report that everyday I sent to spamcop report and after a few weeks some spam from europe or other countries beside china is decreasing but has no efect on chinese spam.

i want to ask spamcop did the ISP in chinese not cooperate enough in fighting spam or just because they handle it very slow?

thank you for coresponding my post.

send a SC tracking URL
One can get better than just SpamCop reporting
SpamCop by itself is not bad and does try to contact the ISP involved

#19 turetzsr

turetzsr

    What Life?

  • Membersph
  • PipPipPipPipPipPip
  • 5,255 posts

Posted 10 July 2014 - 02:03 PM

<snip>
SpamCop by itself is not bad and does try to contact the ISP involved

...True but only as a result of SpamCop reporter (our) submissions and only if we or SpamCop don't turn off the reporting; not in the way that Andre seems to believe they may:

<snip>
i want to ask spamcop did the ISP in chinese not cooperate enough in fighting spam or just because they handle it very slow?
<snip>

Unless the ISP abuse desk contacts SpamCop, SpamCop does not follow up on the spam reports (at least that I am aware).
...Andre: as discussed elsewhere in the SpamCop Forum (use the "Search for --" facility at the top of the screen to search for "China" OR "Chinese" to find other Forum posts, if you wish), some Chinese ISPs and e-mail providers do seem to be either ineffective in stopping their spammers or uninterested in doing so. I also receive spam with what appear to me to be Chinese characters (it's is possible that they are traditional Japanese) which seem to come from sources outside the Orient.

..Regards,
...Steve T

...A Happy SpamCop.net reporting user (not an employee)
...Please avoid replying via e-mail, as it is not secure


#20 andre77

andre77

    Newbie

  • Members
  • Pip
  • 4 posts

Posted 11 July 2014 - 06:25 AM

...Andre: as discussed elsewhere in the SpamCop Forum (use the "Search for --" facility at the top of the screen to search for "China" OR "Chinese" to find other Forum posts, if you wish), some Chinese ISPs and e-mail providers do seem to be either ineffective in stopping their spammers or uninterested in doing so. I also receive spam with what appear to me to be Chinese characters (it's is possible that they are traditional Japanese) which seem to come from sources outside the Orient.


I guess its true because the american government once complaint about the attack from china and until now no authorities in china try to solved it, it seems that they aware of it and just let the spammer, cracker and hackers in china to roam free on internet. :angry:

i guess i have to block any incoming from chinese ISP and also email in kanji (fortunately my company not in business with china, hk, or japan) :rolleyes:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users