Jump to content


  • Content Count

  • Joined

  • Last visited

Everything posted by showker

  1. showker

    Baiting 419 scammers

    So, let me make sure I'm understanding what you're saying... If a telemarketing firm calls your phone every 8 minutes, around the clock, 24/7 ... You're saying it would be YOUR responsibility to change your number to provide a "safe" environment to operate your phone. Is that what you're saying? And, then when the SAME telemarketing company picks up your NEW telephone number and begins calling you every 8 minutes 24/7 .... and a second telemarketing begins calling every 10 minutes, and a third telemarketing company begins calling every 6 minutes... is that "the way the world works" ... ? People discovered quite a while ago that the telecommunications industry needs some kind of regulation. There's no way individuals could hire enough geeks to protect themselves from such criminal activities. (If you can actually find a geek who's not already working for online crime) But perhaps I still miss your point. What if the local low-lifes are crowded around your children's school yard, handing out pornography -- and luring them away into cars. Is that "the way the world works" ... ? You're saying that it would not be "your" government's place to protect "your" school yard? That the school should hire their own "geeks" to keep the low-lifes out? And who ultimately pays for that? Either way? Who is more appropriately equipped to deal with it? Both scenarios seem a little crazy -- but both can be applied to the internet. Not "your" internet... "our" internet. But then again, perhaps you enjoy paying your cash for their stolen resources. I don't. Sometimes I just have to ask ... "What were they thinking???" :angry:
  2. This case is a travesty, but a predictable one. Any time laws are vague or encumbered by so many criteria, other cases can be brought to light which, through legal manipulation, can influence decisions. Clear testament that the laws are far too complicated. If you will read the actual case, you will see clearly that this criminal is obviously guilty. He confessed to such. Regardless of the "Freedom of Speech" card, he had the addresses, he sent the spam, he forged headers and IP addresses ... he is an obviously guilty criminal, and did indeed commit the crimes Virginia sentenced him for in the first place. > While executing a search of Jaynes’ home, police discovered a > cache of compact discs (CDs) containing over 176 million full > e-mail addresses and 1.3 billion e-mail user names. > The search also led to the confiscation of storage discs > which contained AOL e-mail address information and other > personal and private account information > for millions of AOL subscribers. Download the actual case court ruling: Virginia_Spam.pdf Read the AP story When will we stop protecting, aiding and abetting the criminals? A sad note for the millions of cybercrime victims who have lost billion$ because the "internet is free" See: Hostile Web Sites Go Free and here's what a "free" internet without law and accountability brings you ... this short video from HostExploit There can be no doubt that the internet must be regulated Accountability must be restored to the Domain Naming System and ICANN. :angry:
  3. Are there any programmers reading this forum? I'm interested in possibly hiring a competent programmer with thorough knowledge of spam, botnets, email, filters and such. I thought this would be a good place to post an inquiry. I would prefer private contact, but I can't seem to figure out how that's implemented in these forums.
  4. showker

    spam / Net / Bot savvy programmer wanted

    No, I thought it would be in bad decorum to go into details in the forum... and bring down the wrath of the forum moms. Yet, it seemed logical to me it would be a good place to possibly find someone. Thanks for your post... it was a good read! Yes, I can understand ... I didn't think it was a cattle call, though. More likely you're right on the second point: they're all working. I did post to several "jobs" sites, and get the same story. They're all working. I'll add "programmers" to my list ... Like doctors, dentists, painters, plumbers, carpenters, mechanics, electricians, drivers, lawyers, gardeners, roofers, locksmiths -- They're all employed and too busy. Wonder why there's so much whining and moaning from the politicians and left-wing media on how "bad" unemployment is -- yet can't seem to find anyone available for work. Thanks for your post.
  5. showker

    10,000 sites is a good start.

    If you liked that one, you'll enjoy this one: Hostile Web Sites go Free Here's a video people should be encouraged to watch I printed and read this PDF Report from HostExploit.com yesterday -- it explains the inner workings of Atrivo and how they operate outside the law... and how ICANN is under their thumb. Serious stuff.
  6. showker

    spam / Net / Bot savvy programmer wanted

    So I guess there are no savvy programmers in this forum.
  7. showker

    spam / Net / Bot savvy programmer wanted

    Alright... I think I found the right place to turn those on. So they should now be able to "Personal Message" me. Thanks.
  8. showker

    Retrieving old SpamCop reports

    Late last year I began working with legal and AG on a suit against certain spammers and ICANN. We became bogged down because of the turnover in spamvertised domains and the authenticity issues surrounding logs and captured data. So, since January I've been archiving all my captured spam and spamcop reports. With the proliferation of domain kiting (tasting) used by cybercriminal registrars, the legal issues become much more complicated because of discovery. I don't believe that data -- even if you could retrieve it -- will do any good in a court of law. Our legal attack is now focusing on the IP holders of cybercrime spamvertised sites via ICANN and rogue registrars. It's going to get interesting. If you haven't already read it, spend a few minutes following the articles at: http://www.knujon.com/news/ After you report your spam to SpamCop ... zip it all and upload it to KnujOn. If you plan any legal action -- or have an interest in jumping on the class action band wagon later, then KEEP those zip files of spam. They will become important.
  9. Greets, humor an off-the-wall question: In tracking and analyzing the spam we receive from a half dozen email accounts we find an overwhelming amount spamvertising the same domains, owned or registered by the same entities. (average 600 to 800 every 8-hours) When I search on the "Top" or some of the other statistics available in the SpamCop site (Spamvertised Statistics) the domains or IP addresses are never there... nor in any of the other statistic charts. What does this mean? [_] I'm getting spam that no one else reports? [_] I'm on the leading edge and they haven't had enough reports yet? [_] There is a spammer sending spam to just me? [_] Spamcop doesn't list those for fear of Russian Mob reprisals? Here's an example from one account, received in the past 4 hours: ablerealization.com ablerealization.com ablerealization.com arcuslavwoe.com cornercome.com cornercome.com cornercome.com cornercome.com cornercome.com countbed.com countbed.com countbed.com describesoon.com describesoon.com deyns.hotnoun.com/?fwvhrl documentationmart.com emilimport.com/e-card.exe fikcja.nazwa.pl/index1.php fineepic.com giantwelove.com giantwelove.com goodtimessmart.com hhkwh.betterbird.com/?ibvd lakegood.com loanfinanc.com loanfinanc.com mue.hotnoun.com/?cia mue.hotnoun.com/?cia r.betterbird.com/?qpy reachcarry.com reachmake.com riselift.com shopresponsibility.com tearpower.com tjel.hotnoun.com/?yjurk touchsuggest.com touchsuggest.com touchsuggest.com touchsuggest.com touchsuggest.com touchsuggest.com tuv.czwhite.cn tvoh.czwhite.cn u.hotnoun.com/?vcuyab vca.hotnoun.com/?o whenprosperity.com = [ ] whenprosperity.com = [ ] whenprosperity.com whenprosperity.com whenprosperity.com whenprosperity.com whenprosperity.com willtape.com = [ ] woa.hotnoun.com/?l = [ ] Russian worgassome.com www.doskdeg.cn/?bjgkobbcuh = [ ] www.gatrepa.cn/?prmmnpgpt = [ ] www.kiltery.cn/?ypqyqrcbjt www.kompyuk.cn/?okbexjkceoxnv www.kompyuk.cn/?okbexjkceoxnv www.letabip.cn/?kzkpijgue www.lizatbb.cn/?gjmitafzefsnm www.odyneba.cn/?tsixpnoiew www.ottraxal.cn/?gfneskenfeoeb www.petyshok.cn/?dogapcjluxa www.rebyjera.cn/?ofrcmdcclxu www.rebyjera.cn/?ofrcmdcclxu www.sychkan.cn/?mijkmnccru www.vonyhejy.cn/?nhesfhwatpm www.vonyhejy.cn/?nhesfhwatpm = [ ] www.ybeuert.cn/?fvxmdcofpv = [ ] x.betterbird.com/?aw = [ ] xiep.hotnoun.com/?eml y.hotnoun.com/?jqqw = [ ] yht.betterbird.com/?ikk zhqwnk.hotnoun.com/?h
  10. Can anyone suggest a WHOIS online that * Has all of the databases * Does not require a captcha * Does not crap out after ten inquiries I've been using SamSpade for years because it always finds the owners, IP, etc., however due to robots, it now cuts off at 10 inquiries per day. Then I used Geektools, which is really nice, but it requires a captcha, which seriously slows tracking. InterNIC almost always misses. They say "Not Found" but then SamSpade finds it immediately. Ideas? Thanks
  11. showker

    How to locate spammers ?

    Does anyone know of a Macintosh version of that type of software. I've wanted to "automate" discovery on spamvertised domains for some time, but nothing yet to support the Mac platform. currently, I use the "REPORTS" sent back from SpamCop identifying the owners of the spamvertised domains found in the spam. This is tedious and time consuming, but BBEdit (Mac) is very helpful in parsing the files -- which are considerable. However, SpamCop reports do not include the country. I select the most frequent instances of the domains, then check either the Whois or SamSpade for the IP addresses to block. Using a "partial" wild card, you can block nearly entire ISP ranges of IPs. I just wish I could automate the IP / Domain look-ups
  12. showker

    Is SpamCop Worth It?

    If I had a dollar for every time this question was asked here, I'd be in the next tax bracket. ADMINS should just post a not at the top that says: YES, SpamCop IS worth it... proven many times over, don't ask that question.
  13. showker

    spam = RICO?

    I had to chuckle, even though it's not really a chuckling matter. We've been ranting and ranting about Title 18 since the early days of spam. (Before SpamCop had this forum) At the FTC spam Forum in Washington, everyone except Julian and a few others (including myself) ranted about the applicability of all kinds of chapters in Title 18. It was largely ignored. When I brought up "Shouldn't ICANN be doing something about this???" They all immediately clammed up, ended the Q&A section, and went on with the next speaker. It was very obvious that ICANN could not be mentioned nor discussed in that venue. Good old Bill and AlGore. The problem is, 1) The judicial system hasn't yet decided how to deal with "email" 2) Organized crime hires better lawyers than the AGs 3) Judges are unable to understand the second layer after the actual crime. ... "Guy shoots convenience store owner. Caught on video. Guy is guilty." vs. ... Layer #1: "Guy sends email to victim containing porno... ... Layer #2: "Victim (14 year old girl) goes to guy's web site... " ... Layer #3: "Victim enters charge card number to see more..." ... Layer #4: "Guy buys a new boat on card number, closes the account" Since the Judge is unable to comprehend what went on, and there's no specific legislation pretaining to "what happened?" he cannot issue a bench warrant for "Guy" -- end of case. So, "Guy" is allowed to continue practice -- although there were FOUR (count'em) FOUR violations of Title 18 -- THREE of which are a CLASS 1 Felony. (That's two more than shooting the convenience store owner!) YES INDEED ... go right ahead... > Should we start to lobby the govt directly or lobby our professional > organization lobby on our behalf for RICO laws in the USA to be > used against spammers and spammer support operations. Let me know when you get it going. But believe me, no one will listen. Help will NOT be coming. Been there, done that. [Editing post: I did not mean to be flip, although it may read like that. If you find a way to get someone to listen to the RICO approach, then please send me private email. RICO cases will not get far in court because the evidence trail is insufficient to overcome defense strategies by the spammer's attorneys -- no attorney nor judge will try a case that's already lost because of those reasons. Besides, law enforcement is too busy rounding up drunks and speeders. They don't have the time it takes to pursue actual criminals. You're going to need an AG who is willing to spend some time and resources on the matter. I'm working on another totally different legal approach. ]
  14. showker

    SpamCop.net Address NOT permitted

    No, no, no, this has gotten out of hand -- FIRST: This has nothing to do with spamcop forums what-so-ever. I was trying to get the affiliates NEWSLETTER of StockLayouts.com site. THEY are the ones who issued the error that they would not accept a SpamCop.net address. So I went to the StockLayouts.com top brass. Since my post HERE, I discovered that the newsletter at their site is handled by a THIRD party. So it's the THIRD PARTY who disallows SpamCop.net addresses. It is NOT the "user's" email address. It's ANY / ALL SpamCop.net addresses. Seems they've been reported so many times to SpamCop, they got tired of getting reports -- and therefore are blocking any SpamCop addresses from registering for the newsletter. They told me to use another address. But I'm planning on NOT registering and having nothing to do with them. Obviously if they've gotten that many SpamCop complaints, they are engaged in some form of spamming ... or are at least sloppy enough not to authenticate their users. So, that settles this whole thread. Sorry I caused such a stir. :-) For those wondering, or trying to figure out if I am really who I am, I am: Fred Showker SafeNetting - a department of UGNN http://www.ugnn.com http://www.safenetting.com/ http://www.user-groups.net/ Wazoo... I figured it out! But don't know why it confused. Nope. I copied the error directly from MY attempt to subscribe. So the email address was NOT someone else's -- it was MINE. I was attempting to sign up for the newsletter using MY spamcop address when I got the error. Whew...
  15. In the past 24 hours I've received 878 bounces from postmasters returning mail I DID NOT SEND ... spam. Many of them say it's "spam" and that I'm now being blocked. HOW CAN I head this off before getting blocked in the big spam black holes??? Preventive measures??? I continue to get one or two new bounces per minute. In the time I wrote this post, I got 7 more. HELP PS: I've analyzed all the bounces and it appears to be only a half-dozen spamvertised sites, and the main senders are in Poland and Korea
  16. I"m working on an action suit with the Attorney General and need to * analyze 30 days of spam... * locate spamvertised domain in each (if one exists) * locate the IP number for each * identify the advertised "message" of the domain It's impossible to do it all by hand. As you know, many of the spammers are now leveraging "Domain Tasting" for their spamvertised sites -- so, within 5 days, the domain goes dead or the IP addresses change. Others routinely move or change IP just to ellude detection. So I need to analyze on a daily basis -- 400 to 1200 spamvertised domains. The QUESTION is: Does anyone here know of an automated method of accomplishing the above? QUESTION #2 How would I locate an expert on analyzing spam -- for HIRE ? Thanks Fred
  17. showker

    HELP! Can I prevent getting BLOCKED ???

    Well, regardless of what you "think" ... I've been in server hell for the past week trying to get BLOCKS removed from Comcast, AOL and Earthlink and dozens of Baracuda(sp?) installations... THAT'S what idiots are still running blocking lists based on "from:" Comcast even blocked my dial-up account -- which has nothing to do with the addresses used in the spam other than I retrieve that mail via my comcast account.
  18. This message was sent from a criminal WEBMASTER <webmaster[at]spamcop.net> To: undisclosed-recipients:; Reply-To: s_team87[at]yahoo.no Subject: SPAMCOP USER (WARNING!!!!!) Headers: Show All Headers Dear SPAMCOP Email Account Owner, This message is from Spamcop messaging center to all Spamcop email account owners. We are currently upgrading our data base and e-mail account center. We are deleting all unused Spamcop email account to create more space for new accounts. To prevent your account from closing you will have to update it below so that we will know that it's a present used account. CONFIRM YOUR EMAIL IDENTITY BELOW Email Username : ............... Email Password : ................ Date o Birth:....................... Country or Territory : .......... Warning!!! Account owner that refuses to update his or her account within Seven days of receiving this warning will lose his or her account permanently. Thank you for using Spamcop MAIL! Warning Code:VX2G99AAJ Thanks, Spamcop Team spamcop.net beta ----------
  19. showker

    Stupid spammers

    What is "LARTed" ??? I was afraid of reporting for fear of getting myself blocked.
  20. If you've got a few bucks in your pocket, and some time to kill -- you can follow this strategy: Our legal team is communicating with the AG and preparing a restraining order against ICANN. If it gets from local into Federal courts, you'll probably read about it in the newspapers. With the advent of "pass-along guilt" cases recently successful in the judicial system, legal seems to think there's a good chance of getting the case heard -- or at least subpoenas served for a hearing. I think a subpoena served by Federal Marshalls will get some attention. You see, somewhere in the chain of "ownership" of known criminal IP blocks there's a U.S. entity that can be served as an accessory in the commission (or attempted) of a felony. Contact YOUR AG or, simply go into your region's Federal court and file a restraining order against ICANN. Have your attorney write it up correctly so you don't waste time -- you'll need a "petition for writ of discovery". Watch the fireworks. But, be prepared to shell out some substantial cash. If there were ONE, just ONE 501 spam fighting organization with some marbles, then this could REALLY take off... or, if there was just ONE major ISP (MSN? AOL? Google? Yahoo?) with some marbles who could set up a CLASS ACTION suit, then we would really see some fireworks. That's all I have to say. Read my latest 60-Second Window : Crime gets a free ride from ICANN Get mad :angry:
  21. showker

    Stupid spammers

    Yup, that's correct ... and I've tried and tried to get them translated, but have been unsuccessful. I would at least like to extract the spamvertised URLs to report to Knujon. I've been getting slammed by some criminal who forged MY email address into the "Sent" field, so I'm getting 3 or 4 bounces a minute since early this morning. 60% of the bounces are in Crylic -- so obviously sent from a foreign country, aimed at foreign users -- but MAILED TO U.S. USERS... Another 20% are from Japan or Korea. Is there any more substantial data that the U.S. email system is under attack from foreign entities?
  22. Each 24-hour period we report spam as it comes in, but then move the spam from the Trash into a 'holding' folder for Knujon. This gives us a collection of each day's spam received in our spam traps. Since January, we've culled out all the spammer domains at Geocities and Blogspot. A one time high of 78 spams using Geocities.com redirect pages has slowly been reduced to only one or two per day through our regular and relentless reporting directly to Geocities. (They've actually thanked us for our efforts.) Today's catch held only one. Blogspot.com however has been tougher to break. Google talks to no one. There is no means of reporting to Google -- even SpamCop reports are not accepted. Spammers set up Blogspot.com blogs which contain no data other than a redirect. Somehow they've been able to break Google's captcha. Spammers learned that reporting systems like SpamCop will report to Blogger/Google rather than their redirects. They know Google ignors such reports. Unless you use the Blogger official "peer" reporting link -- which is a pain to use because you have to paste in each instance into an online form. Try this experiment: Accumulate your spam into a 'holding' folder and each day do a search for "blogspot.com" ... you shouldn't get more than four or five. (now down from the 30 to 40 we were reporting back in February.) Use this domain: http://help.blogger.com/?page=troubleshoot...Submit=Continue to report each. That's: http://tinyurl.com/273dmk If you want to report the Geocities spammers, then use: "Geocities Abuse" <abuse[at]geocities.com>, "Yahoo Abuse" <abuse[at]yahoo.com> However I think over the past 60 days the spammers have gotten the message that it's just not worth the trouble of setting up digs at Geocities or Blogspot just for redirects. Good luck
  23. This thread is just incredible! Amazing that I just wasted how many minutes reading every word of it? On the other hand, I have to hand it to that guy. What a story! Can I get reprint permissions? But I believe if you look a little deeper, you'll find C|net is no better than any of the other twenty or so "main stream" online portals which play every trick (some clean, some dirty) in the book to extract reader demographics. About.com is the absolute worst. You'll get spam almost immediately after registering for anything on About.com. Just clear out ALL your cookies, and go to ONE SINGLE About.com page. BINGO. 30 or 40 cookies -- several of which will be "super cookies" meant to extract data from OTHER cookies on your machine! And check some of those expiration dates! "Expires 6/10/2026" ... will any of us even be alive in 2026? I probably won't. Some time back, I wrote an article "How to identify a spam Site" and ranked sites as to the ratio of spam to content. About.com ranked the highest with something like 20-to-1 spam to content ratio. That's why I always use "alias" information. Unless the email reply they ask for requires you to get a response in your actual email account, the whole world is fair game. Just Google a uber-wealthy shiek in Dubai and then use HIS profile! (One snag, the "married" field doesn't accommodate "how many" wives!) That way, they get what they want, and you get what you want. Better yet, use the profile of a Chinese government official! Realistically, though, just use your SpamCop address... and happily move their spam to the "Held" folder for reporting. Again... it was most enjoyable. Thank you all.
  24. showker

    Food for thought

    EXCELLENT... thanks for that one! I've been following the "China" invasion for some time now via Google's news forwarding service -- and the issue is only recently making its way into the main stream media. Statistics abound on how many breach attempts are made each minute which originate in China. 157 out of 776 spams in today's spam traps originated in China, or spamvertised web sites registered or hosted in China and/or the Pacific rim. So it's not just about hacking, or national security -- it's about the huge sums of money being extracted from U.S. citizens each day, shuttled to China via spam and spam related revenue streams. Thanks for that post.
  25. If these spammers are even remotely involved in child porn, stalking, or other online preditory activities involving minors, you should tell your story to www.blueridgethunder.com -- these guys are REAL cops -- not just 'pretend' cops like those prolifferating the web (some mentioned above) -- they actually go out and get the bad guys and put them in hand cuffs. Seriously. (SpamHaus is outside the U.S. with no judiciary powers at all... record keepers.) They're not far from here in Bedford County, VA. They're good guys ... but for spammers, they're seriously bad guys. Nothing is more rewarding than hearing of another spammer's door pounded down in the middle of the night. Nothing! Too bad there aren't more of them... and more enforcement offices willing to actually enforce the law! again, that's : www.blueridgethunder.com