Jump to content

shmengie

Members
  • Content Count

    97
  • Joined

  • Last visited

Everything posted by shmengie

  1. http://www.spamcop.net/sc?id=z737565409zce...be3f63a1f55320z None of these URLs were diagnosed by SC Thunderbird, however displayed many clickables. http://briny.tehexpertz.com/a/209120/minuteman http://posit.beatrxbillz.com/a/209120/waters http://embroidery.beatrxbillz.com/a/209120/grosvenor http://funeral.beatrxbillz.com/a/209120/alcove http://shipbuilding.beatrxbillz.com/a/209120/aggravate http://transmogrify.beatrxbillz.com/a/209120/commiserate http://droplet.beatrxbillz.com/a/209120/ar http://polloi.beatrxbillz.com/a/209120/trw http://dreary.beatrxbillz.com/a/209120/aeneid http://kalmuk.beatrxbillz.com/a/209120/note They all resolve to Address: 210.245.235.152 Abuse contact for 210.245.235.152: anson28[at]hotmail.com The [at]hotmail.com abuse contact cought me off guard. Huge spam text removed as it exists within the Tracking URL provided above.
  2. shmengie

    Option to reject HTML mail?

    There's another issue... You knever know when someone you actually communicate with, will take the initiative to dress up their e-mail with html decorations. Although I have no appreciation for this, I do recieve a couple of dressed up e-mails a year I would perfer not to reject. I could tell these ppl to stop, but they spent extra time doing that sort of thing, in effort to make their mails look "good". I don't see anything good coming from griping about it.
  3. shmengie

    Spam may end one day

    http://www.physorg.com/weblog/news1243.html And I remain hopeful...
  4. shmengie

    foobar

    Who is this, are they DOA? I'm getting spams websites in this neighborhood of addresses, and it's really urking me because I can't complain. I even tried calling the 801 # and it's a fast busy signal... arageaefja;lkje OrgName: Silicon Compiler Systems OrgID: SCS-1 Address: 7090 South Union Park Avenue Address: Suite 200 City: Midvale StateProv: UT PostalCode: 84047 Country: US NetRange: 134.86.0.0 - 134.86.255.255 CIDR: 134.86.0.0/16 NetName: SCS NetHandle: NET-134-86-0-0-1 Parent: NET-134-0-0-0-0 NetType: Direct Assignment Comment: RegDate: 1989-04-19 Updated: 1991-01-03 TechHandle: KM131-ARIN TechName: Miller, Kevin TechPhone: +1-801-320-8032 TechEmail: kmiller[at]mhz.com
  5. shmengie

    foobar

    Thanks for the info guys. Meryln led me to the path of understanding. The NetRange: 134.86.0.0 - 134.86.255.255 appears to be hijacked by a group of known spammers. According to traceroute, they're operating in Brazil, which appears to the latest safe-harbor for spammers. Silicon Complier systems must have owned this net range once in the past, and it hasn't be dished out to another organization, which appears how it got hijacked, and why I as asking about 'em. We definatly need to get Brazil on board with the rest of the world...
  6. shmengie

    Missing URLs, I wanna report!

    Ahh, that explains it. I saw the yahoo, and wondered if SC dug up the same reporting to: addy... When None were dug up, I posted here. Thanks for the info. Since all the links resolve to the same IP, would it not be prudent to report anyway?
  7. shmengie

    Missing URLs, I wanna report!

    According to whois for that ip, yes it's. after a closer inspection of the whois record, I noticed that it was modified by a yahoo.co.uk account, so I figured it may be legit. changed: [bzzt][at]yahoo.co.uk 20050218
  8. shmengie

    new form of url

    I hope you percievied my intention of humor in the previous post. That quote quote Url quote quote did come in a spam. I don't understand why the spammer did that. Guess most ppl wouldn't even have seen it. I only saw it cuz I looked at the source. It wasn't visible in the Thunderbird rendered e-mail. I only posted it here cuz you cought me beeing a goof at the beginning of this thread. Now that I realize I'm not worthy of posting in this forum, I'll stop
  9. shmengie

    new form of url

    I noticed the tag in http://www.spamcop.net/sc?id=z736926310zfa...c3cac24cf72067z <a href="http://%61%6c%6c%73%6f%66%74%73%2e%6e%65%74" target="_blank"> Does not seem to be recognized by SC as an URL http://allsofts.net Name: allsofts.net Address: 195.47.196.142 Thunderbird displayed the URL properly rendered, yet my reporting software didn't lidentify it until I added some more code... Took me a while to decrypt it. Maybe you will appreciate this Python code which is capable of locating and decoding these refrences. http2 = re.compile(r'''(?&lt;!src\=)(?&lt;!src\=['"])(?&lt;!src\=3d['"])(?P&lt;url&gt;http\:[/]*(?:%[0-9|a-f]{2,2})+)(?!'&gt;&lt;/a&gt;)(?!"&gt;&lt;/a&gt;)(?!&gt;&lt;/a&gt;)''', re.IGNORECASE) http2refs = http2.findall(clip) percents = re.compile(r'(%[0-9|a-f]{2,2})') for i in range(len(http2refs)): for digi in percents.findall(http2refs[i]): http2refs[i]=http2refs[i].replace(digi,-hacker-string.atoi(digi[1:],16))) HReferences += http2refs
  10. shmengie

    Is it really doing any good?

    Here's a reply I received from Easynet UK, after I queried about my reporting style. This may shed some light on why reporting is good.
  11. shmengie

    new form of url

    Well, here's one that SC didn't find! Although, I don't see this URL being worthy a feture request... I hunted it down by hand. I figure if I keep posting on this thread, I'll seem totally insane or a genius
  12. shmengie

    new form of url

    DOH! My bad... Thought I looked and it didn't.
  13. shmengie

    Is it really doing any good?

    I've never been a paid member of spamcop, so I don't know what kinds of reports you recieve in that event. I have, however, been sending reports out my door to ISPs daily (averaging 50 per day) reports. I recieve about 1-3 replies a week, that don't seem to be automated, regarding my reports. I rather enjoyed this one:
  14. shmengie

    Additional reporting?

    I've recenlty gotten into the habbit of forwarding stock picks to enforcement[at]sec.gov Any spam that mentions Microsoft products gets forwarded to piracy[at]microsoft.com I've hunted for a pfizer contact, but have been unable to locate an address to forward viagra related messages.
  15. shmengie

    source of evil

    I recieved this email (around 2005-02-01 (Feb. 1st)) and reported 217.148.2.204 to message[at]shlink.ch After reporting the spam, I've recieved virus in the mail from 217.148.7.200 To date 17 emails containing a virus. That seems a little too coincidental to me. Reporting to message[at]shlink.ch seems to be a waste of time. How else might I follow up on this?
  16. shmengie

    spam or virus

    I think IE is insecure... I even tried uninstalling it. Add/remove programs/Windows components, IE used to be listed there for uninstallation. After Uninstalling it, it is still on my computer, becuse I can still get windows update which requires it, but I think it did remove the icon from the desktop, and shuffeled a few other files around. Kinda wish I would have taken a full inventory, b4 and after. I was reluctant to uninstall ie, but it seems my reluctance was for naught. Me thinks Microsoft also blieves in the spammer rulez. Ran windows update (haven't for a while) There's a cumulative patch for IE which isn't installed on my computer, go figure.
  17. shmengie

    Why not whitelists

    There are a couple of inherit problem with whitelists... * Everyone must sign up to join them. None can commuincate until all parties of a communication channel are subscribed. * They're not bullet proof What happens when a someone makes the effort to disrupt the service. 1000 spammers who acqurie 1000 valid accounts can lodge a lot of complaints. What about a conspiracy? if someone doesn't like what someone else does... Who gets blocked, who doesn't? * administration and judication would be a nightmare Someone has which reports are valid or not. Otherwise ppl will be unjustly removed If it was as simple as we wish, it would have been done. In an ideal world, no problem it could work. But then, in an ideal world, would it be needed in the first place?
  18. shmengie

    spam or virus

    Luv ur signature petzl I'm a little curious if you are familiar with the sourceforge project Calm or specifically clamwin: http://www.clamwin.com/ http://sourceforge.net/projects/clamwin/ I'm currently checking out AVG tho. So far, AVG is performing nicely, it found the 10 viri I had stored for later inspection. (it's only 3 different versions of same strain) It's curious, after I reported a spam to a specific site in China, I've been recieving viri form a neighboring ip addy. I wonder what that's all about...
  19. shmengie

    Additional reporting?

    That link is very informative, thanks Steven
  20. shmengie

    Strange spam

    I wouldn't infect my working computers... That would be more trouble than it's worth. But I may have access to a couple of old 98 machines that have nothing better to do :/ (I'm not top notch, but know enough) Thanks for the replies and the heads up on isc.scans.org I need to break from this line of thinking... I'm not getting paid to do this work, I need to concentrate on work that will get me paid. I'm not the only one aware of the web bugs... My main reason for posting. It was bugging me, that I didn't turn up any info searching the web, but I wasn't using the proper keywords... I got a little over excited too when I realized what the silly e-mails are potentially good for. It seems like ISP's should to actively scan their network traffic and contact infected clients. If they would do that, 90% of the spam could be halted.
  21. shmengie

    Strange spam

    I can't concieve of any reason to send out nonsense spams that have the web bug, other than to identify targets for the virus/trojans. I've been collecting the viri sent to me, but have yet to take the time to see what their purpose in life is. Althought I suspect their primary reason for being is to proxy spam, I have yet to verify this suspicion. With that in mind, has anyone actively sought the virus and recorded where it reports to? My interests is identifying the originating IP. If I had the time, I'd also like to learn how to identify computers with the spam proxy agents, and figure out how to have them send reports on themself to their ISP's. <- that would be awesome.
  22. shmengie

    Strange spam

    swingspacers I don't think you understand the point I'm driving at. The point I was trying to get across is this: I don't have a problem with that spam... But guessing at it's purpose, I finally realized why it exists (it's been bugging me for a while)... I think it's a feeler spam, searching for e-mail clients that are suseptiable to trojan/viri spam proxy agents. The image content is irrelevant... The fact that the img src=http://gjmatvienkoxdfg.com/bdfadbb619845f8e312afd7d7/inexplicable.jpg generates a weblog that probably identifies my address to the spammer. Now the spammer suspectes that I'm fool enough to use an email client that fetches images off the web, which is possiblly suseptable to infection. I don't know, off the top of my head, if the weblog also includes the web client that retrieved the picture, but probably does. In that event, they've got all the information they need to know who to send the virus/trojan to. I think it would be prudent to use this information against the responsible party and prosecute to the full extent of every law possible. I'm inclined to dig up an old outlook client and forward that e-mail to myself, then wait and see what viri comes my way.... with a good packet sniffer, I could determine when it calls home to say it's ready to proxy spam. Then sniff out the source of spam and forward to the proper officials. After a breif googling on this topic, to no avail, I brought it here for discussion. re: tracking For a sophisticated spammer, it's very easy to track successful spam... all they need to do is include a unique identifier in an url, and when that url is hit, a quick database lookup for the weblog, shows which e-mail (addressee) is the duck. If a spammer (which I seriously doubt) cares about who reported spam, they can do the same thing inside or outside of an web url, embed a unique identifier anywhere in the spam, and they would achieve the same result. I suspect spammers are too busy finding their next ISP, rather than worry about me reporting their spam. re: spamcop I grew tired of using spamcop to report spam. It takes too long to process the bulk of mail I recieve. 50~ a day. Instead I wrote a little scri_pt to facilitate my reporting process. Now days I always send spam reports to the ISP of the originating spam and where possible report websites referenced in the spam. A spammer is now directly sending viri my way, but I can live with that.
×