300mph Posted May 11, 2012 Share Posted May 11, 2012 I just received a very spooky spam today. One of the usual hyperlinks that directs an unsuspecting person to the spammers webpage contained a very odd format. The format was: http://[some address here].com/my_last_name I was more than a little startled to see my last name appended to a spam page hyperlink. Has anyone ever seen this or have any idea how this could happen? Link to comment Share on other sites More sharing options...
turetzsr Posted May 11, 2012 Share Posted May 11, 2012 ...The simplest, albeit unlikely, answer is that in preparation for your response the spammer has created a virtual internet directory with your name. I consider that unlikely only because most spammers target thousands or millions of potential victims and, therefore, would have to go through the trouble of creating such a virtual directory for each potential victim. A more complex answer would be that the spammer has set up some scri_pt or program on the web server to recognize your name as a name rather than a virtual directory. ...This is just off the top of my head. I presume others can come up with yet more scenarios. Link to comment Share on other sites More sharing options...
petzl Posted May 11, 2012 Share Posted May 11, 2012 I just received a very spooky spam today. One of the usual hyperlinks that directs an unsuspecting person to the spammers webpage contained a very odd format. The format was: http://[some address here].com/my_last_name I was more than a little startled to see my last name appended to a spam page hyperlink. Has anyone ever seen this or have any idea how this could happen? Either you or one of your contacts has a Trojan that has downloaded their contact email address's. Don't hurt to scan your own computer. I no longer have my full name in my email just "from:PP" Email info can also be "scraped" as it passes from one server to the next. You can see what computers servers that handle your email by a traceroute Link to comment Share on other sites More sharing options...
Lking Posted May 11, 2012 Share Posted May 11, 2012 The format was: http://[some address here].com/my_last_name Or what you see in the email is http:[some address here].com/mhy_last_name but the hyperlink really goes to http://[some other place].com/really_bad_script Link to comment Share on other sites More sharing options...
300mph Posted May 11, 2012 Author Share Posted May 11, 2012 ...The simplest, albeit unlikely, answer is that in preparation for your response the spammer has created a virtual internet directory with your name. I consider that unlikely only because most spammers target thousands or millions of potential victims and, therefore, would have to go through the trouble of creating such a virtual directory for each potential victim. A more complex answer would be that the spammer has set up some scri_pt or program on the web server to recognize your name as a name rather than a virtual directory. ...This is just off the top of my head. I presume others can come up with yet more scenarios. Very interesting. Is there a safe way to try out the address and see what's there or if it is active? Link to comment Share on other sites More sharing options...
300mph Posted May 11, 2012 Author Share Posted May 11, 2012 Either you or one of your contacts has a Trojan that has downloaded their contact email address's. Don't hurt to scan your own computer. I no longer have my full name in my email just "from:PP" Email info can also be "scraped" as it passes from one server to the next. You can see what computers servers that handle your email by a traceroute Yes, this is always a possibility. Here is an additional piece of info that thickens the plot. I have a rather unusual last name, so it's not like Smith or Jones, and the name used in the hyperlink is my name with one letter misspelled. Also my email address does not contain my name and my profile does not contain my name. Link to comment Share on other sites More sharing options...
300mph Posted May 11, 2012 Author Share Posted May 11, 2012 Thanks everyone for your responses and here are more specifics: 1. My name appears in the hyperlink itself, the visual text says something else. 2. The name is misspelled by one letter and my name is rather unique so it's not a coincidence. This seems to point to a hand-formed spam creation and not a spambot? 3. I don't have my name associated with the email account. Given these clues does it sound like I have somehow been targeted by the spammers or am I being too paranoid. Link to comment Share on other sites More sharing options...
lisati Posted May 11, 2012 Share Posted May 11, 2012 2. The name is misspelled by one letter and my name is rather unique so it's not a coincidence. This seems to point to a hand-formed spam creation and not a spambot? I'm wondering if a spambot is being used that randomises names slightly, based on replacing letters with similar letters or numbers, like you might see in a message that is being tinkered with in an effort to beat filters. As an aside, my name is rare where I live too, there's only two of us that I know of within something like 500km. Link to comment Share on other sites More sharing options...
turetzsr Posted May 12, 2012 Share Posted May 12, 2012 I'm wondering if a spambot is being used that randomises names slightly, based on replacing letters with similar letters or numbers, like you might see in a message that is being tinkered with in an effort to beat filters. <snip> ...Ah, yes, I've seen something like that in "help, I'm trapped in Europe and need money fast!" spam allegedly from someone I knew. Link to comment Share on other sites More sharing options...
InvisiBill Posted May 26, 2012 Share Posted May 26, 2012 I just received a very spooky spam today. One of the usual hyperlinks that directs an unsuspecting person to the spammers webpage contained a very odd format. The format was: http://[some address here].com/my_last_name I was more than a little startled to see my last name appended to a spam page hyperlink. Has anyone ever seen this or have any idea how this could happen? My guess is that the webserver is configured to accept anything in place of your name. "http://[some address here].com/_____" is probably always accepted. This also provides some tracking as to who's falling for it. They simply check the webserver logs and see which names were used in URL requests. Also, if the actual URL was more complicated than what you posted, keep in mind that "?" is a separator between the URL and the parameters it's passing to the page. "http://[some address here].com/?my_last_name" takes you to the same page as just "http://[some address here].com/", but the first one also passes "my_last_name" as a parameter to that page. I doubt that they actually went through and configured a webserver specifically for each name that they spammed, though it shouldn't be too hard to scri_pt something like that using the database that generated the spam (just generate an entry on the webserver along with each spam message generated). As for how they actually got your name, I'm guessing it's from someone who's got you in their contact list and had their PC compromised, or possibly scraped from some internet profile somewhere (which may have gotten its info from someone else's contact list). Very interesting. Is there a safe way to try out the address and see what's there or if it is active? http://web-sniffer.net/ Link to comment Share on other sites More sharing options...
william_ Posted May 29, 2012 Share Posted May 29, 2012 if you used the address on facebook etc, then on that site you can resolve email address to user by simply searching via email address. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.