Jump to content
Sign in to follow this  
dra007

What's up with this

Recommended Posts

It's not enough that I get blasted with all that carding/party powder junk, hundreds of them daily but the newest spam points to a botnet spam that I never saw or reported, so is this another way to just be a pest..I just don't get it:

Submitted: Tuesday, August 20, 2013 11:29:32 AM +0200:

Email spam for malekal.com • 5992714217 ( 143.90.201.78 ) To: net-abuse[at]odn.ad.jp

--------------------------------------------------------------------------------

Submitted: Tuesday, August 20, 2013 11:29:32 AM +0200:

Email spam for malekal.com • 5992714393 ( 178.125.167.21 ) To: abuse[at]belpak.by

• 5992714392 ( 178.125.167.21 ) To: abuse[at]belpak.minsk.by

--------------------------------------------------------------------------------

Submitted: Tuesday, August 20, 2013 11:29:32 AM +0200:

Legal powders • 5992714497 ( 178.90.96.35 ) To: noc[at]online.kz

• 5992714496 ( 178.90.96.35 ) To: abuse.spam[at]telecom.kz

• 5992714495 ( 178.90.96.35 ) To: abuse[at]telecom.kz

--------------------------------------------------------------------------------

Submitted: Tuesday, August 20, 2013 11:29:31 AM +0200:

International carding board on new domain • 5992714537 ( 114.24.166.61 ) To: postmaster[at]hinet.net

• 5992714536 ( 114.24.166.61 ) To: abuse#hinet.net[at]devnull.spamcop.net

• 5992714534 ( 114.24.166.61 ) To: spam[at]ms1.hinet.net

--------------------------------------------------------------------------------

Submitted: Tuesday, August 20, 2013 11:29:31 AM +0200:

=?UNKNOWN?B?5MnF1NkgySDT0M/Tz8LZINDPyNXExdTYIMLF2iDEycXU?= • 5992714571 ( 220.227.103.136 ) To: antiabuse.support[at]relianceada.com

--------------------------------------------------------------------------------

Submitted: Tuesday, August 20, 2013 11:29:31 AM +0200:

Email spam for malekal.com • 5992714586 ( 178.136.251.58 ) To: abuse[at]alkar.net

• 5992714585 ( 178.136.251.58 ) To: abuse[at]vegatele.com

--------------------------------------------------------------------------------

Submitted: Tuesday, August 20, 2013 11:29:30 AM +0200:

Email spam for malekal.com • 5992714609 ( 70.30.174.85 ) To: abuse[at]sympatico.ca

--------------------------------------------------------------------------------

Submitted: Tuesday, August 20, 2013 11:29:30 AM +0200:

Legal drugs forum • 5992714633 ( 109.65.20.247 ) To: abuse[at]bezeqint.net

--------------------------------------------------------------------------------

Submitted: Tuesday, August 20, 2013 11:29:30 AM +0200:

Sub-Penny Stock Could Produce Big Percentage Gains • 5992714653 ( 223.238.37.110 ) To: postmaster[at]airtel.in

• 5992714652 ( 223.238.37.110 ) To: techsupport[at]in.airtel.com

• 5992714651 ( 223.238.37.110 ) To: dsl.noctn[at]airtel.in

• 5992714650 ( 223.238.37.110 ) To: incident[at]cert-in.org.in

• 5992714649 ( 223.238.37.110 ) To: dslnoc.ap[at]airtel.in

• 5992714648 ( 223.238.37.110 ) To: dsl.noc[at]airtel.in

• 5992714647 ( 223.238.37.110 ) To: abuse[at]airtel.in

There is actually a blog discussing this but I still fail to see the logic behind it http://blog.dynamoo.com/2013/08/malekalcom-joe-job-part-ii.html

Are the originators of this type of spam the same Byelorussian gang responsible for sending the other weird junk (also not benefiting anyone).. very twisted logic, I know those guys had Rasputin, but this is going beyond..

[edit] killing link http://blog.dynamoo.com/2013/08/malekalcom-joe-job-part-ii.html JIC

Edited by Farelf

Share this post


Link to post
Share on other sites

I saw that, this seems to go beyond because it is sent by botnets and therefore it works as botnet spam, you get 100s a day with same subject line, yet it does not seem to target anyone or anything, am I getting this then just because I am on their list of known SC users/reporters? That is what it appears to be if it is indeed a JoeJob...

Incidentally the website they refer to in the subject line does not appear in the body of the spam just reference to blog sites that I did not visit because they could be exploits.. So maybe someone savvy can explain what is going on with this, does it matter if I report it?

Edited by dra007

Share this post


Link to post
Share on other sites
...So maybe someone savvy can explain what is going on with this, does it matter if I report it?
We shall await the appearance of such a maven with 'bated breath, in the meantime can understand your reluctance to act as a "cat's paw" in any of this but that appears to be the role these people have chosen for yourself and other high-volume reporters.

Can't do any harm to report bot-net spam IMO and, in this scenario, maybe you and other reporters caught up in this can actually get a fair number of zombie IP addresses listed. I'm seeing a great chunk of yota.ru's SCARTEL infrastructure listed even now - http://www.senderbase.org/lookup?search_string=yota.ru - no individual reporter can achieve that but most would agree it is worth exposing such widespread abuse whatever the motivation of those who are sending the spam (though not necessarily the same bot-net involved - but the principle is the same regardless).

It has to be some sort of a turf war with high economic stakes and they are harming the internet while they wage it. Based on what we usually see of bot-net spam they will only redouble their floods if they don't get the results they are after (that is, if you and others don't report).

One way to look at it, anyway ...

Share this post


Link to post
Share on other sites
:blush: Methinks they target me just because I have a Russian wife!! :o Edited by dra007

Share this post


Link to post
Share on other sites

Ah, that is too late to change - Выпьем за любовь! Горько!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×