Jump to content

Stock Spam


msealey

Recommended Posts

  • Replies 54
  • Created
  • Last Reply
Formats have changed: for the past two weeks they were pretty clinical; now there's another set of paragraphs.

26987[/snapback]

They use those paragraphs to fool the spam filters. And they are probably are using zombies, making it harder to blacklist.

Link to comment
Share on other sites

They use those paragraphs to fool the spam filters.  And they are probably are using zombies, making it harder to blacklist.

26999[/snapback]

Yep :(

Judging by the scale of it (I've seen nothing like it since the V|agra boom a year or so ago) they're winning: despite server-side and client-side filtering, reporting to a dozen different authorities (including every single one to SEC and NASDAQ) and full use of Sp[at]mX, my levels of this muck are at an all time high, St0ck spam being almost entirely responsible. I dread opening my email client now.

Link to comment
Share on other sites

  • 1 year later...

Just a bit of an update on a pump and dump spammer now facing charges ....

Stock spammers stung by Secret Service

According to the February 17 complaint, Moeller boasted to a fellow spammer (working for the feds as a confidential informant or CI) that he and Vitale were making $40,000 per week sending spam that touted shares of small-cap stocks -- a practice known as pump-and-dump spamming. The two operated a company called Viatelecom aka Via Telecom LLC to do their stock deals.

In an April, 2005 instant message conversation with the CI, Moeller claimed that he had 40 servers for sending spam, as well as 35,000 "peas" or proxies to disguise the true origin of the spams. He said he exclusively spammed AOL members and boasted he could send millions of spams per hour, with less than 20 percent getting caught in AOL's spam filters.

.

.

At one point, Moeller boasted that his proxies included AOL systems, which enabled him to "proxy lock the [aol] domain and use the internal smtp." However, AOL has told the Secret Service that "most, if not all" of the spams from Moeller/Vitale were sent using Internet IPs and not from AOL's internal network..

.

.

According to the Secret Service, before the sting was over, AOL's filters had registered a total of 1,277,401 spams from Moeller and Vitale. A review of a small portion of the spams showed they had been sent from 73 unique IP addresses (aka proxies).

Link to comment
Share on other sites

  • 5 months later...

Oh thank goodness. I am swamped every day with 20 or more of these darn things... I can't seem to filter them all out. I'm using Eudora 7.0.1, and I keep tagging them as junk, but at least one of them manages to fool the spam detector and wind up in my inbox instead of Junk.

Ugh. When will this onslaught end???

Link to comment
Share on other sites

Ugh. When will this onslaught end???

Two ways:

1) When all those scumbags have been arrested and put to jail. That's why just deleting those mails isn't enough, you should report them to the SEC as I do.

2) When all pinheads who still believe in such schemes finally go bankrupt.

However, chances are slim because there's a new sucker born every minute...

Good luck,

A. Friend

Link to comment
Share on other sites

However, chances are slim because there's a new sucker born every minute...

In my experience, that is a very conservative estimate...

On a more on-topic note, a quick search of the news at sec.gov shows that they have been shutting down both companies involved in P&D and third parties, so apparently we are doing some good. Its just that we are going after a mountain with what amounts to a few small rock picks.

Link to comment
Share on other sites

  • 4 weeks later...

I started getting a lot of stock spam last month. Previously I was getting fake Rolex and viagra related spam. The changeover to stock spam was almost seamless...

The stock spam started 12 days after I managed to unsubscribe from a load of "This watch is spectacular" and other similar related spam which all linked back to identical looking sites, but with different URL's. The title of the main page reads "Exquisite Replica" - eg see http://156.skeletonfoots.com/ . I used the "opt out" link in the top right of their page. The spam stopped immediately. Interestingly so did all the "beware of fake pills" spam. But 12 days later a barrage of stock spam started, and has done every day since. This could be a coincidence, but the this "exquisite replica" company looks to me to be rather unscrupulous, and I wouldn't be surprised if either my details I used to unsubscribe with got passed on to other spammers, or it's the same spammers behind the fake Rolex spam, the "health products" AND the stock spam...

Link to comment
Share on other sites

<snip>I used the "opt out" link in the top right of their page. The spam stopped immediately. Interestingly so did all the "beware of fake pills" spam. But 12 days later a barrage of stock spam started, and has done every day since. This could be a coincidence, but the this "exquisite replica" company looks to me to be rather unscrupulous, and I wouldn't be surprised if either my details I used to unsubscribe with got passed on to other spammers, or it's the same spammers behind the fake Rolex spam, the "health products" AND the stock spam...
...Almost certainly the latter. I believe that if you had not used the "opt out" link, the "exquisite replica" and "beware of fake pills" spam would have stopped, anyway. That's how these things seem to work ... send one variety of spam to several million people in the early AM, then another variety in the late AM, etc.
Link to comment
Share on other sites

You seem to have fallen in a trap many newbies do. By opting out you told a spammer your e-mail add is live (remember they generate many with dictionary attacks and the like).. Expect to get a lot more spam now that your add will be sold to countless spammers' lists!

Link to comment
Share on other sites

  • 4 weeks later...

Thanks Mark, the article on "image spam" answered a few of my questions, though I can't say it cheered me up. The plethora of emails I receive each day consist of a rambling opening text section, an imbedded image that advertises a stock in a grainy, tacky kind of poster format, then more rambling text.

The senders' email addresses seem to use legitimate company dot.com addresses, but the name, topic and senders details appear to be randomly generated. But why on earth send the same message a dozen times to the same recipient from a dozen different adresses on the same day?

Surely there's something in the source details that can provide a clue? This is a sample:

Return-Path: <xliability[at]kir.com>

Received: from german-9t5ottq4.ciudad.com.ar ([201.212.102.98])

by imta06sl.mx.bigpond.com with SMTP

id <20061209223032.IFLP23909.imta06sl.mx.bigpond.com[at]german-9t5ottq4.ciudad.com.ar>

for <blair086[at]bigpond.net.au>; Sat, 9 Dec 2006 22:30:32 +0000

Message-ID: <001601c71bc8$6ea673c0$00ccf104[at]german9t5ottq4>

From: Rigoberto Aldrich <xliability[at]kir.com>

etc.

There is no "unsubscribe" capability (though as others have pointed out, it would not be safe to use it anyway)

Cheers ... sort of.

Link to comment
Share on other sites

Thanks Mark, the article on "image spam" answered a few of my questions, though I can't say it cheered me up. ...Surely there's something in the source details that can provide a clue? ...
Ah, you have yet to appreciate the full horror of the situation outlined in Mark's link. Unsuspecting PC owners have their machines "trojanized" and thereafter become the unwitting conduits for this stuff. Somewhere, virtually untraceable, the botmaster marshalls his variable host of infected machines for their daily, hourly tasks. Your PC could be part of it. So could mine. Even the clues of style and content are masked to whatever extent is necessary. Normal tracing methods are not a lot of use, and the money trails are convoluted and complex.

If you want to do something more about it (noting also some reporting suggestions earlier in this topic - which may not be valid/as effective for non-US citizens), TerryNZ's lengthy topic Botnet scenario walks through the issues and provides a template of sorts towards the end.

Link to comment
Share on other sites

  • 1 month later...

I am new to this forum... I found it on a google search of "Exquisite Replicas". I started getting bounced spam about a week ago. The spammer spoofed my email address as the return address. I talked with my ISP and checked out my machine and the mail isn't coming from my computer.

I get a lot of spam and just ignore it. This is really a pain because my email address is listed on the spam.

Can someone point me to the procedure to combat this problem. I started by reporting the true senders ip address (when it showed up in the bounce message) but the ip isn't consistent. I also found a few sites on the net for this company and would like to report those to their ISP.

I'm surprised people can't just update the mail protocol to require information to remedy this problem. I guess it will happen at some point. This is ridiculous.

Ryan

Link to comment
Share on other sites

Ryan,

I hate to say this - but there is practically nothing you can do about it.

Two techniques are front-runners in trying to reduce it:

SPF and DomainKeys.

Your ISP should be able to tell you which (if either) they are implementing, then help you. Good luck!

Link to comment
Share on other sites

Thank you for your response.

The links you send are interesting and I look forward to the day a standard like this is implemented. Would my ISP implementing a system like this fix this problem though? It seems like other computers are sending the mail and I just happen to own the unlucky spoofed email address. It seems like I need all of these receiving machines to run this sort of verification... Anyway, I'm probably misunderstanding something.

Since I can find a few websites that are linked to this business, could I report them to sec.gov or something. It seems like someone mentioned something like that. Can DNS records be forged? http://www.bandyankapinkone.com/

http://www.jamieivshungry.com/

Sorry for asking all of these basic questions... Do you think my email address will get blacklisted because it's linked to this spam or does that process use the sending domain to verify?

Thanks again!

Ryan

Link to comment
Share on other sites

Ryan,

You're very welcome!

I'm sorry you're experiencing this. It's happening to a lot of us. spam is effectively now out of control, businesses are losing $billions, individuals' lives are being effected on a scale out of all proportion to the gain of a few selfish criminals. IOW you're not alone :-(

See <http://www.spamhaus.org/rokso/index.lasso>

> Would my ISP implementing a system like this fix this problem though?

No, though it ought to prevent future spammers from latching onto your address and profiting from it.

> Since I can find a few websites that are linked to this business, could I report them to sec.gov or

There are a number of reporting agencies - including SpamCop. Personally (though I do support SpamCop and financially) the efforts of reporting agencies - including SEC, FBI - are next to hopeless.

> Can DNS records be forged?

I believe so. Spammers can forge and subvert almost anything.

> Sorry for asking all of these basic questions...

Not at all, Ryan!

> Do you think my email address will get blacklisted because it's linked to this spam

> or does that process use the sending domain to verify?

In theory if it did (get listed) you could appeal to the listers and explain it's not coming from you - which can be proved. In practice, not all ISPs are geared to listen. Many of them profit immeasurably from spam see <http://www.spamhaus.org/statistics/networks.lasso>.

> Thanks again!

You're more than welcome. Good luck.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.


×
×
  • Create New...