Jump to content
Sign in to follow this  
msealey

Stock Spam

Recommended Posts

The SEC web page sez you can do this:

Spams - Forward investment-related spam e-mails to enforcement[at]sec.gov.

rather than filling out forms.

Share this post


Link to post
Share on other sites

captkirk,

Yes. Thanks; have been doing this all along.

Share this post


Link to post
Share on other sites

I have noticed that the fine print at the bottom of each "Stock Alert" does not contain legal information but a senseless and rambling story. It gave out a website in the fine print, spoofle.org but that domain does not exist.

Share this post


Link to post
Share on other sites

Formats have changed: for the past two weeks they were pretty clinical; now there's another set of paragraphs.

Share this post


Link to post
Share on other sites
Formats have changed: for the past two weeks they were pretty clinical; now there's another set of paragraphs.

26987[/snapback]

They use those paragraphs to fool the spam filters. And they are probably are using zombies, making it harder to blacklist.

Share this post


Link to post
Share on other sites
They use those paragraphs to fool the spam filters.  And they are probably are using zombies, making it harder to blacklist.

26999[/snapback]

Yep :(

Judging by the scale of it (I've seen nothing like it since the V|agra boom a year or so ago) they're winning: despite server-side and client-side filtering, reporting to a dozen different authorities (including every single one to SEC and NASDAQ) and full use of Sp[at]mX, my levels of this muck are at an all time high, St0ck spam being almost entirely responsible. I dread opening my email client now.

Share this post


Link to post
Share on other sites

Just a bit of an update on a pump and dump spammer now facing charges ....

Stock spammers stung by Secret Service

According to the February 17 complaint, Moeller boasted to a fellow spammer (working for the feds as a confidential informant or CI) that he and Vitale were making $40,000 per week sending spam that touted shares of small-cap stocks -- a practice known as pump-and-dump spamming. The two operated a company called Viatelecom aka Via Telecom LLC to do their stock deals.

In an April, 2005 instant message conversation with the CI, Moeller claimed that he had 40 servers for sending spam, as well as 35,000 "peas" or proxies to disguise the true origin of the spams. He said he exclusively spammed AOL members and boasted he could send millions of spams per hour, with less than 20 percent getting caught in AOL's spam filters.

.

.

At one point, Moeller boasted that his proxies included AOL systems, which enabled him to "proxy lock the [aol] domain and use the internal smtp." However, AOL has told the Secret Service that "most, if not all" of the spams from Moeller/Vitale were sent using Internet IPs and not from AOL's internal network..

.

.

According to the Secret Service, before the sting was over, AOL's filters had registered a total of 1,277,401 spams from Moeller and Vitale. A review of a small portion of the spams showed they had been sent from 73 unique IP addresses (aka proxies).

Share this post


Link to post
Share on other sites

Wazoo,

Thanks for that. Good news. Waves of this trash come and go.

Keep at it!

Share this post


Link to post
Share on other sites

Oh thank goodness. I am swamped every day with 20 or more of these darn things... I can't seem to filter them all out. I'm using Eudora 7.0.1, and I keep tagging them as junk, but at least one of them manages to fool the spam detector and wind up in my inbox instead of Junk.

Ugh. When will this onslaught end???

Edited by Nakomis

Share this post


Link to post
Share on other sites
Ugh. When will this onslaught end???

Two ways:

1) When all those scumbags have been arrested and put to jail. That's why just deleting those mails isn't enough, you should report them to the SEC as I do.

2) When all pinheads who still believe in such schemes finally go bankrupt.

However, chances are slim because there's a new sucker born every minute...

Good luck,

A. Friend

Share this post


Link to post
Share on other sites
However, chances are slim because there's a new sucker born every minute...

In my experience, that is a very conservative estimate...

On a more on-topic note, a quick search of the news at sec.gov shows that they have been shutting down both companies involved in P&D and third parties, so apparently we are doing some good. Its just that we are going after a mountain with what amounts to a few small rock picks.

Share this post


Link to post
Share on other sites
Its just that we are going after a mountain with what amounts to a few small rock picks.

Well, constant dripping wears away the stone.

Good luck,

A. Friend

Share this post


Link to post
Share on other sites

I started getting a lot of stock spam last month. Previously I was getting fake Rolex and viagra related spam. The changeover to stock spam was almost seamless...

The stock spam started 12 days after I managed to unsubscribe from a load of "This watch is spectacular" and other similar related spam which all linked back to identical looking sites, but with different URL's. The title of the main page reads "Exquisite Replica" - eg see http://156.skeletonfoots.com/ . I used the "opt out" link in the top right of their page. The spam stopped immediately. Interestingly so did all the "beware of fake pills" spam. But 12 days later a barrage of stock spam started, and has done every day since. This could be a coincidence, but the this "exquisite replica" company looks to me to be rather unscrupulous, and I wouldn't be surprised if either my details I used to unsubscribe with got passed on to other spammers, or it's the same spammers behind the fake Rolex spam, the "health products" AND the stock spam...

Share this post


Link to post
Share on other sites

If you didn't subscribe in the first place, don't unsubscribe. All you are doing is confirming that your email address works and that you actually look at the messages.

Share this post


Link to post
Share on other sites
<snip>I used the "opt out" link in the top right of their page. The spam stopped immediately. Interestingly so did all the "beware of fake pills" spam. But 12 days later a barrage of stock spam started, and has done every day since. This could be a coincidence, but the this "exquisite replica" company looks to me to be rather unscrupulous, and I wouldn't be surprised if either my details I used to unsubscribe with got passed on to other spammers, or it's the same spammers behind the fake Rolex spam, the "health products" AND the stock spam...
...Almost certainly the latter. I believe that if you had not used the "opt out" link, the "exquisite replica" and "beware of fake pills" spam would have stopped, anyway. That's how these things seem to work ... send one variety of spam to several million people in the early AM, then another variety in the late AM, etc.

Share this post


Link to post
Share on other sites

You seem to have fallen in a trap many newbies do. By opting out you told a spammer your e-mail add is live (remember they generate many with dictionary attacks and the like).. Expect to get a lot more spam now that your add will be sold to countless spammers' lists!

Share this post


Link to post
Share on other sites

Thanks Mark, the article on "image spam" answered a few of my questions, though I can't say it cheered me up. The plethora of emails I receive each day consist of a rambling opening text section, an imbedded image that advertises a stock in a grainy, tacky kind of poster format, then more rambling text.

The senders' email addresses seem to use legitimate company dot.com addresses, but the name, topic and senders details appear to be randomly generated. But why on earth send the same message a dozen times to the same recipient from a dozen different adresses on the same day?

Surely there's something in the source details that can provide a clue? This is a sample:

Return-Path: <xliability[at]kir.com>

Received: from german-9t5ottq4.ciudad.com.ar ([201.212.102.98])

by imta06sl.mx.bigpond.com with SMTP

id <20061209223032.IFLP23909.imta06sl.mx.bigpond.com[at]german-9t5ottq4.ciudad.com.ar>

for <blair086[at]bigpond.net.au>; Sat, 9 Dec 2006 22:30:32 +0000

Message-ID: <001601c71bc8$6ea673c0$00ccf104[at]german9t5ottq4>

From: Rigoberto Aldrich <xliability[at]kir.com>

etc.

There is no "unsubscribe" capability (though as others have pointed out, it would not be safe to use it anyway)

Cheers ... sort of.

Share this post


Link to post
Share on other sites
Thanks Mark, the article on "image spam" answered a few of my questions, though I can't say it cheered me up. ...Surely there's something in the source details that can provide a clue? ...
Ah, you have yet to appreciate the full horror of the situation outlined in Mark's link. Unsuspecting PC owners have their machines "trojanized" and thereafter become the unwitting conduits for this stuff. Somewhere, virtually untraceable, the botmaster marshalls his variable host of infected machines for their daily, hourly tasks. Your PC could be part of it. So could mine. Even the clues of style and content are masked to whatever extent is necessary. Normal tracing methods are not a lot of use, and the money trails are convoluted and complex.

If you want to do something more about it (noting also some reporting suggestions earlier in this topic - which may not be valid/as effective for non-US citizens), TerryNZ's lengthy topic Botnet scenario walks through the issues and provides a template of sorts towards the end.

Share this post


Link to post
Share on other sites

I am new to this forum... I found it on a google search of "Exquisite Replicas". I started getting bounced spam about a week ago. The spammer spoofed my email address as the return address. I talked with my ISP and checked out my machine and the mail isn't coming from my computer.

I get a lot of spam and just ignore it. This is really a pain because my email address is listed on the spam.

Can someone point me to the procedure to combat this problem. I started by reporting the true senders ip address (when it showed up in the bounce message) but the ip isn't consistent. I also found a few sites on the net for this company and would like to report those to their ISP.

I'm surprised people can't just update the mail protocol to require information to remedy this problem. I guess it will happen at some point. This is ridiculous.

Ryan

Share this post


Link to post
Share on other sites

Ryan,

I hate to say this - but there is practically nothing you can do about it.

Two techniques are front-runners in trying to reduce it:

SPF and DomainKeys.

Your ISP should be able to tell you which (if either) they are implementing, then help you. Good luck!

Share this post


Link to post
Share on other sites

Thank you for your response.

The links you send are interesting and I look forward to the day a standard like this is implemented. Would my ISP implementing a system like this fix this problem though? It seems like other computers are sending the mail and I just happen to own the unlucky spoofed email address. It seems like I need all of these receiving machines to run this sort of verification... Anyway, I'm probably misunderstanding something.

Since I can find a few websites that are linked to this business, could I report them to sec.gov or something. It seems like someone mentioned something like that. Can DNS records be forged? http://www.bandyankapinkone.com/

http://www.jamieivshungry.com/

Sorry for asking all of these basic questions... Do you think my email address will get blacklisted because it's linked to this spam or does that process use the sending domain to verify?

Thanks again!

Ryan

Share this post


Link to post
Share on other sites

Ryan,

You're very welcome!

I'm sorry you're experiencing this. It's happening to a lot of us. spam is effectively now out of control, businesses are losing $billions, individuals' lives are being effected on a scale out of all proportion to the gain of a few selfish criminals. IOW you're not alone :-(

See <http://www.spamhaus.org/rokso/index.lasso>

> Would my ISP implementing a system like this fix this problem though?

No, though it ought to prevent future spammers from latching onto your address and profiting from it.

> Since I can find a few websites that are linked to this business, could I report them to sec.gov or

There are a number of reporting agencies - including SpamCop. Personally (though I do support SpamCop and financially) the efforts of reporting agencies - including SEC, FBI - are next to hopeless.

> Can DNS records be forged?

I believe so. Spammers can forge and subvert almost anything.

> Sorry for asking all of these basic questions...

Not at all, Ryan!

> Do you think my email address will get blacklisted because it's linked to this spam

> or does that process use the sending domain to verify?

In theory if it did (get listed) you could appeal to the listers and explain it's not coming from you - which can be proved. In practice, not all ISPs are geared to listen. Many of them profit immeasurably from spam see <http://www.spamhaus.org/statistics/networks.lasso>.

> Thanks again!

You're more than welcome. Good luck.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×