Jump to content
Sign in to follow this  
paul101

Lots of "Investor Alert" spam slipping through

Recommended Posts

Greetings:

If this is covered elsewhere or is in the wrong forum, please point me to a relevant thread. Couldn't find anything on a quick search. I handle mail and spam issues for my employer (or try to).

Here's what's going on... an awful lot of illegal "pump and dump" investment spam is slipping through SC filters and landing in our 'real' inbox. It's addressed to our SC address, then forwarded to our real address by the system. Our SC address was illegally harvested and is becoming increasingly polluted. This spew all follows the same general pattern:

1) It's coming from different (always changing) sources all over the planet, making it difficult to filter and blacklist. Even our local mail client (Eudora for Mac) doesn't recognize it as spam and can't just dump it in our Junk folder - so it must be dealt with by hand. Dozens of these a day eat up otherwise useful office time pretty quickly.

2) Subject line is a few words that constantly change, like "decade feels takes" and "he studies history".

3) Most of it arrives with an attachment (usually a GIF image of text peddling some bogus "investor alert" about some unknown company that's about to "explode" or reveal some "news" that will make it valuable - you know the drill). The GIFs are generally all identical images, but the file names constantly change - nonsense names like "jauugv.gif" and "taojrmew.gif" - again making it challenging to filter. The body contains a string of words and phrases carefully chosen to evade filters.

Two questions:

1) Anyone have some tips / tricks for successfully filtering this sort of stuff - and is the team at SC working to beef up the filters and help prevent this type of spam sneaking through?

2) Based on the language in the "investor alert" I'd be willing to bet that the source is some money-grubbing jerk right here in the good ole USA, so I often Cc our SC reports to the Securities Exchange Commission anti-spam address (enforcement at sec dot gov). Hopefully, they monitor the junk and can use SC reports to help track down and prosecute the criminal(s) responsible. However, if I'm just wasting time and bandwidth, I won't bother... anyone have an opinion about that?

See a typical sample here: Report ID 1960742949

Sorry if I'm being dense here, but I'm not really a programmer and know only the very basics for fighting off this sort of garbage.

Thanks for your time and patience,

Paul

Share this post


Link to post
Share on other sites

I had to look at the time/date stamp on this 'new' Topic at least a dozen times .... knowing that I'd seen exactly the same post elsewhere recently ....

Here's the problem, a boat-load of similar queries in the Lounge area, dealing with "stock spam" .. "small graphic" spam .. "no content" spam ... on and on .... there's more in the BlockingList Help Forum section, one Topic in particular that seems to be an e-mail account filtering issue, but the query was couched more as looking at the SpamCopDNSBL ....

I guess the question is .. do we need to start all over with / in this 'new' Topic or should it just be stated that this has been really worked over a bit in a number of other discussions in other Forum sections ...and mention that there are various "Search" tools available ...????

The offered Report ID is another one of those little issues .... FAQ entries have been created to explain that these are useless "here" .. as the only folks that deal with a Report ID are the Deputies and the specific user that managed to generate that specific Report .... There is a FAQ entry that defines the needed steps to re-create the Tracking URL (which is also defined in the Dictionary, Glossary, Wiki) such that the other "users" here can actually see and work with the data involved ....

1) Anyone have some tips / tricks for successfully filtering this sort of stuff

Has any of the existing FAQ data been waded through yet?

and is the team at SC working to beef up the filters and help prevent this type of spam sneaking through?

There really isn't a "team at SC" as far as the e-mail accounts go .. you're basically talking about JT ...

Fitering / management of your account has to start with you looking at configurations, settings, etc ... and you have mentioned none of these, so no one here can guess if you're using any of the tools that JT has installed already ....

Share this post


Link to post
Share on other sites

Sorry, Wazoo. Honestly didn't intend to open up a new can of worms for you to deal with. You clearly have enough stuff on your plate and everyone appreciates the work you do ("what life?").

A little backstory: I thought about this issue often for weeks - and tried to carefully compose a useful post, follow the rules, and seek answers elsewhere before posting (including the pinned stuff and announcements).

It didn't occur to me to poke around in the Lounge area, but I'll remember to check there in the future. I'm just not a lounge sort of guy. Based on the forum descriptions, I took my best shot when I finally decided to post. I tried search terms that seemed to make sense... investment, investor, words like that. I can't remember if I tried the word "stock" - and in retrospect, that's obviously an utterly stupid mistake. Live and learn.

With all due respect, sometimes it feels a little like walking around on eggshells in here... that's why I hardly ever post and only do so when I'm genuinely exhausted.

If it makes sense to "start all over" and port similar posts into this 'new' topic, I'm glad to have helped. If it's just more fiddle-faddle, by all means delete this thread. I'll leave it in your capable hands.

I provided that report ID in the hope that it might be useful... I remember reading somewhere in the rules for posting that it might be useful and tried to oblige. Sorry to have included something so useless. I'll carefully scan the FAQ for future guidance.

Got it that there's no "team at SC" ...I just sorta assumed that since SC hooked up with Iron Port, JT (and Julian, for that matter) had an actual staff for help dealing with the avalanche.

I could write for hours about our account configurations, settings, mail hosts, all that stuff. It didn't seem relevant to the core issue... but if it's useful, I'm happy to post it.

On a personal (and totally off-topic) note, when was the last time you took a vacation? When was the last time you curled your toes in some warm sand on a sunny beach somewhere? I sorta get the impression that you might find a break beneficial, so that's why I ask.

Respectfully,

Paul

Thanks for the link, Jeff G. I skimmed it and will study it in detail later (it's late and time to turn off this silly box, go get dinner, and find out how my sweetie's day worked out).

Share this post


Link to post
Share on other sites
I provided that report ID in the hope that it might be useful... I remember reading somewhere in the rules for posting that it might be useful and tried to oblige. Sorry to have included something so useless. I'll carefully scan the FAQ for future guidance.
Hi Paul,

A tracking URL might help anyone with the knowledge and experience to advise you on filtering. The Report ID simply results in Authorization failure, no username provided by server; action = gettrack for anyone but you and the Deputies, you're not the first not to realize, just follow the FAQ called Getting a Tracking URL from a Report ID

It has to be getting to the stage where the typical general business office is just about ready to forgo any mail with a graphics content of any sort - most business have little use for that capability anyway (yeah, I know, realtors, car dealers and numerous others are exceptions) - in any event, I think most of us a getting heartily sick of being terrorized out of all sorts of functionality (not to mention reliabilty) due to the depredations of these spamming scum. It would be accordingly nice to think Jeff G's suggestion/request gets some consideration and attention before we have to cede yet more ground to them.

Share this post


Link to post
Share on other sites
It has to be getting to the stage where the typical general business office is just about ready to forgo any mail with a graphics content of any sort - most businesses have little use for that capability anyway ... most of us are heartily sick of being terrorized out of all sorts of functionality (not to mention reliability) due to the depredations of these spamming scum.

Thanks, Farelf. Sorry for the reply delay. We're busy here making billable work during another hectic political campaign season. Despite the ongoing spam assault, we manage to get some work done. What a concept, huh? (grin)

I can't help but wonder... if only our (money-grubbing, corrupt, corporate) congress had passed an anti-spam bill with real teeth, the Internet might still be useful, safe, sane, and productive. The Can-spam Act is so worse than useless that it's almost funny. Apparently, short term greed trumps a better world for everyone. Archaeologists will dig us up in a few thousand years and wonder why we screwed up the most important advance in human communication since the invention of the wheel.

You're probably correct in assuming that most businesses will eventually block all email that contains a graphic file attachment. We're considering the same policy here at art101.com. How sad. We'll probably only allow graphic attachments from trusted, white-listed clients and friends. The brief and wonderful days of an open Internet were killed by corrupt politicians, nutbag marketers, and jerkoff spammers.

Share this post


Link to post
Share on other sites
Sorry, Wazoo. Honestly didn't intend to open up a new can of worms for you to deal with. You clearly have enough stuff on your plate and everyone appreciates the work you do ("what life?").

Admission of fact. Until the early 80's, I had this memory thing going on .. not a photographic type, but a linking thing .. if I didn't actually have the answer, I knew where to go look it up. Part of that disappeared after a car accident. However, with that part of it that's still intact, coupled with that I read "everything" .... it is a struggle for me to remember at times that way too many folks simply come here and post a question .. doing any research just isn't in their makeup, background, training, whatever.

Compound that with the problem of folks generating Subject lines that may or may not actually relate to the content of their post, mis-using terminology within their posts, asking questins in a bad way (not enough data, wrong terms used, munging of the only data to use to try to answer, on and on ) Then add to that the placement of these posts.

As I said, the first reaction to this Topic was "seen this a dozen times at least in recent hstory" (or words to that effect, anyway) .... I started by looking at your previous posts to see if in fact you had made a duplicate post .. found that this wasn't true ... so then back to "where did I see this" and that answer was of course ..."all over the place" .... which also made it difficult to conjure up "a" link to 'that' previous post .... and that your query was so expansive, no way to easily find 'one' existing Topic to merge yours into ....

It didn't occur to me to poke around in the Lounge area, but I'll remember to check there in the future. I'm just not a lounge sort of guy. Based on the forum descriptions, I took my best shot when I finally decided to post.

I have the same problem with Moderating a lot of that also. Had the question had a few more words, been asked a little bit differently, it would have 'fit' one of the specific Forum sections .. but, the query was asked in such a way that 'Reporting' wasn't the issue raised, for instance. That this was the actual issue might come up several posts later, but by then ...????

In this particular situation, the small gif / stock spam / won't resolve / can't find the URL / won't report / on and on Subject lines and queries have shown up up in all Forum sections .... Most relate to a "Parsing & Reporting" complaint, but ... that's not where they were posted, not always the actual question asked, and the subsequent discussions can go all over the place .... how to handle the spam .. how to read the spam contents ... how to decode the graphic ... how/who else to report to .... where does all the money go ... again, by that time, it doesn't actually seem to fit into 'one' of the specific Forum sections ....

I tried search terms that seemed to make sense... investment, investor, words like that. I can't remember if I tried the word "stock" - and in retrospect, that's obviously an utterly stupid mistake. Live and learn.

Again, stuck on trying to search for something but having to guess at what words someone else chose to use. That's one of the things that gets me cussed at when trying to keep words and definitions on-track. The Dictionary and Glossary tools were put into place to try to help that situation .. explaining those terms when used 'here' ... but again, that's still based on the assumption that folks will use those resources .. and we all know, that isn't happening near enough ....

With all due respect, sometimes it feels a little like walking around on eggshells in here... that's why I hardly ever post and only do so when I'm genuinely exhausted.

From my perspective ... I have to monitor (and also contribute to help others) over a dozen Forums (and Forum sections) in order to stay ahead of things on just this Forum application. Another Forum/Wiki thing on the Wiki tool installed here (noting we were asked to work on the Alpha/Beta/Final release of the version now running here) .... I've got a Beta version of this application running on another server, which is also running a different OS, different versions of the underlying tools, and trying to keep up with the support Forums, bug tracking, etc. for that, knowing that the next 'final' release of that is also going to mean much modification to get that version looking close to this running version (which is still missing much of the stuff I had running in the previous version) .... I build/manage web-sites for other people on other hosts .... am currently providing some health care, cooking, laundry, errand-running, etc. for folks in eight different homes at present .... I still work on stuff brought to the door, including autos, chainsaws, lawnmowers, motorcycles, electronics, computers, on and on, (just what comes to mind at the moment) .... I tend to get a bit excited when I sit down here and read "I don't have the time to look it up" or the "I've looked everywhere" type statements.

If it makes sense to "start all over" and port similar posts into this 'new' topic, I'm glad to have helped. If it's just more fiddle-faddle, by all means delete this thread. I'll leave it in your capable hands.

Perhaps you're just pointing out that more FAQ entries need to be developed, another Wiki page created, etc. Yet, the struggle has actually been getting enough folks active enough to volunteer the time and effort in getting tha type of work accomplished. There's a recent newsgroup thread in that one user had a question, another user answered with "I don't know where the data is", I posted a remark about the existence of that data in the SpamCop FAQ (version) found here, second user went off on a tangent that my FAQ entry 'here' actually came from somewhere else and then went on to quote yet another source of the same data (also mentioning again that this data wasn't found in the 'real' SpamCop FAQ ...)[and having to note that this same user stated that a Wiki would be a great thing, yet he has failed to get around to contributing to the building of the Wiki tool I put into place]

I provided that report ID in the hope that it might be useful... I remember reading somewhere in the rules for posting that it might be useful and tried to oblige. Sorry to have included something so useless. I'll carefully scan the FAQ for future guidance.

Again, it's the Tracking URL that's helpful .... access to the contents of a Report ID are but to a few ...

Got it that there's no "team at SC" ...I just sorta assumed that since SC hooked up with Iron Port, JT (and Julian, for that matter) had an actual staff for help dealing with the avalanche.

The 'business deal' isn't really explained anywhere, but that was between Julian and IronPort .... as was the arrangement between Julian and JT .... IronPort didn't 'buy' JT's operation ...

On a personal (and totally off-topic) note, when was the last time you took a vacation? When was the last time you curled your toes in some warm sand on a sunny beach somewhere? I sorta get the impression that you might find a break beneficial, so that's why I ask.

"warm sand on a sunny beach" would have been possibly 1985 or so while stationed in Hawaii.

"vacation" would have to be considered an undefined word in my vocabulary, right up there next to "having money" <g>

Share this post


Link to post
Share on other sites
"vacation" would have to be considered an undefined word in my vocabulary, right up there next to "having money" <g>

Heh. Thanks for the backstory, Wazoo. Big grins here at art101.com while reading your reply. It's good to get a better picture of who you are and why you do what you do. Kudos for your time and care in the SC forums.

We're working (among many other projects) the Sacramento Housing Alliance (helping people find affordable housing in a realty market dominated by racketeers who make an utterly stupid amount of money peddling bloated McMansions and bulldozer economics).

Uh-oh... I'm drifting off-topic again. Sorry. Focus, Paul, focus!

OK. I'm still trying to figure out how to track down and stop the money-grubbing jerk(s) responsible for this ongoing stock market 'pump and dump' spam assault. The SEC seems overwhelmed, utterly lame, and/or (at best) resigned and unaccountable. The FTC and our elected representatives are so clearly distracted by war, fear, payola and greed that they're completely paralyzed.

Argh. Maybe SC admin and forum users could pool their reports and resources to stop this 'pump and dump' crap and discover who's behind it?

Your pal,

Paul

Share this post


Link to post
Share on other sites
<snip>

OK. I'm still trying to figure out how to track down and stop the money-grubbing jerk(s) responsible for this ongoing stock market 'pump and dump' spam assault. The SEC seems overwhelmed, utterly lame, and/or (at best) resigned and unaccountable. The FTC and our elected representatives are so clearly distracted by war, fear, payola and greed that they're completely paralyzed.

<snip>

...Not entirely. See thread "Stock spam", especially post 33 (May 2, 2006) and later. There are several other postings, mostly in the SpamCop Lounge forum, with stories of spammers of various stripes facing challenges.

Share this post


Link to post
Share on other sites
...Not entirely. See thread "Stock spam", especially post 33 (May 2, 2006) and later. There are several other postings, mostly in the SpamCop Lounge forum, with stories of spammers of various stripes facing challenges.

Thanks, turetzsr. That thread and Jeff G.'s earlier reply are interesting and useful. While the whole world waits for a solid filtering solution, art101.com has decided to kill all incoming mail containing any graphic files from untrusted senders (read: anybody we haven’t previously whitelisted). It'll all get flushed into a giant devnull black hole toilet. This is the best solution we can think of at the moment... and it’s unsatisfying on many levels.

Simply refusing to receive this avalanche of sh*t won’t stop it. Spammers punch through to millions of gullible users every minute, stealing terabytes of bandwidth from networks all over the planet. We want to find these psychopaths and stop them. It really isn’t difficult... just pay attention and follow the money. Spammers are a tiny minority of the millions of decent people who use the net... and yet we allow them to wreck it for the rest of us. Why do we allow them to wreck the net for the rest of us?

But the real shame here is how an amazing avenue of communication is being killed. The free flow of ideas and information is stifled and twisted and conned and scammed. Damn those politicians who wrote and signed that worse than useless ‘Can-spam’ act... and the corporate lobbyists who bought them. Historians (assuming our species can survive long enough to have a history) will marvel at our legislative idiocy.

I love receiving email from strangers all over the world... artwork, songs, ideas, poems, news, lyrics, snapshots, stories... the surprising messy light that makes life worth living. And now, every day, we chop ourselves off at the knees... cuz a few money-grubbing jerks steal our time and bandwidth to peddle crap we didn’t ask for and do not want. Maybe humankind is still too stupid for the Internet. Maybe it’s just a tower of babel.

Oops. Yikes. I’m so way off topic. Long day. Me go sleepy bye now. We finished up a long session here at the studio this weekend... you can hear the song here.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×