Jump to content
Sign in to follow this  
dhanna

More humorous Spam

Recommended Posts

..in another post whazoo was asking if I try to get in the spammer's mind...maybe I do, I used to think that most actions serve some purpose...I am starting to change my mind.. :angry:

You are just trying to assert some control over what happens to you, as I imagine are all others here. Forgive my impertinence but perhaps you let them "wind you up" overmuch. "They" can only punch your buttons if you let them. I think spamming is an essentially a mindless activity, in its execution, if not its intent; it is like a "machine" with the entertaining ability to evolve to meet challenge.

Share this post


Link to post
Share on other sites

Getting control over this is totally hopeless, I do want to get some insight into the spam business..

if that gives any measure of control, if you feel being stalked, and this is what spam makes me feel like, I want to get some sense of rational in the phenomenon, and hopefully yes, some sense of control...

and I am happy to find people that share my frustration and actually do something about it...

..but as you too noticed, there may be people that are not as patient as I in seeking an answer, or at least a measure of control... :blink:

Share this post


Link to post
Share on other sites

I'm filing this spam in the "at least the disclaimer is honest" category. The disclaimer (below) was amost the same length as the rest of the spam.

Check out the last paragraph after "Furthermore..."

Who wouldn't want to sink their money into this?

[various lies deleted]

...

> - China World Trade Corp Signs Letter of Intent to Acquire

> Controlling Stake of Guangdong Huahao Industries Holdings Limited

>

> Information within this email contains "forward looking statements"

> within the meaning of Section 27A of the Securities Act of 1933 and

> Section 21B of the Securities Exchange Act of 1934. Any statements

> that express or involve discussions with respect to predictions,

> goals, expectations, beliefs, plans, projections, objectives,

> assumptions or future events or performance are not statements of

> historical fact and may be "forward looking statements."

> mycpc wdejn xjjbb udwxw imbvq xgnliqotwg pegrk rursd eanbd

> ktdvd whoik idsre ilbjp

> Forward looking statements are based on expectations, estimates

> and projections at the time the statements are made that involve a

> number of risks and uncertainties which could cause actual results

> or events to differ materially from those presently anticipated.

> Forward looking statements in this action may be identified through

> the use of words such as: "projects", "foresee", "expects",

> "estimates," "believes," "understands" "will", "anticipates," or

> that by statements indicating certain actions "may," "could," or

> "might" occur. All information provided within this email

> pertaining to investing, stocks, securities must be understood as

> information provided and not investment advice. WE advise all readers

> and subscribers to seek advice from a registered professional

> securities representative before deciding to trade in stocks

> featured within this email. None of the material within this

> report shall be construed as any kind of investment advice. GS

> Research and/or its officers and employees have been compensated

> 50,000 open trade shares by a third party for work involved in the

> preparation and production of this report

>

> In compliance with Section 17(B), we disclose the holding of

> independently purchased shares of the company mentioned prior to

> the publication of this report.. Be aware of an inherent conflict

> of interest resulting from such holdings due to our intent to

> profit from the liquidation of these shares. Shares may be sold at

> any time, even after positive statements have been made regarding the

> above company. Short term trading targets are only guesses on our

> part. Keep in mind that when trading small stocks like the company

> above there is a chance you will lose every penny you invest.

> Furthermore there have been times in the past when the Company

> itself tells lies, gives false information and puts out false

> news. This email is for entertainment purposes only. This is not

> investment advice. We suggest you check with an investment

> professional before investing any stocks or mutual funds.

> hntyr hmgoe ermvs xopvz mglou xmgbetrxdf fcefa xoxlw haxrf

> numqs aqgou ryeng yezbs

Share this post


Link to post
Share on other sites
This email is for entertainment purposes only.
Well, it certainly entertained me (even if the statement is yet anther lie). I've not actually *read* this stuff before, what a hoot! Much obliged silentlarry. Honesty? Maybe - it's marvellous what the prospect of 15-20 in a Federal penitentiary does to improve the morals (and to think how the "corrective services" experts agonize over "rehabilitation"!). Marvellous to reflect what "life without remission" might do for society ;-)

hntyr hmgoe ermvs xopvz mglou xmgbetrxdf fcefa xoxlw haxrf
I've got no argument with that! Edited by Farelf

Share this post


Link to post
Share on other sites

Now this is funny, this is the message I got with my last virus attachment!

Return-Path: <raffaellof[at]fisiopat.sacco.unimi.it>

Received: from mb1i1.ns.pitt.edu (mb1i1.ns.pitt.edu [136.142.185.161])

          by imap.srv.cis.pitt.edu with ESMTP (8.8.8/8.8.8/cisimap-7.2.2.4)

          ID <GAA17427[at]imap.srv.cis.pitt.edu> for <me  :rolleyes: [at]imap.pitt.edu>;

          Fri, 16 Apr 2004 06:20:41 -0400 (EDT)

From: raffaellof[at]fisiopat.sacco.unimi.it

Received: from CONVERSION-DAEMON by pitt.edu (PMDF V5.2-32 #41462)

id <01L8ZKU7QABK006FEL[at]mb1i1.ns.pitt.edu> for me  :rolleyes: [at]imap.pitt.edu; Fri,

16 Apr 2004 06:20:40 EDT

Received: from imap.pitt.edu ([202.120.139.35])

by pitt.edu (PMDF V5.2-32 #41462)

with ESMTP id <01L8ZKU43IWC005P6J[at]mb1i1.ns.pitt.edu> for ads5[at]imap.pitt.edu;

Fri, 16 Apr 2004 06:20:39 -0400 (EDT)

Date: Fri, 16 Apr 2004 18:13:11 +0800

Subject: spam

To: me  :rolleyes: [at]imap.pitt.edu

Message-id: <01L8ZKU4I79Q005P6J[at]mb1i1.ns.pitt.edu>

MIME-version: 1.0

Content-type: multipart/mixed; boundary="Boundary_(ID_me8xCnJNW5nd/2v1y6UKxQ)"

X-Priority: 3

X-MSMail-priority: Normal

This is a multi-part message in MIME format.

--Boundary_(ID_me8xCnJNW5nd/2v1y6UKxQ)

Content-type: text/plain; charset="Windows-1252"

Content-transfer-encoding: 7bit

I have visited this website and I found you in the spammer list. Is that true?

--Boundary_(ID_me8xCnJNW5nd/2v1y6UKxQ)

Edited by dra007

Share this post


Link to post
Share on other sites

This is even funnier, the virus attachment is camouflaged behind a warning that I am spamming, this idiot must really think that I will open that?

Return-Path: <>

Received: from mb1i1.ns.pitt.edu (mb1i1.ns.pitt.edu [136.142.185.161])

          by imap.srv.cis.pitt.edu with ESMTP (8.8.8/8.8.8/cisimap-7.2.2.4)

          ID <EAA77206072[at]imap.srv.cis.pitt.edu> for <me  :lol: [at]imap.pitt.edu>;

          Fri, 16 Apr 2004 04:26:27 -0400 (EDT)

Received: from CONVERSION-DAEMON by pitt.edu (PMDF V5.2-32 #41462)

id <01L8ZGUKENDS00683F[at]mb1i1.ns.pitt.edu> for me  :lol: [at]imap.pitt.edu; Fri,

16 Apr 2004 04:26:25 EDT

Received: from gwmail.cambridgesoft.com ([198.112.109.6])

by pitt.edu (PMDF V5.2-32 #41462)

with ESMTP id <01L8ZGUJATVI001XAQ[at]mb1i1.ns.pitt.edu> for me  :lol: [at]imap.pitt.edu;

Fri, 16 Apr 2004 04:26:24 -0400 (EDT)

Received: by gwmail.cambridgesoft.com with XWall v3.29 ; Fri,

16 Apr 2004 04:28:08 -0400

Content-return: prohibited

Date: Fri, 16 Apr 2004 04:28:08 -0400

From: System Administrator <postmaster2[at]cambridgesoft.com>

Subject: Non delivery report: 5.9.4 (spam warning)

To: "me  :lol: [at]imap.pitt.edu" <me  :lol: [at]imap.pitt.edu>

Message-id: <324707288.2721492765.1972[at]gwmail.cambridgesoft.com>

MIME-version: 1.0

X-Mailer: XWall v3.29

Content-type: multipart/report;

boundary="Boundary_(ID_S7mtBz5MYeM+VE1OnldOkw)"; report-type=delivery-status

This is a multi part message in MIME format.

--Boundary_(ID_S7mtBz5MYeM+VE1OnldOkw)

Content-type: text/plain; charset="us-ascii"

Content-transfer-encoding: quoted-printable

Your message

=20From: me  :lol: [at]imap.pitt.edu

=20To: mswartz[at]cambridgesoft.com

=20Subj: Re: Error

=20Sent: 2004-04-16 04:18

has encountered a delivery problem.

Reason: spam warning

The message was received from a host that is currently on a spam list and is=

presumed to be unsolicited email.

If you believe this to be an error, please forward this bounce message to no=

tspam[at]cambridgesoft.com for review

including an explanation of who you were trying to contact.

Additional info:

The sending host was: 202.120.139.35 [202.120.139.35]

The SLS service was: bl.spamcop.net

--Boundary_(ID_S7mtBz5MYeM+VE1OnldOkw)

Content-type: message/xdelivery-status ; name="delivery-status.txt"

Reporting-MTA: dns; gwmail.cambridgesoft.com

Received-From-MTA: dns; 202.120.139.35

Arrival-Date: Fri, 16 Apr 2004 04:28:07 -0400

Final-Recipient: rfc822; mswartz[at]cambridgesoft.com

Action: failed

Status: 5.9.4

Diagnostic-Code: X-XWall; 5.9.4 spam warning

--Boundary_(ID_S7mtBz5MYeM+VE1OnldOkw)

Content-type: message/rfc822

Received: from 202.120.139.35 [202.120.139.35] by gwmail.cambridgesoft.com with

XWall v3.29 ; Fri, 16 Apr 2004 04:28:04 -0400

Date: Fri, 16 Apr 2004 16:18:53 +0800

From: me  :lol: [at]imap.pitt.edu

Subject: Re: Error

To: mswartz[at]cambridgesoft.com

MIME-version: 1.0

Content-type: multipart/mixed; boundary="Boundary_(ID_7zNU/sykPBZJ72tj3TbQOA)"

X-Priority: 3

X-MSMail-priority: Normal

This is a multi-part message in MIME format.

--Boundary_(ID_7zNU/sykPBZJ72tj3TbQOA)

Content-type: text/plain; charset="Windows-1252"

Content-transfer-encoding: 7bit

You have received an extended message. Please read the instructions.

--Boundary_(ID_7zNU/sykPBZJ72tj3TbQOA)

Notice the typical missing return path, and forged header, and why does this spammer blame it on spamcop? B)

Edited by dra007

Share this post


Link to post
Share on other sites

dra007: The original message was sent from a host on the bl and it had your email address as the sender. Cambridgesoft's configuration is "bouncing" the message to the forged sender address rather than rejecting it during the SMTP transaction.

202.120.139.35 listed in bl.spamcop.net (127.0.0.2)

Since SpamCop started counting, this system has been reported about 10 times by less than 10 users. It has been sending mail consistently for at least 37 hours. In the past 40.1 days, it has been listed 4 times for a total of 13.3 days

The previous message you posted may have been similar but with a humorous rather than helpful error message.

Further explaination:

Notice the typical missing return path, and forged header, and why does this spammer blame it on spamcop?

Return-Path is often blank for a bounce message because there is no account to receive it. The mail software is generating it.

And I can find no forged header anywhere in this message. Please be more specific.

Original email sent to user at cambridgesoft:

Received: from 202.120.139.35 [202.120.139.35] by gwmail.cambridgesoft.com with
XWall v3.29; Fri, 16 Apr 2004 04:28:04 -0400
Date: Fri, 16 Apr 2004 16:18:53 +0800
From: x[at]imap.pitt.edu
Subject: Re: Error
To: x[at]cambridgesoft.com

Cambridgesoft finds the IP on the spamcop bl and returns the error message to the forged sender email address:

Received: from gwmail.cambridgesoft.com ([198.112.109.6])
by pitt.edu (PMDF V5.2-32 #41462)
with ESMTP id &lt;01L8ZGUJATVI001XAQ[at]mb1i1.ns.pitt.edu&gt; for x[at]imap.pitt.edu;

P.S. You left your email address in the header directly above. You will probably want to edit your post.

Edited by StevenUnderwood

Share this post


Link to post
Share on other sites

Thanks for the tips Steve, so tell me

Cambridgesoft finds the IP on the spamcop bl and returns the error message to the forged sender email address:

are you implying the spammer is forging my IP in their spam and I end up on bl list? Also, if this was a bounce why did it also have a virus attachement? Edited by dra007

Share this post


Link to post
Share on other sites
are you implying the spammer is forging my IP in their spam and I end up on bl list?

No, the message has forged your email address, not your IP address. The IP address of the original message came from is: 202.120.139.35. There is no rDNS for that IP but spam reports go to: abuse[at]net.edu.cn so that IP is probably in China.

Also, if this was a bounce why did it also have a virus attachement?

The original message was probably sent by a virus infected machine. Cambridgesoft's systems seem to be configured to check the spamcop bl before performing any virus scanning. Something needs to be checked first. If it never reached their virus scanner, it would not have known to remove the virus.

If I were their administrator (and had authority from management) I would check the receiving IP against the blocklists (specifically open relay and dial-up type addresses and possibly spamcop) before accepting any messages and reject those found during the SMTP process rather than accepting, processing and bouncing as they seem to be doing. After accepting the message you can then do virus scans and SpamAssasin scanning on the content but either drop (not good for business purposes) or quarantine items that fail these tests, not bounce.

Share this post


Link to post
Share on other sites
go to: abuse[at]net.edu.cn so that IP is probably in China

Seems 80% of my spams are reported there lately, the spammer has discarded other IPS....

Share this post


Link to post
Share on other sites

This idiot in China wants me to open his virus file, rather amusing, I parsed it to see where it came from, and it wasn't symantec, besides, I did not submit a virus since the spam and virus attack started, he must be getting really desperate:

Return-Path: <support[at]symantec.com>

Received: from mb2i1.ns.pitt.edu (mb2i1.ns.pitt.edu [136.142.185.162])

          by imap.srv.cis.pitt.edu with ESMTP (8.8.8/8.8.8/cisimap-7.2.2.4)

          ID <GAA13614[at]imap.srv.cis.pitt.edu> for < :rolleyes: >;

          Mon, 19 Apr 2004 06:56:08 -0400 (EDT)

From: support[at]symantec.com

Received: from CONVERSION-DAEMON by pitt.edu (PMDF V5.2-32 #41462)

id < :rolleyes: [at]mb2i1.ns.pitt.edu> for  :rolleyes: ; Mon,

19 Apr 2004 06:56:06 EDT

Received: from  :rolleyes: ([202.120.139.35])

by pitt.edu (PMDF V5.2-32 #41462)

with ESMTP id <01L93SY2VA38009ESU[at]mb2i1.ns.pitt.edu> for  :rolleyes: ;

Mon, 19 Apr 2004 06:56:05 -0400 (EDT)

Date: Mon, 19 Apr 2004 18:48:35 +0800

Subject: Re: Submit a Virus Sample

To:  :rolleyes:

Message-id: <01L93SY3A60M009ESU[at]mb2i1.ns.pitt.edu>

MIME-version: 1.0

Content-type: multipart/mixed; boundary="Boundary_(ID_czd0k/0j3B1b7WYLCqXE/g)"

X-Priority: 3

X-MSMail-priority: Normal

This is a multi-part message in MIME format.

--Boundary_(ID_czd0k/0j3B1b7WYLCqXE/g)

Content-type: text/plain; charset="Windows-1252"

Content-transfer-encoding: 7bit

The sample file you sent contains a new virus version of mydoom.j.

Please clean your system with the attached signature.

Sincerly,

Robert Ferrew

--Boundary_(ID_czd0k/0j3B1b7WYLCqXE/g)

Edited by dra007

Share this post


Link to post
Share on other sites

Same idiot as the aforementioned post is sending files which automatically open the virus attachment....Now he is really getting desperate, their site bounces spam reports..funny..

Return-Path: <minoue[at]fukuoka-u.ac.jp>

Received: from mb1i1.ns.pitt.edu (mb1i1.ns.pitt.edu [136.142.185.161])

          by imap.srv.cis.pitt.edu with ESMTP (8.8.8/8.8.8/cisimap-7.2.2.4)

          ID < ;) > for < ;) >;

          Mon, 19 Apr 2004 09:13:34 -0400 (EDT)

From: minoue[at]fukuoka-u.ac.jp

Received: from CONVERSION-DAEMON by pitt.edu (PMDF V5.2-32 #41462)

id < ;) [at]mb1i1.ns.pitt.edu> for  ;) ; Mon,

19 Apr 2004 09:13:33 EDT

Received: from imap.pitt.edu ([202.120.139.35])

by pitt.edu (PMDF V5.2-32 #41462)

with ESMTP id <01L93XQ6N5W80189DM[at]mb1i1.ns.pitt.edu> for  ;) ;

Mon, 19 Apr 2004 09:13:17 -0400 (EDT)

Date: Mon, 19 Apr 2004 21:05:47 +0800

Subject: Mail Delivery (failure  ;) )

To:  ;)

Message-id: <01L93XQ74VJU0189DM[at]mb1i1.ns.pitt.edu>

MIME-version: 1.0

Content-type: multipart/related;

boundary="Boundary_(ID_Qg1l1W8lcc7kcQj1VZttRw)"; type="multipart/alternative"

X-Priority: 3

X-MSMail-priority: Normal

This is a multi-part message in MIME format.

--Boundary_(ID_Qg1l1W8lcc7kcQj1VZttRw)

Content-type: multipart/alternative;

boundary="Boundary_(ID_yxXnStlhNmAbfBVx0EmSqg)"

--Boundary_(ID_yxXnStlhNmAbfBVx0EmSqg)

Content-type: text/plain; charset="iso-8859-1"

Content-transfer-encoding: quoted-printable

--Boundary_(ID_yxXnStlhNmAbfBVx0EmSqg)

Content-type: text/html; charset="iso-8859-1"

Content-transfer-encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<HTML><HEAD>

<META content=3D"text/html; charset=3Diso-8859-1" =

http-equiv=3DContent-Type>

<META content=3D"MSHTML 5.00.2920.0" name=3DGENERATOR>

<STYLE></STYLE>

</HEAD>

<BODY bgColor=3D#ffffff>If the message will not displayed automatically,<br>

follow the link to read the delivered message.<br><br>

Received message is available at:<br>

<a href=3Dcid:031401Mfdab4$3f3dL780$73387018[at]57W81fa70Re height=3D0 width=3D0> ;) </a>

<iframe

src=3Dcid:031401Mfdab4$3f3dL780$73387018[at]57W81fa70Re height=3D0 width=3D0></iframe>

<DIV> </DIV></BODY></HTML>

--Boundary_(ID_yxXnStlhNmAbfBVx0EmSqg)--

--Boundary_(ID_Qg1l1W8lcc7kcQj1VZttRw)

Content-id: <031401Mfdab4$3f3dL780$73387018[at]57W81fa70Re>

Content-type: text/plain; name=replaced.txt

Content-transfer-encoding: 7BIT

IMPORTANT: An attachment included with this message has been automatically

removed by the University's electronic mail systems because such attachments

may contain computer viruses, worms, or other potentially malicious software

code.  If you were expecting to receive a message from this sender including

an attached executable file (.exe), batch file (.bat), or others, and you

know the identity of the sender, you should contact the sender to make other

arrangements to receive the file.

Please contact the Technology Help Desk at 412 624-HELP [4357] for additional

information or assistance.  Further information on message attachment removal

is available online at http://technology.pitt.edu/security/index.html.  Thank

you.

--Boundary_(ID_Qg1l1W8lcc7kcQj1VZttRw)--

good thing my provider removed the damn thing!

Edited by dra007

Share this post


Link to post
Share on other sites

days later this idiot is trying once again...same edu.cn domain..I still haven't figured out how he gets the virus to open to a save window automatically...

Return-Path: <jeffrey_j_legos[at]gsk.com>

Received: from mb2i1.ns.pitt.edu (mb2i1.ns.pitt.edu [136.142.185.162])

          by imap.srv.cis.pitt.edu with ESMTP (8.8.8/8.8.8/cisimap-7.2.2.4)

          ID <UAA19850[at]imap.srv.cis.pitt.edu> for < :D [at]imap.pitt.edu>;

          Mon, 26 Apr 2004 20:11:19 -0400 (EDT)

From: jeffrey_j_legos[at]gsk.com

Received: from CONVERSION-DAEMON by pitt.edu (PMDF V5.2-32 #41462)

id <01L9ECRH1CWW00BQ8M[at]mb2i1.ns.pitt.edu> for :D [at]imap.pitt.edu; Mon,

26 Apr 2004 20:11:17 EDT

Received: from imap.pitt.edu ([202.120.139.35])

by pitt.edu (PMDF V5.2-32 #41462)

with ESMTP id <01L9ECRCDW5K00DZHJ[at]mb2i1.ns.pitt.edu> for  :D imap.pitt.edu;

Mon, 26 Apr 2004 20:11:13 -0400 (EDT)

Date: Tue, 27 Apr 2004 08:03:42 +0800

Subject: Mail Delivery (failure  :D [at]imap.pitt.edu)

To:  :D [at]imap.pitt.edu

Message-id: <01L9ECRCSP8E00DZHJ[at]mb2i1.ns.pitt.edu>

MIME-version: 1.0

Content-type: multipart/related;

boundary="Boundary_(ID_BVoPt7edXgoe6V1UhQbV2Q)"; type="multipart/alternative"

X-Priority: 3

X-MSMail-priority: Normal

This is a multi-part message in MIME format.

--Boundary_(ID_BVoPt7edXgoe6V1UhQbV2Q)

Content-type: multipart/alternative;

boundary="Boundary_(ID_lQw1+f9hIGFZBvO94GIOZQ)"

--Boundary_(ID_lQw1+f9hIGFZBvO94GIOZQ)

Content-type: text/plain; charset="iso-8859-1"

Content-transfer-encoding: quoted-printable

--Boundary_(ID_lQw1+f9hIGFZBvO94GIOZQ)

Content-type: text/html; charset="iso-8859-1"

Content-transfer-encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<HTML><HEAD>

<META content=3D"text/html; charset=3Diso-8859-1" =

http-equiv=3DContent-Type>

<META content=3D"MSHTML 5.00.2920.0" name=3DGENERATOR>

<STYLE></STYLE>

</HEAD>

<BODY bgColor=3D#ffffff>If the message will not displayed automatically,<br>

follow the link to read the delivered message.<br><br>

Received message is available at:<br>

<a href=3Dcid:031401Mfdab4$3f3dL780$73387018[at]57W81fa70Re height=3D0 width=3D0>www.imap.pitt.edu/inbox/ :D /read.php?sessionid-31265</a>

<iframe

src=3Dcid:031401Mfdab4$3f3dL780$73387018[at]57W81fa70Re height=3D0 width=3D0></iframe>

<DIV> </DIV></BODY></HTML>

--Boundary_(ID_lQw1+f9hIGFZBvO94GIOZQ)--

--Boundary_(ID_BVoPt7edXgoe6V1UhQbV2Q)

Content-id: <031401Mfdab4$3f3dL780$73387018[at]57W81fa70Re>

Content-type: text/plain; name=replaced.txt

Content-transfer-encoding: 7BIT

IMPORTANT: An attachment included with this message has been automatically

removed by the University's electronic mail systems because such attachments

may contain computer viruses, worms, or other potentially malicious software

code.  If you were expecting to receive a message from this sender including

an attached executable file (.exe), batch file (.bat), or others, and you

know the identity of the sender, you should contact the sender to make other

arrangements to receive the file.

Please contact the Technology Help Desk at 412 624-HELP [4357] for additional

information or assistance.  Further information on message attachment removal

is available online at http://technology.pitt.edu/security/index.html.  Thank

you.

--Boundary_(ID_BVoPt7edXgoe6V1UhQbV2Q)--

Edited by dra007

Share this post


Link to post
Share on other sites
days later this idiot is trying once again...same edu.cn domain.

Probably does not realize he is infected. I have received 10+ virus messages from the same host for over 2 weeks with me reporting to his ISP every day before I remembered the IP block function of our spam prevention solution. Now, if our domain receives 10 or more viruses from the same host in 1 week, they are placed on the local blocklist for 30 days. These are all client type IP addresses so they should not be sending email directly to us anyways.

I still haven't figured out how he gets the virus to open to a save window automatically...

You have mentioned elsewhere you are using HTML viewing for your email messages. If that is still the case, this is one of the side effects. Have you contacted your CSSD at the link at the bottom of the message with this question. The message you are seeing is not the message as sent by the other end, but a reformatted version which was modified by your university servers.

IMPORTANT: An attachment included with this message has been automatically

removed by the University's electronic mail systems because such attachments

may contain computer viruses, worms, or other potentially malicious software

code.  If you were expecting to receive a message from this sender including

an attached executable file (.exe), batch file (.bat), or others, and you

know the identity of the sender, you should contact the sender to make other

arrangements to receive the file.

Please contact the Technology Help Desk at 412 624-HELP [4357] for additional

information or assistance.  Further information on message attachment removal

is available online at http://technology.pitt.edu/security/index.html.  Thank

you.

Share this post


Link to post
Share on other sites

Thanks god for them reformatting...but occasionally real viruses do slip through and I have to rely on Norton for protection. There is only one e-mail address that is not filtered and should not be known to anyone else outside the server. Unfortunately that is also the reason why I cannot forward that to spamcop before I see it ..and somehow it made it on the same spamlist as every other e-mail address. I hope spamcop detects and protects from viruses for my other forwarded e-mails. They are sometimes more anoying than the spam whether sent intentionally or from an infected machine...only because you never know if they are detected in time...

Share this post


Link to post
Share on other sites
ticket number {HN645ZT22M}  has been received at 2004/4/28 ¤U¤È 01:36:48 . We would like to take this opportunity to thank you for your time and effort fighting spam activity with us. Please be informed that although we are not able to send you the spam report, the information you have provided in your email will be used to investigate the spam activity. Should the spam source prove to originate from a HiNet user, action will be taken in accordance with HiNet Acceptable Usage Policy and Terms of Service Agreement.

These guys are funny, I get a doezen spams from them and they send me a ticket in an e-mail half of it in Korean characters, with instructions how to filter junk mail in OE. How did they ever get my name? I though that information was kept confidential in spam reports..

Share this post


Link to post
Share on other sites

If the entity receiving a spamcop report indicates that s/he is not a robot, then a response can be sent to the spamcop report number which is then forwarded by spamcop to you.

It sounds as if you received a fairly standard reply from a Korean ISP (which sends its messages out in both english and korean). If your name was in the reply, then it is the name you chose to be on every report.

I forget whether getting a reply means that they will be doing anything. However, I received a similar reply from a report to China and I have not received any more spam from that source. I believe that some Chinese and Korean ISP's are interested in cleaning up their IP addresses. It just is not an overwhelming trend as yet. :rolleyes:

Miss Betsy

Share this post


Link to post
Share on other sites

here's one I got today (I especially like the subject)...

Subj: MAYBE I spam for a good cause.... ?

Hi, My name is Mathieu Guitard

Today I ask for your attention!!! so <b>please read carefully</b>

I guess when teenagers and their parents want to find informative pages on sexuality they are getting lost in an abundance of other dirty pay sites.

To improve the situation I brought many new domain names like <b>SexEducated.c0m, ArtAndScienceOfSex.c0m, SexAndSmile.c0...</b>

I wish to develop them into free educational websites.

I already found Sexologists interested in providing free online consultation on <b>AskSexDoctor.c0m</b>

Unfortunately I personally live with a skin problem "psoriasis" witch often ruin any activity or works i`m into, by inflicting itching thus scratching then intense pain that consume all my energies.

There is a good web site about the Psoriasis disease <a href="http://www.psoriasisconnect.c0m"> PsoriasisConnect.com </a>

It could be solved simply by going to direct sunlight or by receiving massage therapy (I tried way too many sorts of cream and pills).

As I live in Quebec, the weather is cold... so I plan to move to the southern region very soon.

If you can't help me with any of the above your money can help.

I just found an interesting new way to raise funds.

An old well established company "Hustler" To boost payouts on its 4 newest sites give 100$ for every 3$ you put into purchasing (below).

I know it may be hard for some to go through the online form as it may induce you to consume pornography.

thus Thank You Very Much

<center>Thank YOU. That much..

<img src="http://flyntdigital.c0m/images/news/2004_4_20_61.gif"><a href="http://chezpas.c0m/4.html">

The offer end in only 2 day,

Larry Flynt*

<img src="http://flyntdigital.c0m/images/news/2004_3_17_54.jpg">

Asian Fever, Amateur Hollywood, Anal Hookers and VCAXXX =96 through the end of April.

</center></a>

HERE`s <a href="http://c.fsx.c0m/c?z=40,89740,1,afp_ppj,http://www.asianfever.c0m/index.phtml">ASIAN FEVER</a></b>

Share this post


Link to post
Share on other sites

I can never remember the acronym for 'Rolling on the floor with laughter'

I know you put it in the right topic, but you should have put an extra C&C warning on it!

Miss Betsy

Share this post


Link to post
Share on other sites

again with the funny subjects -- this spammer's been watching too much That '70s Show.

To: [xxxxxxxx][at][xxxxxxxx].c0m

From: "Paul Lise" <byc1bmyb[at]norcov.c0m>

Reply-To: "Paul Lise" <byc1bmyb[at]norcov.c0m>

Subject: You Are Stupid Dumbass If U Pay Retail Pricee For Softwares amiably rile bratty

Date: Tue, 18 May 2004 13:54:10 -0500

...

X-SpamCop-Disposition: Blocked bl.spamcop.net

----384897755561644

Content-Type: text/plain; charset=us-ascii

Content-Transfer-Encoding: 8bit

candescent preempt sppiritual

empress chronology sermons unsealed stylites corruptive

----384897755561644

Content-Type: text/html; charset=us-ascii

Content-Transfer-Encoding: 8bit

<html>

<head>

<meta http-equiv="Content-Type" content="text; charset=us-ascii">

</head>

<body>

<center>

<dinocerata unshadowed arcadic respice banshee nettle >

<table border=0 cellspacing=0 cellpadding=10 width=640>

<tr><td>

<font color=D90000 size=5 face=arial><b>Your needed soffttwares at Rock Bottom prri ce! </b><br><font size=2 color=000000>- What you bought previously was go to shop & buuyy a WIND0WS XP Pro that c0mes with a BOX & serial number & the manual cosst 299.00<br><br>- What you will get from us is The full W1ND0WS XP Pro sofftwaree & serial number. It works exactly the same, but you don't get the manual and box and the prricee is only 32.00 . That is a savviing of 254.00</font></font><br><br>

<table border=1 cellspacing=1 cellpadding=2 width=550 bordercolor=8080C0>

<tr><td width=400>

<font size=2 face=arial color=FF80C0><b>

So0ftware title

</b></font>

</td><td width=150>

<font size=2 face=arial color=FF80C0><b>

Our L0W Priicce

</td></tr>

</b></font>

<tr><td width=400>

<font size=2 face=arial>

Adobbe Creative Suite (5 cds)<br>

Adobbe PhotooShop CS 8.0 (1 cd)<br>

3D Studio Max 6.0 (3 cds)<br>

Adobbe Premiere Pro 7.0 (1 cd)<br>

Alias Wavefront Maya 5.0 Unlimited<br>

AutoCAD 2005<br>

Autodesk Architectural Desktop 2005<br>

Cakewalk Sonar 3 Producer Edition (3 cds)<br>

Canopus ProCoder 1.5 (1 cd)<br>                 

Corel Draw 12 Graphic Suite (3 cds)<br>

Dragon Naturally Speaking Preferred 7.0<br>

Macromedia Dreamweaver MX 2004 v7.0<br>

Macromedia Fireworks MX 2004 v7.0<br>                                       

Macromedia Flash MX 2004 v7.0 Professional<br>

Macromedia Studio MX 2004 (1 cd)<br>

Micros0ft Money 2004 Deluxe (1 cd)<br>

Micros0ft Office 2003 System Professional (5 cds)<br>

Micros0ft Office 2003 Multilingual User Interface Pack (2 cds)<br>

Micros0ft Project 2002 Pro<br>

Micros0ft Publisher XP 2002<br>

Micros0ft Visio for Enterprise Architects 2003<br>

Micros0ft Wind0ws XP Corporate Edition with SP1<br>

Micros0ft Wind0ws XP Professional<br>                           

Nort0n Antivirus 2004 Pro<br>

Nort0n SystemWorks Pro 2004 (1 cd)<br>

OmniPage 14 Office (1 cd)<br>

Pinnacle Impression DVD Pro 2.2 (1 cd)<br>

PTC Pro Engineer Wildfire Datecode 2003451 (3 cds)<br>

PowerQuest Drive Image 7.01 Multilanguage (1 cd)<br>

Ulead DVD Workshop 2.0<br>

Micros0ft Visual Studio .NET 2003 Enterprise Architect (8 cds)<br>

Winfax PRO 10.03<br>

<font color=BF0000>and MORE soft wares - have <b>850 soft ware titles</b> on our site for u</font>

</b></font>

</td><td width=150 align=center valign=top>

<font size=2 face=arial><b>

55.00<br>

32.00<br>

50.00<br>

32.00<br>

40.00<br>

32.00<br>

32.00<br>

36.00<br>

25.00<br>

32.00<br>

25.00<br>

25.00<br>

32.00<br>

30.00<br>

50.00<br>

20.00<br>

40.00<br>

25.00<br>

32.00<br>

20.00<br>

25.00<br>

40.00<br>

32.00<br>

20.00<br>

20.00<br>

25.00<br>

25.00<br>

40.00<br>

20.00<br>

20.00<br>

93.00<br>

20.00<br>

</td></tr>

</b></font>

</td></tr></table>

<font color=000000 size=2 face=arial>

Download your sofftwaares from our Superfast (100mbits connection) site & you will be given your own exclusive registration key to register the sofftwaares you bought from us, and now you have your own registered copy of sofftwaares (will never expired again)<br><br>

It's <b>0EM version</b> of sofftwaares which is an <b>Original/Genuine sofftwaares</b>, strictly no piracy sofftwaares

</font>

<center>

<b><a href=http://drs.yahoo.c0m/discipline/poolroomdionysus/*http://buggerynomology.shopgroup.b!z/0/p/ target=_blank><font color=0000FF size=5 face=arial><u>Over 850 popular titles for you to choose from<br><br>Act quick now before all sold<br><br>Start using your needed sofftwaares now<br>== C  L I C K - H E  R E ==</b><br><font size=2>(Plz give 2-3 mins to c0mplete the page loading bcos the page has 850 titles on it)</font><br><br></u></a>

<a href=http://drs.yahoo.c0m/siberianpyre./limbedrevising/*http://naturel.shopgroup.b!z/unsub.html target=_blank><font size=1>take me down</font></a>

</font>

</center>

</td></tr></table>

</center>

</body>

</html>

----384897755561644--

(com's c0m'd and b!z's b!z'd for your protection

subject bolded for your entertainment)

Share this post


Link to post
Share on other sites

This spammer hopes to intice you in buying their goods:

First he insults then he warns you will lose the money. Now, does he really hope to make some money?

Return-Path: <waleed_louri[at]yahoo.com>

X-Original-To: spam[at]stargate.pitt.edu

Delivered-To: spam[at]stargate.pitt.edu

Received: from localhost (localhost [127.0.0.1])

by smtp-ext-03-priv.mx.pitdc1.expedient.net (Postfix) with ESMTP id 5F7E19259F

for <spam[at]stargate.pitt.edu>; Mon, 24 May 2004 15:45:54 -0400 (EDT)

Received: from smtp-ext-03.mx.pitdc1.expedient.net ([127.0.0.1])

by localhost (smtp-ext-03 [127.0.0.1]) (amavisd-new, port 10024) with LMTP

id 26344-02-35 for < :( [at]stargate.pitt.edu>;

Mon, 24 May 2004 15:45:53 -0400 (EDT)

Received: from backup1.mx.expedient.net (backup1.mx.cle.expedient.net [66.181.64.18])

by smtp-ext-03.mx.pitdc1.expedient.net (Postfix) with ESMTP id DF6F8924B8

for < :( [at]stargate.pitt.edu>; Mon, 24 May 2004 15:45:53 -0400 (EDT)

Received: from ip503c9474.speed.planet.nl (ip503c9474.speed.planet.nl [80.60.148.116])

by backup1.mx.expedient.net (Postfix) with SMTP id D80383F0

for < :( [at]stargate.pitt.edu>; Mon, 24 May 2004 15:46:23 -0400 (EDT)

Received: from 95.49.168.10 by 80.60.148.116; Tue, 25 May 2004 00:38:17 +0400

Message-ID: <KUWHIHOVDUUZUHJVSTBTBEQZ[at]hotmail.com>

From: "Aubrey Gross" <waleed_louri[at]yahoo.com>

Reply-To: "Aubrey Gross" <waleed_louri[at]yahoo.com>

To:  :( [at]stargate.pitt.edu

Subject: *****POSSIBLE spam***** fu** YOU

Date: Mon, 24 May 2004 14:38:17 -0600

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary="--55658522454627443778"

X-Webmail-Time: Mon, 24 May 2004 16:37:17 -0400

X-Virus-Scanned: by amavisd-new at mail.stargate.net

X-spam-Status: Yes, hits=8.0 tagged_above=-999.0 required=5.5 tests=BAYES_90,

DCC_CHECK, FORGED_YAHOO_RCVD, RATWR19_MESSID, SARE_ADLTSUB2

X-spam-Level: *******

X-spam-Flag: YES

----55658522454627443778

Content-Type: text/plain;

Content-Transfer-Encoding: quoted-printable

if YOU WANNA TO LOST UR MONEY ---> INVEST US -->>>

http://www.wecareaboutmoney.com/

----55658522454627443778--

if YOU WANNA TO LOST UR MONEY ---> INVEST US -->>>

http://www.wecareaboutmoney.com/

Does anyone know their IP?

Tracking message source: 80.60.148.116:

Routing details for 80.60.148.116

[refresh/show] Cached whois for 80.60.148.116 : abuse[at]planet.nl

Using abuse net on abuse[at]planet.nl

abuse net planet.nl = abuse[at]planet.nl

Using best contacts abuse[at]planet.nl

Yum, this spam is fresh!

Message is 1 hours old

80.60.148.116 not listed in dnsbl.njabl.org

80.60.148.116 not listed in dnsbl.njabl.org

80.60.148.116 not listed in cbl.abuseat.org

80.60.148.116 not listed in dnsbl.sorbs.net

80.60.148.116 not listed in relays.ordb.org.

80.60.148.116 not listed in query.bondedsender.org

80.60.148.116 not listed in iadb.isipp.com

Possible open relay: 66.181.64.18

Yum, this spam is fresh!

Message is 1 hours old

66.181.64.18 not listed in relays.ordb.org.

Edited by dra007

Share this post


Link to post
Share on other sites

Is this what you mean?

C:\>ping www.wecareaboutmoney.com

Pinging wecareaboutmoney.com [64.202.163.188]

Trying 64.202.163.188 at ARIN

Trying 64.202.163 at ARIN

OrgName: Go Daddy Software, Inc.

OrgID: GDS-31

Address: 14455 N Hayden Road

Address: Suite 226

City: Scottsdale

StateProv: AZ

PostalCode: 85260

Country: US

NetRange: 64.202.160.0 - 64.202.175.255

CIDR: 64.202.160.0/20

NetName: GO-DADDY-SOFTWARE-INC

And from the web-page (HTML removed)

05/24/04 17:08:33 Browsing http://www.wecareaboutmoney.com/

Fetching http://www.wecareaboutmoney.com/ ...

GET / HTTP/1.1

Host: www.wecareaboutmoney.com

Connection: close

User-Agent: Sam Spade 1.14

HTTP/1.1 200 OK

Date: Mon, 24 May 2004 22:08:54 GMT

Server: Apache/1.3.28 (Unix) FrontPage/5.0.2.2634

Last-Modified: Wed, 17 Mar 2004 20:49:13 GMT

In 1998 Gregory Dixon and Willson Marshall, graduate Miami University-Oxford as Master's.

They funded the Gregory&Willson Investment Company.

In the last two years all their investments has become 200-316% profit per month.

Gregory&Willson discovered failures and their potential to make safety business.

Gregory&Willson help its customers make better decisions, faster.

Gregory&Willson professional team uses a multidisciplinary approach, providing a solid foundation of knowledge and expertise. The union of this knowledge and expertise helps us advise you on strategies to protect your financial future.

We have:

Over 400 employees.

Operations in 23 countries

We also have more than 1.2 million information users in the fields of law, tax, accounting, reference information, corporate training and assessment, financial services, scientific research and healthcare.

We are planing to build ‘till 2006 a new building with 24th floors for large offices in Barcelona. The building is designed by the Zima Gunwale Fresco Partnership of Portland, Ore., and built by J.E. Dune Construction Co. The exterior is clad in granite from Brazil.

We want to build an office building where we could get work done for clients

We are thinking forward!

Share this post


Link to post
Share on other sites

I went to their website (www.wecareaboutmoney.com

) and reported the abuse, asked if they were aware of it...I am still waiting for an answer. What puzzles me is what the spammers hope to accomplish with such spam, they are certainly not likely to make any money on it.

Share this post


Link to post
Share on other sites

I too got thos last spam today. I actually did not report it because it had come in over the weekend (work account) and spamcop was down at the time so it would have expired by the time it was repotable. Oh well, I'll get em next time. Glad you were able to report it.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×