Jump to content


  • Content Count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About cppgenius

  • Rank

Contact Methods

  • AIM
  • MSN
  • Website URL
  • ICQ
  • Yahoo

Profile Information

  • Location
    South Africa
  1. cppgenius

    Translation Job Scams

    I haven't been able to confirm this, but it would make more sense to me if they demanded payment upfront. I guess they will first quote you on the amount of words to be translated. Back to the scammer, I will see what happens if I send him something to translate...
  2. cppgenius

    Translation Job Scams

    Hi there, I've been investigating one of those translation services spam e-mails and I really can't see what's the catch. I've been scambaiting this one asian guy for quite some time now and the only thing I have learned so far is that the translation scammers do not want to share any personal contact information like telephone numbers and addresses, whereas the real translators list a lot of contact information on the web. Most of these translator profiles seems to be copied from www.translatorscafe.com. Is anyone familiar with this site, is the translators listed on this site legit or are these guys a bunch of swindlers as well? It is easy to see that the scammers simply copied the information on this site, removed the telephone numbers and replaced the e-mail addresses. Most of the times when the translator is John.Doe[at]gmail.com, the scammer will create a similar hotmail account, for example John.Doe[at]hotmail.com Another thing that's odd to me, how do these scammers expect to receive payment, by threatening you to pay up. What is stopping you from asking the scammer to translate something and then refuse to pay, what's the scammer gonna do, sue you? Where is the catch. I'll appreciate any insight on this matter, especially someone who have first hand experience with these swindlers.
  3. cppgenius

    Is this just spammers luck or what

    That's the first thing that I've done, but like I said, it is apparent from the header information that the e-mail went a different path to my mailbox. Thanks for the password tips. I wrote an article once on the best password practice and I am also a huge supporter of the arbitrary alphanumeric password (not dictionary words but random letters, numbers and a special character or two, just as a curve ball). I must say, your take on a strong password makes it a bit easier to remember, if you keep certain parts the same. Also makes it convenient with the magnitude of passwords we have to remember these days.
  4. cppgenius

    Is this just spammers luck or what

    No problem Farelf, sorry, I was not aware of this policy, is the signature now acceptable? For a moment I thought my gmail account got hacked somehow, but the e-mail header told me that this was not the case. In the end I still think this was just dumb luck and not intentional, especially for the fact that these malware infested e-mails are flooding e-mail accounts from everywhere.. Steve, never thought of that, but could very likely be what happened here.
  5. cppgenius

    Mozilla Firefox

    I really find it hard to see a link between receiving spam and browser usage. As Farelf mentioned, a bad plug-in might leak information to a spammer, but once your e-mail address lands on a spammer's list, you will get spam, regardless of your browsing habits and browser preferences. Cobra, what does the spam telly look like now since your last post?
  6. I received an e-mail a couple of days ago, where the spoofed e-mail address were my personal e-mail address, delivered to my cybertopcops.com e-mail address. Now both e-mail accounts have the same prefix, so what do you guys think, is this pure coincidence or have the spammers made the connection that the two e-mail accounts are related somehow? I've published this example for illustration at the following link: http://www.cybertopcops.com/malware-spam-r...r-13192ni97.php The latter is kinda scary if you realise the spammers might know more about their spam victims than we realise. But I do not like to give a spammer more credit than he deserves (not that a spammer deserves any credit anyway), but I also do not underestimate them either.
  7. cppgenius

    Clever 419 Spammer or What?

    This complainant reported quite a number of e-mails to us. All of them show the following pattern: From msgsysXX.broadbandsupport.net ( by atmailX.ibbsonline.com From [RANDOMDOMAIN] by msysmtaXX.broadbandsupport.net So this seems to be standard procedure by his/her ISP and I find it hard to believe that the 2nd Received entry (from the top) was forged. But as you said, one can only say this with a fair degree of confidence. Since it is uncommon for traditional 419 scammers to go to such great lengths to forge an e-mail header, I'm sticking with a combination of theory 2 and 3 (for now). Thanks Rick, it is a useful resource indeed. The whole process is explained in great detail. I appreciate your help and insights into this problem. PS: The negative spam score is quite funny. Perhaps the spammer thought he will be able to bypass any possible spam filtering software along the chain, with a more than perfect spam score. A spam score so perfect, the spam filter should actually award him some points for creativity. Thanks for the help Farelf
  8. cppgenius

    Clever 419 Spammer or What?

    I tried to make contact with Malaysian Ministry of Tourism to confirm this at their end, but haven't received any replies yet. So it is really hard to say if it really came from pangkor.motour.gov.my ( After all a "Received" entry can also be forged. But is it possible for the spammer to forge a Received entry at that level in the header, because at that stage the e-mail already reached the ISP of the complainant in the U.S.
  9. cppgenius

    Clever 419 Spammer or What?

    Rick, my thoughts exactly. I don't think the spamcop report will be of any use. This e-mail was not delivered directly to me, it was reported to our spam account. But here is the link anyway. http://www.spamcop.net/sc?id=z2229533210zb...95d14c3903372ez
  10. cppgenius

    Clever 419 Spammer or What?

    Most 419 scammers are not into e-mail header forgery, they are known for using prehistoric spamming methods. I'm currently working on a very interesting 419 scam sample, with a very interesting e-mail header: http://www.cybertopcops.com/419-scam-stmic...s-job-offer.php Now the e-mail seems to follow a logical route, first through some kind of local network connected to the pangkor.motour.gov.my domain and from there it is passed onwards until it reaches the vicitm's ISP. The X-Originating-IP: [] at the bottom of the e-mail looks out of place, now we all know this is a non-standard header entry. It is a Nigerian IP address, so many might jump to the conclusion "Hey it is a 419 scam so it has to be the originating IP!" But is this really the originating IP? Now I have a couple of theories: It was sent by a Nigerian 419 scammer from, but made it look as if it passed through pangkor.motour.gov.my. It was sent from the e-mail account on pangkor.motour.gov.my, but the scammer made it look as if it came from It is an infected machine on pangkor.motour.gov.my that's pumping out 419 spam Any thoughts on what may be the actual case here? This is some clever e-mail header spoofing, but is quite uncommon among traditional 419 scammers. So it is clear that they are using some advanced spamming software to send out their scams (after all it is not uncommon for 419 scammers to operate for larger spam syndicates).
  11. cppgenius

    Email headers suitable for public viewing

    I guess that is the case 99.999999999% of the time. The chances of clearing your e-mail address from all spam lists are most likely 1 in a trillion. But don't you think it would have some effect if we cleared the web from all the e-mail addresses lying around, waiting to be snatched by a spam harvester?
  12. cppgenius

    Email headers suitable for public viewing

    Another thing I would like to know is, whether it is a good idea to publish the "From:" header entry in public. Spammers love to abuse this part by spoofing the header with real e-mail addresses of innocent victims. By publishing these in public areas, wouldn't you be exposing these e-mail addresses to more spam?
  13. cppgenius

    Multipart/Alternative without a text/html version

    I agree, and the rapid variation of the message body certainly makes sense, but a multipart/alternative without an html version is a clear giveaway that the e-mail is spam. The spammers are making it too easy to identify it as spam. There must be something else or this simply proves rule #3.
  14. We all know spammers love to transgress the e-mail standards (or any standards for that matter). Lately i've seen several multipart/alternative spam e-mails without the text/html version. 1. Is it a way to bypass the spam filters, I really can't see how, because a proper spam filter should penalise an e-mail containing different plain-text and html versions. In this case it is not really a different html version it is completely missing. 2. Are they trying to break the parser of services like spamcop? Again I can't see how, the e-mail still has proper boundaries, it can only pose a problem to a parser that ignores the text version in a multipart e-mail. Any ideas what the spammers are trying to achieve, below is an example of such an e-mail? X-Apparently-To: x via; Tue, 01 Jul 2008 22:56:48 -0700 X-YahooFilteredBulk: X-Originating-IP: [] Authentication-Results: mta220.mail.re3.yahoo.com from=yahoo.com; domainkeys=neutral (no sig) Received: from (HELO mta220.mail.re3.yahoo.com) ( by mta220.mail.re3.yahoo.com with SMTP; Tue, 01 Jul 2008 22:56:47 -0700 Received: from by; Wed, 02 Jul 2008 07:54:16 +0200 From: "Horace " <npcoaiycqmmc[at]yahoo.com> Reply-To: "Horace " <njwjdajtg[at]yahoo.com> To: x Subject: Same meds but much cheaper Date: Tue, 19 Jan 38 03:14:07 GMT X-Mailer: Microsoft Outlook Express 5.00.2919.6700 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--5382928713776627084" X-Priority: 3 X-MSMail-Priority: Normal ----5382928713776627084 Content-Type: text/plain; Content-Transfer-Encoding: quoted-printable Hello ! Now you have the opportunity to save your time and money! With US based online p/h/a/r/m/acy store you can buy any meds you need! Forget about prescriptions and doctors. Now you save your time. Forget about high prices at local stores. Save your money now! Go visit http://nomffioew.info seplg ----5382928713776627084--
  15. cppgenius

    Email headers suitable for public viewing

    Bummer, did I say munged? Boy do I feel stupid now, I actually meant hidden . Sorry Merlyn, I agree, there are no real merit in munging the From address (perhaps in one or two isolated cases) and absolutely no merit in munging the Message-ID (or any other header entry) . What I actually meant is whether this header is anonymous enough for public viewing out of the recipient's point of view. Is there anything left in the header that could be linked to the recipient of the e-mail. (Apart from getting a court order and instructing Yahoo to give you the personal details of the recipient ). I believe most of the private info is removed, just want to make sure I'm not missing anything?