dra007 Posted August 20, 2013 Share Posted August 20, 2013 It's not enough that I get blasted with all that carding/party powder junk, hundreds of them daily but the newest spam points to a botnet spam that I never saw or reported, so is this another way to just be a pest..I just don't get it: Submitted: Tuesday, August 20, 2013 11:29:32 AM +0200: Email spam for malekal.com • 5992714217 ( 143.90.201.78 ) To: net-abuse[at]odn.ad.jp -------------------------------------------------------------------------------- Submitted: Tuesday, August 20, 2013 11:29:32 AM +0200: Email spam for malekal.com • 5992714393 ( 178.125.167.21 ) To: abuse[at]belpak.by • 5992714392 ( 178.125.167.21 ) To: abuse[at]belpak.minsk.by -------------------------------------------------------------------------------- Submitted: Tuesday, August 20, 2013 11:29:32 AM +0200: Legal powders • 5992714497 ( 178.90.96.35 ) To: noc[at]online.kz • 5992714496 ( 178.90.96.35 ) To: abuse.spam[at]telecom.kz • 5992714495 ( 178.90.96.35 ) To: abuse[at]telecom.kz -------------------------------------------------------------------------------- Submitted: Tuesday, August 20, 2013 11:29:31 AM +0200: International carding board on new domain • 5992714537 ( 114.24.166.61 ) To: postmaster[at]hinet.net • 5992714536 ( 114.24.166.61 ) To: abuse#hinet.net[at]devnull.spamcop.net • 5992714534 ( 114.24.166.61 ) To: spam[at]ms1.hinet.net -------------------------------------------------------------------------------- Submitted: Tuesday, August 20, 2013 11:29:31 AM +0200: =?UNKNOWN?B?5MnF1NkgySDT0M/Tz8LZINDPyNXExdTYIMLF2iDEycXU?= • 5992714571 ( 220.227.103.136 ) To: antiabuse.support[at]relianceada.com -------------------------------------------------------------------------------- Submitted: Tuesday, August 20, 2013 11:29:31 AM +0200: Email spam for malekal.com • 5992714586 ( 178.136.251.58 ) To: abuse[at]alkar.net • 5992714585 ( 178.136.251.58 ) To: abuse[at]vegatele.com -------------------------------------------------------------------------------- Submitted: Tuesday, August 20, 2013 11:29:30 AM +0200: Email spam for malekal.com • 5992714609 ( 70.30.174.85 ) To: abuse[at]sympatico.ca -------------------------------------------------------------------------------- Submitted: Tuesday, August 20, 2013 11:29:30 AM +0200: Legal drugs forum • 5992714633 ( 109.65.20.247 ) To: abuse[at]bezeqint.net -------------------------------------------------------------------------------- Submitted: Tuesday, August 20, 2013 11:29:30 AM +0200: Sub-Penny Stock Could Produce Big Percentage Gains • 5992714653 ( 223.238.37.110 ) To: postmaster[at]airtel.in • 5992714652 ( 223.238.37.110 ) To: techsupport[at]in.airtel.com • 5992714651 ( 223.238.37.110 ) To: dsl.noctn[at]airtel.in • 5992714650 ( 223.238.37.110 ) To: incident[at]cert-in.org.in • 5992714649 ( 223.238.37.110 ) To: dslnoc.ap[at]airtel.in • 5992714648 ( 223.238.37.110 ) To: dsl.noc[at]airtel.in • 5992714647 ( 223.238.37.110 ) To: abuse[at]airtel.in There is actually a blog discussing this but I still fail to see the logic behind it http://blog.dynamoo.com/2013/08/malekalcom-joe-job-part-ii.html Are the originators of this type of spam the same Byelorussian gang responsible for sending the other weird junk (also not benefiting anyone).. very twisted logic, I know those guys had Rasputin, but this is going beyond.. [edit] killing link http://blog.dynamoo.com/2013/08/malekalcom-joe-job-part-ii.html JIC Link to comment Share on other sites More sharing options...
Lking Posted August 20, 2013 Share Posted August 20, 2013 you should check Reply From Spammer or Victim? Link to comment Share on other sites More sharing options...
dra007 Posted August 20, 2013 Author Share Posted August 20, 2013 I saw that, this seems to go beyond because it is sent by botnets and therefore it works as botnet spam, you get 100s a day with same subject line, yet it does not seem to target anyone or anything, am I getting this then just because I am on their list of known SC users/reporters? That is what it appears to be if it is indeed a JoeJob... Incidentally the website they refer to in the subject line does not appear in the body of the spam just reference to blog sites that I did not visit because they could be exploits.. So maybe someone savvy can explain what is going on with this, does it matter if I report it? Link to comment Share on other sites More sharing options...
Farelf Posted August 20, 2013 Share Posted August 20, 2013 ...So maybe someone savvy can explain what is going on with this, does it matter if I report it?We shall await the appearance of such a maven with 'bated breath, in the meantime can understand your reluctance to act as a "cat's paw" in any of this but that appears to be the role these people have chosen for yourself and other high-volume reporters. Can't do any harm to report bot-net spam IMO and, in this scenario, maybe you and other reporters caught up in this can actually get a fair number of zombie IP addresses listed. I'm seeing a great chunk of yota.ru's SCARTEL infrastructure listed even now - http://www.senderbase.org/lookup?search_string=yota.ru - no individual reporter can achieve that but most would agree it is worth exposing such widespread abuse whatever the motivation of those who are sending the spam (though not necessarily the same bot-net involved - but the principle is the same regardless). It has to be some sort of a turf war with high economic stakes and they are harming the internet while they wage it. Based on what we usually see of bot-net spam they will only redouble their floods if they don't get the results they are after (that is, if you and others don't report). One way to look at it, anyway ... Link to comment Share on other sites More sharing options...
dra007 Posted August 21, 2013 Author Share Posted August 21, 2013 Methinks they target me just because I have a Russian wife!! Link to comment Share on other sites More sharing options...
Farelf Posted August 22, 2013 Share Posted August 22, 2013 Ah, that is too late to change - Выпьем за любовь! Горько! Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.