Jump to content

What's up with this


dra007
 Share

Recommended Posts

It's not enough that I get blasted with all that carding/party powder junk, hundreds of them daily but the newest spam points to a botnet spam that I never saw or reported, so is this another way to just be a pest..I just don't get it:

Submitted: Tuesday, August 20, 2013 11:29:32 AM +0200:

Email spam for malekal.com • 5992714217 ( 143.90.201.78 ) To: net-abuse[at]odn.ad.jp

--------------------------------------------------------------------------------

Submitted: Tuesday, August 20, 2013 11:29:32 AM +0200:

Email spam for malekal.com • 5992714393 ( 178.125.167.21 ) To: abuse[at]belpak.by

• 5992714392 ( 178.125.167.21 ) To: abuse[at]belpak.minsk.by

--------------------------------------------------------------------------------

Submitted: Tuesday, August 20, 2013 11:29:32 AM +0200:

Legal powders • 5992714497 ( 178.90.96.35 ) To: noc[at]online.kz

• 5992714496 ( 178.90.96.35 ) To: abuse.spam[at]telecom.kz

• 5992714495 ( 178.90.96.35 ) To: abuse[at]telecom.kz

--------------------------------------------------------------------------------

Submitted: Tuesday, August 20, 2013 11:29:31 AM +0200:

International carding board on new domain • 5992714537 ( 114.24.166.61 ) To: postmaster[at]hinet.net

• 5992714536 ( 114.24.166.61 ) To: abuse#hinet.net[at]devnull.spamcop.net

• 5992714534 ( 114.24.166.61 ) To: spam[at]ms1.hinet.net

--------------------------------------------------------------------------------

Submitted: Tuesday, August 20, 2013 11:29:31 AM +0200:

=?UNKNOWN?B?5MnF1NkgySDT0M/Tz8LZINDPyNXExdTYIMLF2iDEycXU?= • 5992714571 ( 220.227.103.136 ) To: antiabuse.support[at]relianceada.com

--------------------------------------------------------------------------------

Submitted: Tuesday, August 20, 2013 11:29:31 AM +0200:

Email spam for malekal.com • 5992714586 ( 178.136.251.58 ) To: abuse[at]alkar.net

• 5992714585 ( 178.136.251.58 ) To: abuse[at]vegatele.com

--------------------------------------------------------------------------------

Submitted: Tuesday, August 20, 2013 11:29:30 AM +0200:

Email spam for malekal.com • 5992714609 ( 70.30.174.85 ) To: abuse[at]sympatico.ca

--------------------------------------------------------------------------------

Submitted: Tuesday, August 20, 2013 11:29:30 AM +0200:

Legal drugs forum • 5992714633 ( 109.65.20.247 ) To: abuse[at]bezeqint.net

--------------------------------------------------------------------------------

Submitted: Tuesday, August 20, 2013 11:29:30 AM +0200:

Sub-Penny Stock Could Produce Big Percentage Gains • 5992714653 ( 223.238.37.110 ) To: postmaster[at]airtel.in

• 5992714652 ( 223.238.37.110 ) To: techsupport[at]in.airtel.com

• 5992714651 ( 223.238.37.110 ) To: dsl.noctn[at]airtel.in

• 5992714650 ( 223.238.37.110 ) To: incident[at]cert-in.org.in

• 5992714649 ( 223.238.37.110 ) To: dslnoc.ap[at]airtel.in

• 5992714648 ( 223.238.37.110 ) To: dsl.noc[at]airtel.in

• 5992714647 ( 223.238.37.110 ) To: abuse[at]airtel.in

There is actually a blog discussing this but I still fail to see the logic behind it http://blog.dynamoo.com/2013/08/malekalcom-joe-job-part-ii.html

Are the originators of this type of spam the same Byelorussian gang responsible for sending the other weird junk (also not benefiting anyone).. very twisted logic, I know those guys had Rasputin, but this is going beyond..

[edit] killing link http://blog.dynamoo.com/2013/08/malekalcom-joe-job-part-ii.html JIC

Edited by Farelf
Link to comment
Share on other sites

I saw that, this seems to go beyond because it is sent by botnets and therefore it works as botnet spam, you get 100s a day with same subject line, yet it does not seem to target anyone or anything, am I getting this then just because I am on their list of known SC users/reporters? That is what it appears to be if it is indeed a JoeJob...

Incidentally the website they refer to in the subject line does not appear in the body of the spam just reference to blog sites that I did not visit because they could be exploits.. So maybe someone savvy can explain what is going on with this, does it matter if I report it?

Edited by dra007
Link to comment
Share on other sites

...So maybe someone savvy can explain what is going on with this, does it matter if I report it?
We shall await the appearance of such a maven with 'bated breath, in the meantime can understand your reluctance to act as a "cat's paw" in any of this but that appears to be the role these people have chosen for yourself and other high-volume reporters.

Can't do any harm to report bot-net spam IMO and, in this scenario, maybe you and other reporters caught up in this can actually get a fair number of zombie IP addresses listed. I'm seeing a great chunk of yota.ru's SCARTEL infrastructure listed even now - http://www.senderbase.org/lookup?search_string=yota.ru - no individual reporter can achieve that but most would agree it is worth exposing such widespread abuse whatever the motivation of those who are sending the spam (though not necessarily the same bot-net involved - but the principle is the same regardless).

It has to be some sort of a turf war with high economic stakes and they are harming the internet while they wage it. Based on what we usually see of bot-net spam they will only redouble their floods if they don't get the results they are after (that is, if you and others don't report).

One way to look at it, anyway ...

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...