Spammer Wanted!

[Gil Evangelista]

I’ve been bombarded with several spams recently. It all began about a month ago. I’m sure the spammer used a harvest software to get my email accounts. And I also know that all these messages come from one single person, because the way he formats the message and also because when he promotes their affiliate sites he always uses the same ID: 233630. This person always changes the ISP of course. And his preferred ISP is Chinanet… we all know chinanet is a safe island to spammers. And I think the only way to stop spam from this ISP is to take a hammer and crash their servers…

Until now this spammer was promoting, softwares, drugs (pharmoze), etc. But I always suspected that the real purpose of these messages was steal the credit card information from the people who tried to buy some of these items.

Now I’m sure this guy is a criminal cause recently I received a spoof that apparently came from the Citibank with the subject:

“CitiBank: Please Confirm Your Banking Details” informing that was necessary to update the account information in the following address: http://66.123.203.152:87/cit/index.htm

(that redirects to http://www.citi.com/domain/index.htm )

Clicking this link I was presented with a page exactly equal the real Citibank website.

I already reported this message to Citibank Security Department and FBI.

I’m still receiving spam from this guy and I don’t know when it will stop. But I hope it happens soon.

I would like to know if someone has this same problem too. Maybe we could find a way to track this spammer.

Below are some of the URL used by this spammer:

http://jqss.mblcmla.info/?1h39z42vB58oJ11ripdckrpzdsa

http://uktpidubximwxc.fnfdcng.info/?yNA74z...2cxzckipkkdhhew

http://67.20.179.10:87/cz/index.htm

http://66.123.203.152:87/cit/index.htm

http://www.citi.com/domain/index.htm

http://64.162.233.81:87/cit/index.htm

[spamh8tr]

Being CitBank is involved now, if you go to their web site you can report fraud. With the information you have they may be able to track them him down using the proper authorities to do so. This guy has crossed over to the criminal attempt side and needs to be prosecuted and the banks have a system set up to do just that!

[dra007]

If we are looking at recent posts, Citibank phishers have come up recently. We also get preponderently Chinese but also Korean and Brazilian web advertized domains, sometimes in the same spam. It does not mean that we are all dealing with the same spammer but simply that we are on overlapping lists used by spam-gangs (listed in ROSKO) which are resistant to spam-fight (once on a list you are likely to have your e-mail address passed on to other spammers).

I would think that after reporting spam consistently for almost a year, spam due to Trojans, server exploits and the like would abide, and problems would be solved. Indeed, I get much less from comcast, veriozon and ameritech, and when I do, the spam-runs are usually short and stop within a day or 2. That doesn't happen with Kornet, Brazilian, Chinese and Romanian servers. In fact I have been getting virus infected spams from a Romanian server (RDSnet) and still do, on a daily basis and despite contacting admins at various levels, nothing seemed to ever stop them except for brief respites. Such is the nature of this business/beast, like Herpes simplex virus, once it gets you, you can never escape it just hope to keep it under control and deal patiently with occasional outbreaks...

I know this is frustrating, hopefully administrators will find ways to eventually stop the attacks at server level (silently) and we will not even know about it. In fact, one of my responsible ISPs is doing that already and I no longer see any spam at that e-mail address. Of course I have to wonder sometime if I lose some good e-mail as false positives once in a while, but not having to deal with 200 or more spams a day is worth the price ...