Jump to content

Helpless spammer?


dra007

Recommended Posts

Why are spammers seeking retaliation when we simply do our netzizens duty and report their illegal activities?

This one has been spamming me for a while and now he tries other ways to annoy me, sending malware, bounces and file attachments containing my user name. It all seems rather futile and infantile.. ... Is there a way to stop these scum bags from harassing me? Strikes me as odd that they are calling from India with an aussie nickname, not amused:

Received: from source ([59.92.154.106]) by exprod7mx61.postini.com ([64.18.6.10]) with SMTP;

Tue, 20 Sep 2005 08:37:18 PDT

From: 3326217[at]www.aussieamateursnude.com

To: MyE-Mail[at]MyServer.edu

Subject: Re: Proof of concept

Date: Tue, 20 Sep 2005 21:07:28 +0530

MIME-Version: 1.0

Content-Type: multipart/mixed;

boundary="----=_NextPart_000_0016----=_NextPart_000_0016"

X-Priority: 3

X-MSMail-Priority: Normal

X-pstn-levels:     (S:15.79366/99.90000 R:95.9108 P:95.9108 M:97.0232 C:98.7678 )

X-pstnvirus: Generic Malware.a!zip

X-pstn-settings: 5 (2.0000:2.0000) s gt3 gt2 gt1 r p m c

X-pstn-addresses: from <3326217[at]www.aussieamateursnude.com> [3283/112]

boundary="

--------------------------------------------------------------------------------

Date: Tue, 20 Sep 2005 21:07:28 +0530

From: 3326217[at]www.aussieamateursnude.com

To: MyUserName[at]MyServer.edu

Subject: Re: Proof of concept

I hope you accept the result!

Attachments:

application/octet-stream; name="document09-MyUserName.zip_ "

Link to comment
Share on other sites

This one has been spamming me for a while and now he tries other ways to annoy me, sending malware, bounces and file attachments containing my user name. It all seems rather futile and infantile.. ... Is there a way to stop these scum bags from harassing me? Strikes me as odd that they are calling from India with an aussie nickname, not amused:

33000[/snapback]

Once again, this is NOT a spammer. This one was sent by what appears as an end user machine is India (SenderBase has no history on it) that is probably infected with the same virus they are trying to send to you. The ONLY report against the IP is yours. The aussie nickname you are claiming is simply a forged to: address, probably residing on the very same infected PC as your email address was. This is NOT spam in the original sense of the phrase, but is reportable via spamcop since their changes. It is a virus, plain and simple, check here for a description: http://vil.nai.com/vil/content/v_134066.htm

Have you ever googled your "MyUserName[at]MyServer.edu" to see if it out on the web somewhere without your knowledge? Perhaps that is why you are always under "attack".

Have you ever published and papers in a trade magazine or related? I have several employees here who regularly get viruses sent to the addresses we used for that purpose. The only contact between the person sending the virus and the employee is that the sender had read the employees paper on-line and then gotten infected.

Link to comment
Share on other sites

I agree with everyhing you say except the use of my name in the zip filename seemed odd, in addition I got quite a bit of spam from neighbouring servers in India (if not same IP), everything else was there for amuzement purposes.

Somehow I have a hard time believing this is random and haphazard, the attacks coincide with spamruns and take many colors and shapes like camelleons, they tend to go on for months at a time. If indeed it was virus generated that would be unlikely. In addition I have had direct replies from some of these scum bags.

And yes, I am published in peer reviewed journals which have web versions, so that e-mail inbox is exposed and compromized....

PS. Icidentally I did a search as you suggested and came up with quite a few pages pointing to that e-mail ID...

Link to comment
Share on other sites

is exposed and compromized....

33009[/snapback]

...it is somewhat amusing that the aussie nude (and similar malware containing e-mails) reached me at the same time as a strange raise in porn spam which oddly sounds like this:

Hey idiot

Last night I found gthis sh** : http:// gals.hentaibomb.com/vic-b/index.html?id=pornose

  It's full of pre mature un-d 3r4ge car-t 00oons getting r4-ped and tortured til they bleed.

  On the 18th of june you agr-3e d to our trm -s wich includes rece-iv1ng our let t-t3rs,

If you still feel something is wrong give us a shout at :

Kineko LTD (kineko.com)

E-mail : abuse[at]directnic.com

+1 (504) 679-5170

.... Tell me what spammer would sell a product calling you an idiot?
Link to comment
Share on other sites

...it is somewhat amusing that the aussie nude (and similar malware containing e-mails) reached me at the same time as a strange raise in porn spam which oddly sounds like this:

.... Tell me what spammer would sell a product calling you an idiot?

33010[/snapback]

You follow the link "just to see" and they get paid.

The same viruses that send out the malware also allow spammers to bounce off the machine to send the spam. Some viruses also have the infected machine contact an IRC channel for further instructions, like "send this spam message to all your known addresses, naming the attachment %username%.zip". But from previous dealings here, I know you do not want to believe this, preferring to believe you are under a specific attack. If you ran a public SMTP server, you would see the same messages being sent to sometimes hundreds of addresses, all with custom messages. Programming makes it very easy.

Link to comment
Share on other sites

Why are spammers seeking retaliation when we simply do our netzizens duty and report their illegal activities?

33000[/snapback]

One thing that needs to be watched in manual reports/LARTS is to maintain an icy professionalism in the language of the reports. Not saying you don't do this or that it ultimately makes a difference but obviously keeping the level of provocation to a minimum will ensure you don't become a special target. Amongst their other evident shortcomings, I suspect these people are often a little short in the EQ (emotional intelligence) stakes. We have ample evidence as to their IQs.

Link to comment
Share on other sites

You follow the link "just to see" and they get paid. ...

33018[/snapback]

Now there's a thing. Which means posting that link "live" (with url tags intact) here is doing some piece of pond scum an immense favor, yes? A casual click by a reader will ratchet up another 0.001¢ or whatever, without the aforesaid lowlife even having to send out more of his spam (hey, we may be on to something here!). Must admit the forum software is fairly adamant about helpfully putting the tags in, but it is not too hard to preview the post and pull the tags, is it? Or go back and edit them out (hasn't always worked for me, maybe one needs to preview the edit to make it stick, can't be too hard whatever).

Link to comment
Share on other sites

Now there's a thing.  Which means posting that link "live" (with url tags intact) here is doing some piece of pond scum an immense favor, yes? A casual click by a reader will ratchet up another 0.001¢ or whatever, without the aforesaid lowlife even having to send out more of his spam (hey, we may be on to something here!).

And not to ignore the archiving/indexing by a few search engines ....

Must admit the forum software is fairly adamant about helpfully putting the tags in, but it is not too hard to preview the post and pull the tags, is it?  Or go back and edit them out (hasn't always worked for me, maybe one needs to preview the edit to make it stick, can't be too hard whatever).

33028[/snapback]

The parser bit is pretty 'strict' though .. put in a space somewhere, add in an extra character (I just posted a copy of an e-mail, one URL didn't make the transition as the http was directly butted up against the ">" quite character .. edited to insert the single space and it flew) .... actually, this discussion shift is a bit interesting time-wise .. with so many folks installung the 2.1 version of this app, there's only been 20 or 30 requests for where the 'magic' code is to kill the parsing of links. (and of course, the 20 or 30 responses repeating the same data for those that chose not to read before posting or not bothering to actually look at which forum section they were posting in ..) Based on the points offered here, one could say that killing off the parsing (HTML to BBCode to HTML) would be preferred in situations like this, the aggravation in all the other instances in dealing with the non-clickable links has me thinking that I'm a bit more happy with the current scenario ....

To 'kill' the clickable aspect, one would either corrupt the URL when posting or do an edit, delete the [/utl] tahs and stuff in between and then corrupt the remaing URL ...

Link to comment
Share on other sites

My method of killing clickability in this app is to insert a single space after "http://", such that http://forum.spamcop.net appears as http:// forum.spamcop.net .

33038[/snapback]

IPB 2.1.1 Released includes a "bug-fix" ....

RTE: Spaces in URL force URL not to parse and instead show BBCode .... hard to tell right now just how this was "fixed" <g>

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...