epinniger Posted October 23, 2006 Share Posted October 23, 2006 Since yesterday I have been bombarded with dozens of identical pharmacy spams, all from different addresses (presumably forged return addresses) but with identical message bodies. I have reported some of them to SpamCop, and the URL reported is different for each e-mail, presumably they are all zombies. Today (so far) I've received almost 40 of these spams, yesterday it was about 35 in total. The message body starts with the following paragraph: All products for your health Tortured with health problems? You're one click away from healthy life! An amazing variety of licensed meds at one big store! Click the link and make your first step to constant relief! followed by a long list of drugs, - though the usual suspects (V1AGRA, C1AL1S etc.) are misspelt, most of them are not. Anyone else getting these? With their identical message bodies and long list of extremely spammy words (including most of the drug names) these spams don't seem to make much attempt to avoid filters. EDIT: Just got another 10+ of these spams. I've tried filtering in MailWasher, searching for the string "with health problems" in the message body, but it doesn't appear to work. Before yesterday I rarely received more than 25-30 spams per day in total, let alone from the same spammer. Link to comment Share on other sites More sharing options...
epinniger Posted October 24, 2006 Author Share Posted October 24, 2006 This is a list of URLS ("broken" to avoid boosting their Google rating) spamvertised by these e-mails, in approximate order of frequency: http:// lettersmate .com http:// maxxtests .com http:// cationyamer .com http:// pbouvet .com The images on some of these sites are hosted by http:// dionler .net Whilst I've received hundreds of these spams so far, each one from a different IP (botnet?) there are only a handful of different URLS spamvertised by them. This is definitely the "weak link" - any way someone with more technical skill could find out which ISP is hosting these sites? Link to comment Share on other sites More sharing options...
MrT Posted October 24, 2006 Share Posted October 24, 2006 Whilst I've received hundreds of these spams so far, each one from a different IP (botnet?) there are only a handful of different URLS spamvertised by them. This is definitely the "weak link" - any way someone with more technical skill could find out which ISP is hosting these sites? My spam has jumped by 200% to 300% in the past 3 days or so. I classify the spam into two main types, "high" junk and "new" spam. The filtering is done through spamcop/spamhaus/baysian etc filters. The "new" spam doesn't get enough of a score (or no score). (I've also got key word filters - after the high junk filter - so some "new" spam gets deleted before getting through.) Most spam goes to two email accounts only (a very small amount to another account). In the past week or two these are the stats for spam: High junk: 40 42 51 55 45 56 46 69 79 59 126 (today 107, with about 4 hours to go) New spam: 27 22 17 11 21 33 20 28 22 8 20 (today 15, with about 4 hours to go) The "new spam" hasn't changed significantly in numbers. The "high junk" has gone through the roof in the past couple of days. Most of it is multiple copies of the same sort of spam. No logic to the frequency of sending it out. Could be multiple spammers or an overenthusiastic spammer I just went through today's 107 "high junk" spam and 57 out of 107 were of the type you've described, with the first line in the body text reading "All products for your health". So this would account for almost all of the increase in my spam. I saw in another post that spamcop said that there has been a 30% to 50% global increase in spam since a couple of days ago. Hope someone catches and stops the rat soon. Link to comment Share on other sites More sharing options...
Farelf Posted October 24, 2006 Share Posted October 24, 2006 This is a list of URLS ("broken" to avoid boosting their Google rating) spamvertised by these e-mails, in approximate order of frequency: http:// lettersmate .com http:// maxxtests .com http:// cationyamer .com http:// pbouvet .com The images on some of these sites are hosted by http:// dionler .net Whilst I've received hundreds of these spams so far, each one from a different IP (botnet?) there are only a handful of different URLS spamvertised by them. This is definitely the "weak link" - any way someone with more technical skill could find out which ISP is hosting these sites? Not me, I'm afraid. Just to note the four URL seem - using www.dnsreport.com - to have a common set of (currently unresponsive) parent nameservers: our NS records at the parent servers are: ns1.fantastish.info. [200.89.16.109 (NO GLUE)] [PE] ns1.trashbream.com. [200.89.16.109] [TTL=172800] [PE] ns2.concessiondog.info. [194.150.100.242 (NO GLUE)] [PL] ns2.fastundslow.com. [218.184.154.186] [TTL=172800] [TW] [These were obtained from l.gtld-servers.net] The images site is hosted by yahoo.com as far as I can tell. The whole internet is slow at the moment - pretty hard to do much of anything. Link to comment Share on other sites More sharing options...
MrT Posted October 25, 2006 Share Posted October 25, 2006 Just noticed I haven't had anything for the past hour, after getting one every few minutes for the last three days or so. So maybe someone has finally found and shut down the server(s). Here's hoping Link to comment Share on other sites More sharing options...
MrT Posted October 25, 2006 Share Posted October 25, 2006 Oops. Spoke too soon Link to comment Share on other sites More sharing options...
epinniger Posted October 27, 2006 Author Share Posted October 27, 2006 The flood of these spams seem to have finally stopped, either they were shut down or they've just finished the spam run (the spamvertised sites are still up). They've been replaced with "pump & dump" stock spam with subject titles like Stocks.com, Investment.com, Quotes.com etc., but I only get only 5-10 or so of these a day. I've also received a lot of "OEM" pirate software spam lately (over several weeks) which all link to "http:// oemkon .com" - Is there anywhere where you can report spamvertised URLs? Link to comment Share on other sites More sharing options...
turetzsr Posted October 27, 2006 Share Posted October 27, 2006 <snip> I've also received a lot of "OEM" pirate software spam lately (over several weeks) which all link to "http:// oemkon .com" - Is there anywhere where you can report spamvertised URLs? ...Sure! See SpamCop glossary entry "Manual Report;" the link labeled "spam Reporting Addresses" will take you to a web page that includes various software vendor and industry association contacts (listed under "Software piracy"). Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.