New spammer tactic and organization

[Davis McCarn]

I will probably never know if I made the wrong person mad or the guys just decided they liked my domain names; but, the methods being employed are themselves devious enough.....

In December, I read about a highly successful, Russian group, that had created botnet clusters of 500 systems each and that they had an estimated 100 of these clusters spread around the globe (50,000 systems!) Each cluster was handed a given spam, a list to send it to, and the result was an almost doubling of spam worldwide.

About two weeks ago, I began receiving thousands of the same spam (with a twist I'll get to in a minute) and hundreds of out-of-office replies or undeliverables.

Examining the spam disclosed that they had come from hundreds of different computers, so trying to report the abuse to a gazillion ISP's seemed like a fruitless effort to me.

Here is the twist. Even though the body of the E-Mail was identical, the link it contained to purchase was different; with over a hundred different domains so far. Getting the WHOIS info for those domains revealed they were registered to the same guy!

So, the scheme is to register hundreds of domains, create the spam with the domain as another plug in variable, and then utilize a botnet to distribute them.

The first guy was in London and reports to the FBI, the UK government, and Registerfly (his registrar) seem to have hurt his business. The one that just started today is a guy in Florida.

If you have any comments on what I have outlined I would love to hear them and do you think it was Registerfly the clobbered the first guy, the FBI, or the UK?

[Wazoo]

If you have any comments on what I have outlined I would love to hear them and do you think it was Registerfly the clobbered the first guy, the FBI, or the UK?

What makes you think that "the guy was clobbered?" Some spammers have been known to 'burn' hundreds of Domains a month, knowing that they will only survive 'for a while' .....

[Telarin]

Yeah, usually they are purchased with stolen credit card information. So the cost to register the domains is simply the cost of a list of fresh CC numbers. Seems like I remember seeing somewhere on line that the going rate was something like $20 per 1000 for them.

Whats interesting to note, is that most of those Credit Card numbers come from people clicking on links in mortgate/finance spam or phishing spam and entering in their information on a website they know nothing about. Then being surprised and upset when their credit card numbers are used for nefarious purposes...

[petzl]

Whats interesting to note, is that most of those Credit Card numbers come from people clicking on links in mortgate/finance spam or phishing spam and entering in their information on a website they know nothing about. Then being surprised and upset when their credit card numbers are used for nefarious purposes...

I'm led to believe most if not all spammers will get and use any credit card that is used in response to a spam for what ever. A lot of this is not reported as theft because of embarrassment as to what one tried to buy (goods are mainly not delivered but credit card is maxed out $$$)

Still seems to be a lucrative crime relying on a sucker born every minute When spammers are taken to court they seem to be getting a resonble illegal income from their spam scams

[rconner]

Well, no surprise then at the bigshot spammers who drive around in Hummers and Porsches and live in McMansions.

-- rick