rconner Posted May 13, 2007 Share Posted May 13, 2007 Received a drug spam today (tracking link) for a botnet-hosted website. Nothing out of the ordinary except that a bit of HTML was prepended, containing a URL to something called www.nospammer.net, with a very long query string. They want me to "report" the spam to them. I went to the URL (minus the query string), and it redirects to www.fortiguardcenter.com. Wikipedia had an entry, it appears to be an internet security firm. No abuse seems to be evident in the top page of Google hits. Anybody know much else about these guys? -- rick Link to comment Share on other sites More sharing options...
Wazoo Posted May 13, 2007 Share Posted May 13, 2007 Received a drug spam today (tracking link) for a botnet-hosted website. Nothing out of the ordinary except that a bit of HTML was prepended, containing a URL to something called www.nospammer.net, with a very long query string. They want me to "report" the spam to them. Strangely, I read it the other way... the Subject line 'tagged' (or maybe I should just say 'includedes the word") spam .... the appearance if the 'fortiguard' X-Line: would seem to tie into the leading paragraph .. suggesting that one would click on the link so as to 'whitelist' (or at least indicate) that this e-mail was 'not' spam. What I can't do of course, is tie the X-line: data to the URL identification string. I went to the URL (minus the query string), and it redirects to www.fortiguardcenter.com. Browsing http://www.nospammer.net/ Fetching http://www.nospammer.net/ ... GET / HTTP/1.1 Host: www.nospammer.net HTTP/1.1 301 Moved Permanently Location: http://www.fortinet.com/FortiGuardCenter/a...m/antispam.html Browsing http://www.nospammer.net/SpamSubmission/SubmitSpam Fetching http://www.nospammer.net/SpamSubmission/SubmitSpam ... GET /SpamSubmission/SubmitSpam HTTP/1.1 Host: www.nospammer.net HTTP/1.1 200 OK <title>Submission Server -- Invalid Request</title> <span class="error_msg">Invalid Request!</span> <td align="right"><small>© 2006 FORTINET INC. ALL RIGHTS RESERVED </small></td> Wikipedia had an entry, it appears to be an internet security firm. No abuse seems to be evident in the top page of Google hits. Anybody know much else about these guys? Slow traceroute www.nospammer.net Trace www.nospammer.net (65.39.139.177) ... 216.187.88.74 RTT: 113ms TTL:170 (No rDNS) 65.39.139.187 RTT: 95ms TTL:170 (mail.fortinet.com fraudulent rDNS) * * * failed * * * failed whois -h whois.networksolutions.com nospammer.net ... Registrant: AP Secure Technologies Inc. 4710 Kingsway Suite 400 Burnaby, BC V5X 4M2 CA Domain Name: NOSPAMMER.NET Administrative Contact, Technical Contact: Li, Wenbin MIS[at]fortinet.com 4710 Kingsway Suite 400 Burnaby, BC V5H 4M2 CA 604-430-1297 fax: 604-430-1296 Record expires on 20-Aug-2008. Record created on 20-Aug-2004. Database last updated on 13-May-2007 17:46:21 EDT. Domain servers in listed order: NS37.WORLDNIC.COM 205.178.190.19 NS38.WORLDNIC.COM 205.178.189.19 Slow traceroute www.fortinet.com Trace www.fortinet.com (203.160.224.97) ... 203.160.225.81 RTT: 103ms TTL:170 (No rDNS) 203.78.176.2 RTT: 86ms TTL:170 (No rDNS) 203.160.224.108 RTT: 105ms TTL:170 (No rDNS) 203.160.224.97 RTT: 89ms TTL: 49 (No rDNS) whois -h whois.networksolutions.com fortinet.com ... Registrant: Fortinet Technologies (Canada) Inc. 4710 Kingsway Suite, 400 Burnaby, BC v5h 4m2 CA Domain Name: FORTINET.COM Administrative Contact, Technical Contact: Li, Wenbin MIS[at]fortinet.com 4710 Kingsway Suite 400 Burnaby, BC V5H 4M2 CA 604-430-1297 fax: 604-430-1296 Record expires on 16-Feb-2015. Record created on 10-Apr-2004. Database last updated on 13-May-2007 17:46:59 EDT. Domain servers in listed order: NS1.FORTINET.COM 65.39.139.161 NS2.FORTINET.COM 203.160.224.103 NS3.FORTINET.COM 65.61.202.153 Bottom line, they are 'connected' .... not that this really answers much more .... Link to comment Share on other sites More sharing options...
bobbear Posted May 13, 2007 Share Posted May 13, 2007 They look kosher - their domain was registered 'way back' in 2004 (AP Secure Technologies Inc), which is usually a good sign & their 'FortiGuard Antispam Solutions' seem to be used by some SP's, notably Zen who are a reputable UK ISP. Link to comment Share on other sites More sharing options...
Farelf Posted May 14, 2007 Share Posted May 14, 2007 FWIW nobody has slated nospammer.net in SiteAdvisor and fortiguardcenter.com hadn't even been submitted for investigation (request now made). Nothing untoward found by LinkScanner (however that didn't raise the alert that the destination for both nospammer.net and www.nospammer.net had changed, which is one of the things it is supposed to do). Inconclusive but certainly nothing adverse. Link to comment Share on other sites More sharing options...
rconner Posted May 14, 2007 Author Share Posted May 14, 2007 Thanks all for the responses. I did not read the message extremely closely, it is possible that they wanted me to click the link in order to "whitelist" the mail, but no harm no foul since I didn't really plan on clicking the link anyway, at least not without further inquiry. Wikipedia indicated that this firm was implicated in work on behalf of the Myanmar (formerly Burma) government to block internet traffic critical of that government. Seems like we have a smaller version of the Yahoo/China controversy here, but that wouldn't prevent them from being competent and prudent in handling spam. -- rick Link to comment Share on other sites More sharing options...
Wazoo Posted May 14, 2007 Share Posted May 14, 2007 Wikipedia indicated that this firm was implicated in work on behalf of the Myanmar (formerly Burma) government to block internet traffic critical of that government. Yeah, that's it .... I knew I'd seen this before, but ..... thanks for beinging up that connection ... Link to comment Share on other sites More sharing options...
tomaszd2 Posted August 4, 2007 Share Posted August 4, 2007 Dear All, I'm not so sure this is "cosher". There is no terms of use or what would happen to the person if submission is made or any other plethora making it a legal website. Also I decided since I have that privelage to setup a dummy response. The address within 2 days started to receive the spam addressed to that e-mail. Also do an interesting exercise: Load the page first do nothing Re-load the page and try again to see what happens. Mine said there was a false positive submitted. Now I have not pressed any button whatsover. The last thing the puzzles me the most is that I use Fortigate 100A and ffew 60 in my servers so it seems logical that I would respond. Yet how would "nospammer" know that I am a genuine user with the right responses. I may dislike the person and create havock for them by posting the false response. No matter how you look none of the people in my list knew thier e-mail was sending this. Isn't that in itself point of caution. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.