eonstar Posted December 30, 2007 Share Posted December 30, 2007 I'm getting one email every couple of days, always from a junk address which cant be replied to, and all with exactly the same text which advertises MEDSCIT.COM - Canadian Pharmacy, selling viagra. Subject field is always just "re:" When I go to the website for MEDSCIT.COM - Canadian Pharmacy, there's a 'contact us' form to send a query which is handy for sending lots of messages of complaint. I've found Canadian Pharmacy mentioned as a source of spam elsewhere on the net. If there's no authority to pull companies into line, than surely if enough people send use their 'contact us' form several times every hour, it will stuff them up enough to interfere with the making of money. Link to comment Share on other sites More sharing options...
Wazoo Posted December 30, 2007 Share Posted December 30, 2007 The word "source" in these parts generally deals with the "source" of the e-mail. What you appear to be talking about is something called a "spamvertised site" ... something quite different. Your suggested 'threat' of stuffing a form in retaliation cold actually cause you some personal grief. You might want to talk to your own ISP/Host before trying something like this. This domain is a bit out of the ordinary, allegedly being around since last August .. rather different than the typical week or two scam site ... though it could be that there were hundreds of Domains registered back in August and this one has 'just' been actually brought into use. 12/30/07 06:31:32 Slow traceroute MEDSCIT.COM Trace MEDSCIT.COM (84.109.24.85) ... 62.219.189.25 RTT: 187ms TTL:170 (bzq-219-189-25.cablep.bezeqint.net ok) * * * failed 192.117.237.58 RTT: 182ms TTL:170 (bzq-117-237-58.static.bezeqint.net ok) * * * failed * * * failed * * * failed * * * failed 84.109.24.85 RTT: 198ms TTL:107 (bzq-84-109-24-85.red.bezeqint.net ok) whois -h whois.crsnic.net medscit.com ... Redirecting to BEIJING INNOVATIVE LINKAGE TECHNOLOGY LTD. DBA DNS.COM.CN whois -h whois.dns.com.cn medscit.com ... Domain Name.......... medscit.com Creation Date........ 2007-08-14 14:29:31 Registration Date.... 2007-08-14 14:29:31 Expiry Date.......... 2008-08-14 14:29:31 Organisation Name.... Elvin Korkuti Organisation Address. 1950 3rd St 606 Organisation Address. Organisation Address. La Verne Organisation Address. 91750 Organisation Address. WG Organisation Address. US Admin Name........... Elvin Korkuti Admin Address........ 1950 3rd St 606 Admin Address........ Admin Address........ La Verne Admin Address........ 91750 Admin Address........ WG Admin Address........ US Admin Email.......... ererer[at]hotmail.com Admin Phone.......... +1.9095760281 Admin Fax............ +1.9095760281 ........ Name Server.......... ns0.biknasufadupo.com Name Server.......... ns0.markuzapilod.com Name Server.......... ns0.rubakopesanm.com Name Server.......... ns0.rumbaponukas.com 12/30/07 06:32:59 dig MEDSCIT.COM [at] 208.67.220.220 Dig MEDSCIT.COM[at]ns0.rumbaponukas.COM (91.89.228.53) ... failed, couldn't connect to nameserver Dig MEDSCIT.COM[at]ns0.rubakopesanm.COM (89.178.111.167) ... failed, couldn't connect to nameserver Dig MEDSCIT.COM[at]ns0.markuzapilod.COM (207.119.14.3) ... failed, couldn't connect to nameserver Dig MEDSCIT.COM[at]ns0.biknasufadupo.COM (79.120.97.137) ... failed, couldn't connect to nameserver Dig MEDSCIT.COM[at]208.67.220.220 ... Non-authoritative answer Recursive queries supported by this server Query for MEDSCIT.COM type=255 class=1 MEDSCIT.COM NS (Nameserver) ns0.biknasufadupo.COM MEDSCIT.COM NS (Nameserver) ns0.markuzapilod.COM MEDSCIT.COM NS (Nameserver) ns0.rubakopesanm.COM MEDSCIT.COM NS (Nameserver) ns0.rumbaponukas.COM whois -h whois.ripe.net 84.109.24.85 ... inetnum: 84.109.0.0 - 84.109.255.255 netname: CABLES-CONNECTION descr: CABLES-CUSTOMERS-CONNECTION country: IL admin-c: YK76-RIPE tech-c: BHT2-RIPE status: ASSIGNED PA remarks: please send ABUSE complains to abuse[at]bezeqint.net mnt-by: AS8551-MNT mnt-lower: AS8551-MNT source: RIPE # Filtered A better suggestion might actually be to quit 'reading' your spam. Technically, nobody in the data above really cares about complaints about spam. Just so there's no confusion, reporting of this through SpamCop.net 'will' work at adding the 'source' to the SpamCopDNSBL, which will help those that use the BL against their incoming e-mail. The issue I'm talking about is that the ISPs/Hosts involved with this web-site don't care, possibly because the spammer is paying enough for this hosting to make them very happy ????? Reminds me of Ralsky's complaint years back that he couldn't find a U.S. ISP that would host his garbage, so he 'had' to use hosting provided by Chinese ISPs ..... Link to comment Share on other sites More sharing options...
rconner Posted December 30, 2007 Share Posted December 30, 2007 If there's no authority to pull companies into line, than surely if enough people send use their 'contact us' form several times every hour, it will stuff them up enough to interfere with the making of money. The people behind this stuff are not "companies" that can be "pulled into line," they are international criminal conspiracies. They use illegal means to distribute their sales appeals and host their websites. Their products are generally illegally made and certainly illegally sold. Trying to "stuff" their forms will do no good and may just get you into trouble as Wazoo suggests. It also has about the same effect as trying to stop a burglar by posting a "no burglars" sign on your front door. An effective spam filter might shunt many of these spams from your inbox; for any that you do receive, the best thing to do is to report them to the providers whose facilities (IP addresses) were used to send them. -- rick Link to comment Share on other sites More sharing options...
rconner Posted December 31, 2007 Share Posted December 31, 2007 <snip> 12/30/07 06:31:32 Slow traceroute MEDSCIT.COM Trace MEDSCIT.COM (84.109.24.85) ... 62.219.189.25 RTT: 187ms TTL:170 (bzq-219-189-25.cablep.bezeqint.net ok) * * * failed 192.117.237.58 RTT: 182ms TTL:170 (bzq-117-237-58.static.bezeqint.net ok) * * * failed * * * failed * * * failed * * * failed 84.109.24.85 RTT: 198ms TTL:107 (bzq-84-109-24-85.red.bezeqint.net ok) <snip> Domain Name.......... medscit.com Creation Date........ 2007-08-14 14:29:31 Registration Date.... 2007-08-14 14:29:31 Expiry Date.......... 2008-08-14 14:29:31 Organisation Name.... Elvin Korkuti Organisation Address. 1950 3rd St 606 Organisation Address. Organisation Address. La Verne Organisation Address. 91750 Organisation Address. WG Organisation Address. US <snip> Dig MEDSCIT.COM[at]208.67.220.220 ... Non-authoritative answer Recursive queries supported by this server Query for MEDSCIT.COM type=255 class=1 MEDSCIT.COM NS (Nameserver) ns0.biknasufadupo.COM MEDSCIT.COM NS (Nameserver) ns0.markuzapilod.COM MEDSCIT.COM NS (Nameserver) ns0.rubakopesanm.COM MEDSCIT.COM NS (Nameserver) ns0.rumbaponukas.COM Thanks for the digging, Wazoo. Looks like a garden-variety pharma spam operation. The website seems to be hosted on a pool customer address at Bezeq, so possibly a zombie computer is involved here. The NS is provided by the usual gaggle of alphabet-soup hosts, would not surprise me to learn that the domain resolves to multiple bot addresses. Also, the domain registry info is obviously bogus (address is "no effing good"), so theoretically the registrar is supposed to take action. However, being that the registrar is Beijing Innovative, we will have uncorked many bottles of New Year's champagne before we see any action from them. -- rick Link to comment Share on other sites More sharing options...
Merlyn Posted December 31, 2007 Share Posted December 31, 2007 I'm getting one email every couple of days, always from a junk address which cant be replied to, and all with exactly the same text which advertises MEDSCIT.COM - Canadian Pharmacy, selling viagra. medscit.com is part of a botnet currently on: 24.105.194.185 61.18.62.46 61.93.13.46 61.238.133.47 61.238.164.118 67.182.16.50 76.211.209.223 123.98.189.153 123.110.183.217 125.215.110.17 125.231.229.84 207.119.14.3 210.6.50.140 210.122.176.250 211.168.219.196 But the above will change every few minutes botnets are being used for email as well as hosting and dns. Subject field is always just "re:" That's because their vocabulary goes no further. When I go to the website for MEDSCIT.COM - Canadian Pharmacy, there's a 'contact us' form to send a query which is handy for sending lots of messages of complaint. Why would you want to complain directly to the spammers site? You think they actually read any email? You think they are smart enough to read? I've found Canadian Pharmacy mentioned as a source of spam elsewhere on the net. The Canadian Pharmacy spammers have been around for while. Of course they are elsewhere on the net. If there's no authority to pull companies into line, than surely if enough people send use their 'contact us' form several times every hour, it will stuff them up enough to interfere with the making of money. I hope you don't really believe that! Link to comment Share on other sites More sharing options...
eonstar Posted December 31, 2007 Author Share Posted December 31, 2007 medscit.com is part of a botnet currently on: ..... But the above will change every few minutes botnets are being used for email as well as hosting and dns. That's because their vocabulary goes no further. Why would you want to complain directly to the spammers site? You think they actually read any email? You think they are smart enough to read? The Canadian Pharmacy spammers have been around for while. Of course they are elsewhere on the net. I hope you don't really believe that! Thanks Merlyn, I'm new to the spam thing, your sarcasm has been appreciated. Regards, Eon. Link to comment Share on other sites More sharing options...
Wazoo Posted December 31, 2007 Share Posted December 31, 2007 Thanks Merlyn, I'm new to the spam thing, your sarcasm has been appreciated. One post deleted that contained nothing but a 'quoted-in-its-entireity' but with no content. Next post edited to remove un-needed content (as suggested in places like the Forum FAQ (links at the top of the page)) There has been quite a it of traffic in response to your initial query, yet the only follow-up comment is this? If you are 'new to spam' then the real question now is if anything in 'all' of the above did anything for you, explained anything, helped you at all? Link to comment Share on other sites More sharing options...
Telarin Posted December 31, 2007 Share Posted December 31, 2007 Excellent resrouce for the MCP spam and how it works: http://spamtrackers.eu/wiki/index.php?titl...nadian_Pharmacy Link to comment Share on other sites More sharing options...
Merlyn Posted December 31, 2007 Share Posted December 31, 2007 Thanks Merlyn, I'm new to the spam thing, your sarcasm has been appreciated. Regards, Eon. Link to comment Share on other sites More sharing options...
Farelf Posted January 1, 2008 Share Posted January 1, 2008 Thanks Merlyn, I'm new to the spam thing, your sarcasm has been appreciated.Forget the hurt feelings if you want to learn.medscit.com is part of a botnet currently on ... But the above will change every few minutes botnets are being used for email as well as hosting and dns. As in C:\Documents and Settings\Steve>nslookup ... > medscit.com ... Non-authoritative answer: Name: medscit.com Addresses: 58.226.111.81 61.105.185.90 61.238.162.248 69.151.213.60 75.73.80.244 76.99.104.72 76.248.102.190 84.234.130.136 125.231.229.84 203.243.221.34 207.119.11.105 210.106.5.185 211.168.219.196 220.131.109.200 221.127.130.241 (10 minutes later) > medscit.com ... Non-authoritative answer: Name: medscit.com Addresses: 123.203.16.5 125.231.229.84 203.243.221.34 207.119.11.105 210.106.5.185 211.168.219.196 220.85.50.164 220.131.109.200 58.226.111.81 59.17.208.96 61.105.185.90 61.238.138.165 75.51.76.167 75.73.80.244 84.234.130.136 > Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.