Miss Betsy Posted May 27, 2004 Posted May 27, 2004 Subject: MyCompanyName lunatic hands behind 683 Do you think that is on purpose to get me to open it? Or just the 'monkeys typing' syndrome? Miss Betsy
dhanna Posted May 27, 2004 Author Posted May 27, 2004 Subject: MyCompanyName lunatic hands behind 683 Do you think that is on purpose to get me to open it? Or just the 'monkeys typing' syndrome? Miss Betsy I think 90% of my spam is 'monkeys typing'. We know spammers can't spell. I know they change words to try and get by filters, but even words they do not need to change, are not spelled correctly. I think the spam I am amused by the most is the blank ones, only header info. They can't even setup their spamming software correctly.
dhanna Posted May 28, 2004 Author Posted May 28, 2004 This was a good one... And, as you can see, it was indeed blocked... Previewing raw email. Use your browser's back button to return to menu. ============================================================================== Return-Path: <JRLCUNSRLLBZGD[at]autonr.net> Delivered-To: spamcop-net-****[at]spamcop.net Received: (qmail 12612 invoked from network); 28 May 2004 00:05:27 -0000 Received: from unknown (HELO c60.cesmail.net) (192.168.1.105) by blade6.cesmail.net with SMTP; 28 May 2004 00:05:27 -0000 Received: from mailgate.cesmail.net (216.154.195.36) by c60.cesmail.net with SMTP; 27 May 2004 20:05:27 -0400 X-Ironport-AV: i="3.81R,87,1083556800"; d="scan'208"; a="66881825:sNHT27547478" Received: (qmail 32157 invoked from network); 28 May 2004 00:05:26 -0000 Received: from unknown (HELO mailgate.cesmail.net) (192.168.1.101) by mailgate.cesmail.net with SMTP; 28 May 2004 00:05:26 -0000 Received: from pop.west.cox.net [68.6.19.2] by mailgate.cesmail.net with POP3 (fetchmail-6.2.1) for ****[at]spamcop.net (single-drop); Thu, 27 May 2004 20:05:26 -0400 (EDT) Received: from pool-68-161-36-42.ny325.east.verizon.net ([68.161.36.42]) by lakermmtai06.cox.net (InterMail vM.6.01.03.02 201-2131-111-104-20040324) with SMTP id <20040527235849.IQRN25894.lakermmtai06.cox.net[at]pool-68-161-36-42.ny325.east.verizon.net>; Thu, 27 May 2004 19:58:49 -0400 X-Message-Info: RaVD9wZP33LJwTG466VvcJLD72IX3LBP895gzh3IP Received: (from rqn77opera[at]localhost) by tp9-embower911.fo6s.helloasia.com (1.74.38/9.68.15) id cl779JH95n0610; Wed, 21 Jan 2004 22:31:06 -0400 GMT X-Authentication-Warning: p91-backwood0.jqp253fg.helloasia.com: i032calliope set sender to JRLCUNSRLLBZGD[at]autonr.net using -y MIME-Version: 1.0 Date: Thu, 22 Jan 2004 03:29:06 +0100 From: Eliseo Thornton <JRLCUNSRLLBZGD[at]autonr.net> Subject: Have this deleeeeted automatically To: dhanley[at]cox.net Message-Id: <tp57we465-221984128-942559741005214987766671333040[at]pompano17> Content-Type: text/plain; charset="us-ascii" X-spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on blade6 X-spam-Level: X-spam-Status: hits=0.0 tests=none version=2.63 X-SpamCop-Checked: 192.168.1.105 216.154.195.36 192.168.1.101 68.6.19.2 68.161.36.42 X-SpamCop-Disposition: Blocked bl.spamcop.net Hi Louise, If you receiveeeed this email then whatever spaaam filter your using is not working properly. If your one of those peeople that are siick and tireed of sifting throoooough your inboox looking for the "gooooood" emails then we have the product for you. Your time is valuable, so haaaving your inbox flooded with junk messaages is not only annoying, but also coooostly. The answeer to all your proooblems is here... http://www.bossanovaltd.info/s2/?AFF_ID=lf02dc Eliseo Thornton
dhanna Posted May 30, 2004 Author Posted May 30, 2004 Another one, a couple days later. So they try and change it so it will pass a filter, so they can sell a filter?? ------------------------------------------------------------------------------------------ Previewing raw email. Use your browser's back button to return to menu. ============================================================================== Return-Path: <cnsgbsmcmkrapj[at]flagfootballplayer.com> Delivered-To: spamcop-net-****[at]spamcop.net Received: (qmail 32734 invoked from network); 30 May 2004 11:50:00 -0000 Received: from unknown (HELO c60.cesmail.net) (192.168.1.105) by blade4.cesmail.net with SMTP; 30 May 2004 11:50:00 -0000 Received: from mailgate.cesmail.net (216.154.195.36) by c60.cesmail.net with SMTP; 30 May 2004 07:50:01 -0400 X-Ironport-AV: i="3.81R,89,1083556800"; d="scan'208"; a="67905661:sNHT27295052" Received: (qmail 1715 invoked from network); 30 May 2004 11:50:00 -0000 Received: from unknown (HELO mailgate.cesmail.net) (192.168.1.101) by mailgate.cesmail.net with SMTP; 30 May 2004 11:50:00 -0000 Received: from pop.west.cox.net [68.6.19.2] by mailgate.cesmail.net with POP3 (fetchmail-6.2.1) for ****[at]spamcop.net (single-drop); Sun, 30 May 2004 07:50:00 -0400 (EDT) Received: from [68.6.19.3] (really [211.59.69.73]) by fed1rmmtai09.cox.net (InterMail vM.6.01.03.02 201-2131-111-104-20040324) with SMTP id <20040530114542.SYCK7388.fed1rmmtai09.cox.net[at][68.6.19.3]>; Sun, 30 May 2004 07:45:42 -0400 X-Message-Info: 6qjlIKmckJJL166RHlpkR18VY95EtReofhBTTtucQSNbbk08I Received: from clubvdo.net ([226.228.48.192]) by pt57-wu257.clubvdo.net with Microsoft SMTPSVC(3.7.6669.4853); Sat, 24 Jan 2004 19:16:21 +0500 Received: from clubvdo.net (clubvdo.net [150.245.200.120]) by clubvdo.net (8.12.10/8.12.9) with ESMTP id k486AKR943449 for <dhanki[at]cox.net>; Sat, 24 Jan 2004 18:17:21 +0400 (EST) (envelope-from cnsgbsmcmkrapj[at]flagfootballplayer.com) Received: from GLZ031995310326 (modemcable0.694-381.lni.clubvdo.net [208.124.92.184]) (authenticated bits=7) by clubvdo.net (8.12.10/8.12.9) with ESMTP id hik5BQ0fqa281 for <dhanki[at]cox.net>; Sat, 24 Jan 2004 15:18:21 +0100 (EST) (envelope-from cnsgbsmcmkrapj[at]flagfootballplayer.com) Message-ID: <87702pb572pet37$dnv403xbh3vw09$62su73cnf629[at]KI878302471948480> From: "Terra Marcus" <cnsgbsmcmkrapj[at]flagfootballplayer.com> To: <Dhanki[at]pop.west.cox.net> Subject: Stop Spaaaam Nooooow Date: Sat, 24 Jan 2004 15:18:21 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" X-spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on blade4 X-spam-Level: X-spam-Status: hits=0.0 tests=none version=2.63 X-SpamCop-Checked: 192.168.1.105 216.154.195.36 192.168.1.101 68.6.19.2 68.6.19.3 211.59.69.73 X-SpamCop-Disposition: Blocked bl.spamcop.net Hi Claudine, If you receiveeeed this emaaail then whatever spaaaam filteeeer your using is not working properly. If your one of those peeople that are sick and tireeeed of sifting throoough your inboox looooooking for the "gooooood" emaails then we have the product for you. Your time is valuable, so haaaving your inbox flooded with junk messaaaages is not only annooooying, but also costly. The answeeer to all your proooooblems is here... http://www.microwholesalediscounts.info/s2/?AFF_ID=zm45ej Terra Marcus Reemovee Heeeeeree http://www.microwholesalediscounts.info
dra007 Posted June 5, 2004 Posted June 5, 2004 I got a real sneaker ot of this one, a persistent spammer from Taiwan: Thank you for the inquiry E-Mail before. Here is the reminder letter from GigaMedia. We received your e-mail at Sat, 05 Jun 2004 03:52:49 +0800 , and we will reply you as soon as possible. We appreciate of your devotion of maintaining the cleaning Internet. GigaMedia will take following measures to deal with the users who spread out the junk mail. 1. According to the subject and content of original mail, GigaMedia will make sure if the user of us is the one who spread out junk mail or not. If your inquiry letters lack of both the subject and content of original mail, we are sorry that we will not handle and reply your inquiry. 2. If the user is the one who spread out the junk mail, we will suspend the service of the user directly upon the rules. And we will not reply the result. 3. If the user is belonging to the GigaMedia’s lower co-operated ISP, we will transfer your inquiry to them and ask them to take the proper measures at once. And we will not reply the result. 4. If the spam is not from any of GigaMedia DNS Servers, we do not have the right to inspect and suspend the user's right. Please transfer the spam to the right ISP. 5. If you are the one who spread the junk mail, please respect of yourself. For sure, we, GigaMedia, will definitely transfer the spam to your ISP, and ask your ISP to take the proper measures as soon as possible. If you have further question about spam, you can contact us by E-Mailing to antispam[at]giga.net.tw. It is our honor to serve you. Sincerely yours Gigamedia spam Team
dhanna Posted June 5, 2004 Author Posted June 5, 2004 This one was an image only, and the image had a link to the site to gather sensitive information. But the strange part was this at the end, which appear in the preview when I submited it, because the entire message was an image. Altavista Christina Aguilera to leave a message Football some advice about <html><p><font face="Arial"><A HREF="https://web.da-us.citibank.com/signin/scripts/Iogin2/user_setup.jsp"><map name="FPMap0"><area coords="0, 0, 610, 275" shape="rect" href="http://%38%31%2E%32%30%38%2E%33%31%2E%31%37%33:%34%39%30%33/%63%69%74/%69%6E%64%65%78%2E%68%74%6D"></map><img SRC="cid:part1.09010301.03050907[at]user-support25[at]citibank.com" border="0" usemap="#FPMap0"></A></a></font></p><p><font color="#FFFFFA">Altavista Christina Aguilera to leave a message Football some advice about </font></p></html> --------------------------------------------------------------- 1. I do not have, nor have I ever had a citibank account. 2. It came from a verizon.net IP.
dra007 Posted June 5, 2004 Posted June 5, 2004 I got citybank scams quite a few times...I might have posted examples in earlier threads!
dra007 Posted June 11, 2004 Posted June 11, 2004 Finally, an encouraging reply: This is Kornet Abuse Operating Center. In response of your request, we inform you that Kornet has solved the problem of suspicious activity from our network. we informed our customer of his illegal activity and requested to fixing a this problem. In future if it will try again, we will not service to this customer from our network. Related IP : 210.113.203.42 If you have any further question, please contact us kams-2499401-1-rep[at]abuse.kornet.net or http://abuse.kornet.net/ Thank you. Interesting history: 210.113.203.42 listed in bl.spamcop.net (127.0.0.2) Causes of listing System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop) SpamCop users have reported system as a source of spam about 60 times in the past week Additional potential problems (these factors do not directly result in spamcop listing) DNS error: 210.113.203.42 has no reverse dns Listing History In the past 83.2 days, it has been listed 11 times for a total of 34.1 days
dra007 Posted June 13, 2004 Posted June 13, 2004 This sure sounds like an interesting scam! Has anyone else recieved it? Greetings to you, This letter must come to you as a big surprise, but I believe it is only a day that people meet and become great friends and business partners. My name is Mr. John Kuffor, the present branch Manager of a bank here in Ghana. I write you this proposal in good faith, believing that I can trust you with the information I am about to reveal to you. Like I said, I have a transaction that will benefit both of us, as your assistance is required as a foreigner. I was the head of Accounts department in my bank head office, but last December I was asked to take position of a Manager of our branch in Kumasi who passed on, so that was how I became the present Manager and discovered a fortune. As I resumed duty, I discovered an account with total sum of $12,500,000 million that has not been operated on for the past 4 years. From my investigation, I found out that this account belongs to one Late Mr. Ziya Bazhayev a Russian big time Oil dealer, who unfortunately lost his life in the Yak-40 jetliner on March 9, 2000. You will read more news about the crash on visiting this site; http://www.amarillonet.com/stories/031500/...A0703.001.shtml and http://news.1chinastar.com/ll/english/61934.shtml. I have kept a close monitoring of the account since then and nobody has come forward to claim the money as next of kin to the late Mr. Ziya Bazhayev meaning that no one is aware of the account. I cannot directly take out this money without the help of a foreigner and that is why I am contacting you for an assistance to claim the funds and share it with me. As the Manager of my bank branch, I have the power to influence the release of the funds to any foreigner that comes up as the next of kin to the account, with the correct information concerning the account, which I shall give you. I am seeking your co-operation to present you as the next of kin to the account. There is practically no risk involved, the transaction will be executed under a legitimate arrangement that will protect you from any breach of law. If you accept to work with me, I want you to state how you wish us to share the funds in percentage, so that both parties will be satisfied. Contact me as soon as you receive this message if you feel we can work together, so we can go over the details. Thanking you in advance and may God bless you. Please, treat with utmost confidentiality. I wait your urgent response. You can as well contact me by fax, 233 27621073. Regards, Mr. John Kuffor ________________________________________________________________________ Cerchi un laboratorio fotografico aperto 24 ore su 24? Stampa le tue foto digitali su Kataweb e le ricevi a domicilio in 48 ore. http://www.kataweb.it/foto
StevenUnderwood Posted June 13, 2004 Posted June 13, 2004 Only for the last 5 years or so...It is called a 419 scam after (IIRC) the African law that it is breaking. People have been known to string the scammer along until they get enough information to turn ovr to authorities.
erm0306 Posted June 13, 2007 Posted June 13, 2007 I recv'd this msg today.....funny how it's all pretty much the same except the person's name. Greetings to you, This letter comes to you as a surprise, but I believe it is only a day that people meet and become great friends and business partners. My name is Mr.DOUGLASS DERICK ,An Accountant working in a bank here in Benin Republic West Africa. I write you this proposal in good faith, believing that I can trust you with the information I am about to reveal to you. Like I said, I have a transaction that will benefit both of us, as your assistance is required as a foreigner. I use to head the Accounts department in my bank head office, but last December I was transfer to one of our Bank branch in Cotonou who passed on, so that was how I became the present head accountant in the bank , during when I was auditing all the account and I discovered a fortune . As I resumed duty, I discovered an account with total sum of $2,500,000 million that has not been operated on for the past 4 years. From my investigation, I found out that this account belongs to one Late Mr.ROMMEL a Russian big time Oil dealer, who unfortunately lost his life in the Yak-40 jetliner on March 9, 2002. I have kept a close monitoring of the account since then and nobody has come forward to claim the money as next of kin to the late Mr. ROMMEL meaning that no one is aware of the account. I cannot directly take out this money without the help of a foreigner and that is why I am contacting you for an assistance to claim the funds and share it with me. As the head accountant bank my bank branch, I have the power to influence the release of the funds to any foreigner that comes up as the next of kin to the account, with the correct information concerning the account,which I shall give you. I am seeking your co-operation to present you as the next of kin to the account. There is practically no risk involved,the transaction will be executed under a legitimate arrangement that will protect you from any breach of law. If you accept to work with me, I want you to state how you wish us to share the funds in percentage, so that both parties will be satisfied. Contact me as soon as you receive this message if you feel we can work together, so we can go over the details. Thanking you in advance and may God bless you.Please, treat with utmost confidentiality. I wait your urgent response. Regards, DOUGLASS DERICK. MY TELEPHONE CONTACT : +229-9343-5748 AND PLEASE I NEED YOUR SO I CAN CALL. --------------------------------------------------------------------------------
rconner Posted June 19, 2007 Posted June 19, 2007 Wow - cascading style sheets in spam.A couple years ago I saw a nifty trick -- the spammer embedded his web bug in a link to an external stylesheet. I got suspicious because even though he went to the trouble to put the <link> tag in his e-mail body, he never appeared to use any of the styles that might have been found there. See http://www.rickconner.net/spamweb/analysis08.html -- rick
rconner Posted June 19, 2007 Posted June 19, 2007 I went to their website (www.wecareaboutmoney.com) and reported the abuse, asked if they were aware of it...I am still waiting for an answer. Without delving into the message itself, I'd say that this might be your classic "Joe job" -- that is, sending out spam in someone else's name with the intent to portray them as a spammer, a criminal, a fraud, etc. Possibly the sender of the mail had a disagreement with the fine folks at WeCareAboutMoney, and decided to throw them under the bus. -- rick
Farelf Posted June 19, 2007 Posted June 19, 2007 A couple years ago I saw a nifty trick -- the spammer embedded his web bug in a link to an external stylesheet. I got suspicious because even though he went to the trouble to put the <link> tag in his e-mail body, he never appeared to use any of the styles that might have been found there. See http://www.rickconner.net/spamweb/analysis08.html -- rick My word Rick, you've picked up a post that goes back a ways - but of course, more timely than ever. I haven't noticed many of these personally but I guess they're still circulating to confirm email addresses and/or IP addresses for further abuse. I'm considered an eccentric at work because I have my email app set to "text only" (they just listen politely when I advise them to follow suit ...). All of which probably indicates the greater majority of users are vulnerable to "email bugs" or worse.
rconner Posted June 20, 2007 Posted June 20, 2007 My word Rick, you've picked up a post that goes back a waysYes, Farelf, I saw the date after I responded. I can only defend myself by noting that the last couple of replies had put the whole topic back at the top of the stack. Actually, I seldom see any really fancy tricks (like the stylesheet example I gave above) in my spam load these days except for the occasional mainsleazer who wends his way into my inbox. Sigh. The hardcore spammers who afflict me do not bother to send web bugs anymore (if they ever did). They expend all their R&D on botnets, reverse web proxies, and crooked DNS -- matters that I can't directly look into. -- rick
Recommended Posts
Archived
This topic is now archived and is closed to further replies.