Carder spam or not?

I received this email today:

Good morning!

I inform you about site http://carder.su where people trade in stolen credit cards. As i’m a holder of visa classic i’m sincerely
exasperated at appearing such sites in your hosting. I beg of you to take strong measures and don’t be indifferent to heart-break of other people. This complaint will be sent to the FBI.

Best regrads, Jon Shirov.

At first I was shocked, why would someone allow such a site to still be up even though someone reported it to the FBI. I had to do something.

Rushing to the rescue I looked at the site and it appears to be a pretty straight forward scam-sell site, you come there and buy stolen goods.

Why have I been notified only now I wondered… I looked back in my spam log and what do you know the same email appears more than once in my spam folder with different names, dates and of course email addresses :)

I am not sure what the scam/spam’s purpose is, apparently they want you to go to their site and see what they have to offer – you might be a potential customer to their operation.

I of course didn’t dig in to the site, nor am I interested in buying anything found there – on the other hand I will also not report this to the FBI as the site is not hosted inside the United States (It is hosted in Russia), nor is its domain under a US registrar (ends with a SU).

Whoever knows of a place to report such sites to please let me (us) know.

Share

Hack this and get what ever you want!

Emails from seemingly no where and from no one trustworthy.. haha
“Dear Hacker,

Manish from this side, i have a good hacking project on linux machine, configuration are below: please considue and if u are able to hack  this system our company can pay whatever u want.  or creat custom exploit that provide reverse shell . this server is online [ip address will be dilivered after project accepted by you] after u hack this system u just provide screen shot of any email header from any user on this server…I am sending you some details that are helpful for you.

Linux 2.6.18, sendmail: 8.13.1, apache 2.0.52, and open webmail 2.52

Suspected open ports:
25, 111(rpc), 443, 1720(SIP), 870(unkwon), 80, 79(finger), 110(pop), 143(imap),
3333(dec-notes), 4444(krb524)

and system is protected by firewall have ttl of system is: 53
Network distance: 10 hops.

Send me mail if u are ready to accept this challenge with project cost and time, so after i send IP address of live server, and money will be dilvered by Wire of paypal or bank transfer, any option that u want.”

Share

Emails you will never get

A short list of legitimate emails you will never get, if you have something else feel free to add:

* Lottery winnings – Microsoft is the big winner here, they keep sending me winning notifications, but I just don’t collect :)
* Your doctor’s prescription (probably some obscure medicine might go through, while most won’t) – to buy “cheap” fake medicine
* Your Antivirus renewal notice – trying to get you to install some form of malware
* Your bank’s security notice, and statement – of course its phishing scams
* Paypal payments being done to your name or from your name – phishing scams mainly
* Job offers – I get these money “mule” offers and get paid per call spam
Anything I missed?

Share

h4x0r SPAM

from alsaher99@hotmail.com

to me
date Wed, Jan 21, 2009 at 4:09 PM
subject Vacation reply
mailed-by col0-omc1-s1.col0.hotmail.com

i’m out of service
plz don’t send any mail again
or i will hack your system

You can’t make this stuff up.. ha. Well, you can, but I didn’t. Really.

Share

Encoded message as an effective spam?

Following up on my previous post on spam, it seems that spam has now gone another step and become not just unreadable – foreign language – but also unreadable to the un-computerized eye:

Subject: Please confirm your message

Body:

IURPQ1RZUEUgSFRNTCBQVUJMSUMgIi0vL1czQy8vRFREIEhUTUwgNC4wIFRyYW5zaX
Rpb25hbC8vRU4iPg0KPEhUTUw+PEhFQUQ+DQo8TUVUQSBodHRwLWVxdWl2PUNvbnRlb
nQtVHlwZSBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9aXNvLTg4NTktMiI+DQo8L0hF
QUQ+DQo8Qk9EWT48YSBocmVmPSJodHRwOi8vY291cnNlbWlnaHQuY29tLyIgdGFyZ2V0P
SjfYmxhbmsiPg0KPGltZyBzcmM9Imh0dHA6Ly9jb3Vyc2VtaWdodC5jb20vOGR2czkuanBnIiBib
3JkZXI9MCBhbHQ9IkhhdmluZyB0cm91YmxlIHZpZXdpbmcgdGhpcyBlbWFpbD8NCkNsaWNr
IGhlcmUgdG8gdmlldyBhcyBhIHdlYnBhZ2UuIj48L2E+PC9CT0RZPjwvSFRNTD57L0JBU0
U2NF9FTkNPREVEfQ0KDQoAAAAAAAAAAAAAAAA=

Wow that is nice, I would sure want to buy an IURPQ1…

This is plain silly it is a Base64 encoded message, but why would my reader open it?

There is indication in the email headers that this is Base64 encoded, but I can’t understand what kind of reader will even try to open it as it seems that base64 encode content inside a body is not common practice unless it is part of a multipart message.

Those wondering, the email’s intention is to show you an HTML  that sells you fake? real? pills.

Share

Agressive Anti-Spam Measures that Cause More Harm than Good

This post had a personal info. I have removed it as I think it is irrelevant to the point I’m trying to make. Let’s just call him “Rick”. A user on a domain I maintain forwarded me an email from Rick explaining why his anti-spam swallowed the email, I replied with a set of challenges to his anti-spam’s filter effectiveness, as well as question the validity of the reasons behind it. Let’s be charitable and just say he did not seem to be open to discuss the matter.

Personal manners aside, this does bring up the greater question of arbitrary spam filters (arguably the worst ill effect spam had on the Internet) and standards conformance. (more…)

Share

SPAMing as a Full Time Job?

no spam
I’ve been noticing that most of the spam I get (and nearly all that gets through the filters) arrives during the week, not the weekends. Actually, looking at my spam box, it looks like I receive around twice as much on week days than weekend days.

My point being, and I sure there are some good answers: Is spamming a full time job for a lot of spammers, or even a 40 hour a week job? I’d have to say for at least the dedicated ones, it probably is. Or, do they just figure more people check their mail on the weekdays?

Either way, spam sucks.

Share

Not Microsoft’s Online Lottery

lottery

This was just too funny not to share. Read carefully and draw your own conclusions, haha.

from    MIKE ROBINSON
reply-to    mike_robinson79@yahoo.com
to
date    Wed, Dec 17, 2008 at 10:23 AM
subject    WINING NOTIFICATION

hide details 10:23 AM (3 hours ago)

Reply

1 MICROSOFT WAY
Redmond, WA 98052.
BL4 4PZ,lONDON.
Ref: BTD/968/08
Batch: 409978E
WINNING NOTIFICATION

This is to inform you that your email has won a consolation prize
of the Microsoft Corporation 2008 EMAIL DRAW.Your email has won
(£500,000.00)&(Great British Pounds)of the microsoft onlinelottery
promotion Your email address as indicated was drawn and attached to
ticket number 008795727498 with serial numbers BTD/9080648302/08 and
drew the lucky numbers 14-21-25-39-40-47(20)To file for your claims,you
are to contact your designated claims agent
Mr.mike robinson of this
email: mike_robinson79@yahoo.com

PAYMENT RELEASE ORDER FORM
Full Names——————-
Gender———————–
Age————————–
Contact Address————–
Occupation——————-
Country———————-
Telephone numbers————
Batch————————
Reference——————–
Microsoft Fiduciary Agent
MR Harry peterson

Share

Useless SPAM

)

This junk keeps slipping through gmail’s spam filters and the best I can say about it is ‘useless’.

Anybody else been getting this kind of crap lately?

from    Christoph_Schell@computacenter.com
to    [0][x][j][b][r][o][w][n][4][1]@gmail.com
date    Mon, Dec 15, 2008 at 4:02 PM
subject    Christoph Schell/Kerpen/GECITS-EU is out of the office.
mailed-by    computacenter.com

I will be out of the office starting  11.12.2008 and will not return until
18.12.2008.

I will respond to your message when I return or contact Michael Menen
(Michael.Menen@computacenter.com).

**********************************************************************
COMPUTACENTER PLC is registered in England and Wales with the registered number 03110569.  Its registered office is at Hatfield Business Park, Hatfield Avenue, Hatfield, Hertfordshire AL10 9TW
COMPUTACENTER (UK) Limited is registered in England and Wales with the registered number 01584718.  Its registered office is at Hatfield Business Park, Hatfield Avenue, Hatfield, Hertfordshire AL10 9TW

The contents of this email are intended for the named addressee only.
It contains information which may be confidential and which may also be privileged.
Unless you are the named addressee (or authorised to receive mail for the addressee) you may not copy or use it, or disclose it to anyone else.

If you receive it in error please notify us immediately and then destroy it.

Computacenter information is available from:

http://www.computacenter.com

**********************************************************************

I usually get 5-10 of these about once a month, all in the same hour or two.The most ‘useless’ part about it is that it doesn’t affect me, at all, in any way, neither personally or work related.

Share

Gotcha CAPTCHA!

reCAPTCHA

Well your favorite website’s, favorite way to see if your human or not has a problem — their ‘protection’ has been ‘broken’. Who knew that asking a user to read and type the contents of a distorted image of text would be so easy for a computer/code to do as well? CAPTCHA’s have never even looked secure to anyone with a open security mind, and those swimming in the unconscious thoughts that some day this ‘protection’ would see its core cracked… well today is your lucky day.

But never fear! There is hope (really..?)! The Carnegie-Mellon University team behind CAPTCHA’s big brother, reCAPTCHA, is for some reason continuing research towards the “effort to mix basic  security and useful work”. While the reCAPTCHA service seems like a step in the right direction, I have my doubts. Actually, I think it won’t be too long until the next article at YOURFAVORITETECHNEWSSITE is about this new ‘improvement’ being ‘broken’. Oh internet, have mercy on the little people, and send your spam bots to wreck havoc on another interNET.

Share

Tears to my eyes

Yes, this should have brought tears into your eyes too Spam Volumes Drop by Two-Thirds After Firm Goes Offline, but luckily I cried too soon, I have seen spam amounts on the increase in the past 2 weeks. And unlike previous spam that my bogofilter and spamassassin were able to handle, this new spam is something that it can’t – or at least can’t yet.

I wonder what happened to make spam more ‘intelligent’, one thought that comes to my mind is that since now the massive botnet that was used to send spam is owned by someone else, the spam now looks different – something else generates it, while the same network sends it out.

I hope the catch the guy whose keeping this network alive, and take it down once more, we deserve the relief from spam for a few days at least :)

On a side note, I have seen an increase on foreign spam, natively written Russian, Chinese , and Japanese spam – this is even more silly than regular English written spam, as I can’t even start to wonder what they are trying to sell me :)

Share

10 days later: The Israeli anti-spam law seems to work

Driving around Sao Paulo you don’t notice it. But when you drive back to the airport it suddenly hits you: billboard advertisements. They suddenly stick out, and you realize through all this time in the city there wasn’t a single billboard advertisement. Unsurprisingly, it’s too easy to get used to the lack of the big-city marketing assault on your senses that you usually see elsewhere. Sao Paulo may be polluted and congested, but when it comes to billboard advertisements there’s just none of it.

Spam is like that. You don’t miss it when it’s gone – you just get more attentive for spam that does get through.

A few months ago, Israel passed a law that might be the first of its kind(*): with very few exceptions, spam is now illegal in Israel. If you receive an email that you didn’t specifically opt-in for, and that email wants to sell you something, and either the entity who sent the email is Israeli or the company that benefits from the email is Israeli, you can sue in court and get the equivalent of $250 for every email you received(!) without any need to prove direct or indirect damages(!!). The law is phrased carefully to close all the obvious loopholes: Israeli companies are liable even if they were using off-shore machines to send the spam, and if you sue them, it’s them that have to prove that the email recepient voluntarily opted to receive those emails. Not only that, but you can’t use an opt-in consent to advertise someone else’s product (hence, list renting won’t work).

For me, seeing this type of law actually working is nothing short of incredible. My inbox was routinely filled with Hebrew emails from some of the largest consumer brands in Israel, who figured it’s cheaper to pay fractions of a cent per email to tell me about attractive deals for mineral water dispensers than take out a TV spot. Having qmail as my mail server allows me to make up emails addresses on-the-fly so I can easily track where a certain advertiser got my email: I signed up for the Jerusalem post alerts and got ads from a bunch of other advertisers. I opened an account in a now-defunct web 1.0 service and my email address for that service was sold on to about a hundred different small-time spammers. I signed up for the Israeli version of ‘classmates’ and in return got bombarded by offers to by TVs at a discount. Oh, and of course the typical spammers who just guessed my email address and are sending me updates about discounted airline tickets to Africa. The typical viagra-style emails arrive in quantities as well, but those are easily filtered out. Hebrew spam is a bit more difficult to filter because some of the legitimate email I get is Hebrew newsletters that I did actually sign up for.

So to think that from December 1, 2008, when the spam law becomes active, I will cut down on my delete-key presses was beyond what I could imagine.

The month of November was as you might expect:unbelievable quantities of emails asking me to opt-in to lists I never heard of. Each trying to convince me of the huge benefits of receiving unsolicited advertisements that might change my life. Some of these emails were angry: spammers don’t like it when their work is interfered, and a group claiming to represent the small businesses who ‘have no other choice than to send spam’ tried to tell me why the law is an immediate threat to small businesses. And when I say ‘tried to tell me’ I mean sent me a few dozen emails a day almost every day that month. Well, I stand unconvinced.

December 1st came, and the flood slowed down. Still the occasional email, usually treading on the border between legal and illegal – like emails that contained a request to opt-into the newsletter (this is allowed by the new law – once only) with a small commercial pitch towards the end. The notorious ‘people and computers’, a hitech magazine and an Israeli representatives of ‘information week’ sent me daily reminders that I have not yet opted in and ‘soon’ will stop receiving their daily newsletter if I don’t fix my ways. I would have sued, but the general manager of P&C met Bill Gates once and told him: “can I please have your card?” and when gates gave him his business card he replied with “No, your credit card”. You’ve got to hand it to him: he may be a bit of a jerk, but he is funny.

A couple of newsletters keep coming regularly, beginning the email with a long disclaimer that they are not an advertisement (the content is again borderline, I imagine at some point someone will challenge them in court) and there was the one spam email that arrived last week which I am taking to small claims court to get my $250 charity money.

But other than those – barely a handful, really – a peaceful silence. I can really get used to not getting Hebrew spam. Now if only we can get Russia to follow suit!

By the way: for those wondering where the ‘catch’ is in the spam law – or as the cynics would put it: how is it possible that politicians create an actually useful law – here’s a solution to the paradox. Being the parliamentarian state that Israel is, the law specifically allows political spam to be sent. So not to worry: the politicians excluded themselves nicely. Still, it’s a small price to pay for a relatively clean inbox.

Lets see how long this serenity will last – email is still a very tempting advertising channel. But when the potential cost is $250 per email, suddenly the ROI is not as not as attractive.

(*) I’m not aware of an opt-in spam law that allows anyone to sue the body who benefits from the spam without proof of damage. Please enlighten me if I’m wrong.

Share

Kaspersky’s SAFE Internet

Kaspersky

Recently Kaspersky, the company who makes your favorite, or not-so-favorite anti-malicious software, called upon government and banking institutions to be more secure. But is it really up to these agencies to make draw the perfect picture of security, or should the end users stop making such bad decisions, both on and offline?

If these ‘safety nets’ are deployed, it won’t going to make the best out of security situation, but it will help. On the other side of the packet, using outdated software or insecure browsers (cough!*IE*cough!) that do little or nothing to protect the web surfers, directly and indirectly, should also be of major concern. Wouldn’t it be something if, when accessing one of these websites running INSECUREBROWSER, it suggested you use MORESECUREBROWSER, FOR SECURITY REASONS IF NOTHING ELSE? Woah, wouldn’t that be a different color light bulb. Especially if it was something like, say, Internet Explorer VS Firefox (Yes, I am saying that Firefox’s security is better than Internet Explorer. I believe both core and rendering engines are better, too).

Now, if they try to regulate the internet with security laws and cyber architecture boundaries, its just going to be one big mess. If you’d like one reason it wouldn’t work, just think about how outlawish the internet already is, and has been, since its inception. Then take a break and elaborate on it. I’m sure you’ll find more than one reason we can’t import some crazy set of regulations and actually believe they are going to work and/or solve our problems.

Here is some more fuel for thought: How about separating the internet for low and high bandwidth data flow. Interconnected, but bridged. Not a good idea? Well why not? As long as we are on the same network, there will be fighting over who owns what (more than just headers and footers). But as long as we put the big with the small, there is going to be controversy. There are going to be debates. This last part may have been a little off topic, but I feel like it needed to be said. Security isn’t made, its planned and implemented before regulation begins.

Share

Obscured busines

Even to right spam you apparently need:

1) A spell checker :)

2) Understand what the words mean

This is the spam email I received, why would someone even want to answer it?

Hello,
I am Ming Yang,i have an obscured busines suggestion for you.please
Contact me for further details on ( [removed]@yahoo.com.hk )

Kind Regards
Ming Yang
Mail: [removed]@yahoo.com.hk

Share

Spam coming to twitter

I guess one of the signs that your web service is taking off is that spammers are targeting you. In the last few days more and more fictitious followers have surfaced, obviously for the purpose of sending twitter spam once you follow the person who is following you (as most people do almost without thinking).

The twitter team seem to be doing a good job on suspending those accounts immediately (perhaps automatically?) now they just need to figure out how to prevent them from signing up in the first place.
Twitter spam

Twitter account suspended

Update: Definitely not automatically. The last batch of spam followers are still active accounts. Or maybe they figured twitter’s threshold and they are avoiding the automatic suspension.

Share

Buying from spam

I recently received a spam email that wants me to buy solar lamps for the garden, my first impulse of course was to delete it. But I had to admit, I wanted those solar lamps, they looked nice, and the price was ok.

I have no idea what to do now, on the one hand this was sent as part of a spam campain, buying it might prove to be:

1) Fraudulent – pay get nothing (best chances)
2) A scam – pay get nothing worth your money (moderate chances)
3) A legitimate deal – pay and get what I paid for (slim chances)
In addition of course to the fact that if I buy it, I am proving the spammer’s agenda, that someone wants their merchandise and this is their only way to reach him.

What do you guys suggest I do?

Share