Double Click ad links used in URLs

May 22, 2008 2 Comments

“Let’s try something new” said one spammer to the other. “I have enough of these Google PageAd links in our spam. I’m going to integrate Double Click this time.”

And yes, we intercept more URLs these days like http://ad.doubleclick.net/click;h=*******http://***.com/redir.html to avoid potential filters and lure drugs bying surfers to the European Pharmany.

The other spammer used Double Click to distibute some malware:
http://ad.doubleclick.net/click;h=*******http://***.es/video.exe with the promise that you can see a Britney and Paris lesbian video. The malware is known as the Trojan.Downloader.Exchanger.bc.

Oh, well, no video tonight I guess.

Filed under Spam Tagged with , , , , , ,

OPTA gives fine for ‘home work’ spammers

May 20, 2008 Leave a Comment

Two spammers and the companies Abodata V.O.F. and H.P.T. Development B.V in the Netherlands have been convicted to a fine of € 510.000 for sending out spam messages regarding ‘home work’ by the OPTA. These persons did send out at least 4.5 million spam mails even after an earlier warning of OPTA.

The two offered their services as mediators for home work. People who where interested needed to call an expensive 0900-nummer. Callers stood minute-long in the guard or where kept to the line as long as possible to generate many conversation costs. Their business income with the phone number is estimated to be at least € 1,7 million.

Filed under Spam, Various Tagged with , ,

MySpace wins $230 million anti-spam judgment

May 14, 2008 Leave a Comment

Sanford Wallace and his partner Walter Rines face a $230 million anti-spam judgment. The duo were found responsible for sending out phishing scams designed to harvest MySpace login credentials, prior to bombarding members with messages punting gambling and smut websites. As many as 730.000 spam messages, directing to gambling and smut websites, were sent to MySpace members since late 2006.

Filed under Various Tagged with , , , , ,

Security flaw in Gmail can turn server in a spam machine

May 12, 2008 1 Comment

INSERT, the Information Security Research Team, has created a proof of concept that exploits Google’s SMTP service bypassing Google’s 500-address bulk e-mail limit and identity fraud protections.

This vulnerability enables an attacker to bypass blacklist/whitelist based email filters and freely forge all fields in an email message by having Google’s SMTP servers tricked into functioning as open SMTP relays. We were able to confirm that this vulnerability is indeed exploitable by assembling a proof of concept (PoC) attack that allowed us to use one single Gmail account to send bulk messages to more than 4,000 email targets (which surpasses Gmail’s 500 messages limit for bulk messages)

Filed under Spam, Various Tagged with , , , , ,

Social networks like Twitter also target for spammers

May 8, 2008 Leave a Comment

Popular social networks are facing a difficult time to stop spammers from abusing their networks. Twitter, a micro-blogging network site where you can publish text updates via SMS, instant messaging, email, Twitter’s website and third party applications, is one of the many.

They recently started to blacklist people who spam other members and are posting these results on the Twitter Blacklist. At this time they already have 378 blacklisted members on this web site and it’s growing.

 

Filed under Spam, Various Tagged with , ,

Mailings from FashionShopping.com – continued

May 8, 2008 Leave a Comment

Remember our posting about FashionShopping.com? Well we see in the logs a change of behaviour regarding the mailings of FashionShopping.com.

Last time it was a lot of trouble getting of that list and they send their mailings too many times. To give you an idea: we intercepted emails from FashionShopping on a daily base since april until yesterday, May 8th. 80% of the emails where sent to the same recipients meaning that you could have received their mailing on a daily base for more than two weeks if MX Lab didn’t block them accordingly.

These guys send now from a new domain emailing-direct.org. As always a quick visit to a site gives us an ‘under construction’ web site.

The first paragraph under the many images seems to have an unsubscribe link: “Vous avez été invité, mais conformement à la loi sur la confiance dans l’économie numérique, si vous ne souhaitez plus recevoir des propositions par email de la part de Emailing-Direct pour le compte de FashionShopping.com veuillez cliquer sur le lien suivant : Désinscription”.

However think link gives us the error “Unsubscribe links do not work inside a preview message. In order to test unsubscribe links you will need to do a campaign” on the website http://www.my-login.net/z_oocode_129168_oocode_z.php. A visit to the root of this site gives us a login to an control panel of Expedite Simplicity, email & mobile marketing software.

The second paragraph: “We support responsible and ethical email marketing practices. Please know that we respect your right to be purged from this marketing campaign. Removal from this email distribution list is automatically enforced by our email delivery system. Please click here to start the process for email deletion”.

This will lead us to http://emailing-direct.org/index.aspx?aspxerrorpath=/*************.aspx and yes, here we have an unsubscribe form. You can even contact them at “Emailing Direct - 66, Avenue Des Champs Elysées - ParisFR 75008 FR. So, they have moved from mailing house EmailVision to this company. Did EmailVision received too many complaints?

A WHOIS search on Netsol for emailing-direct.org gives us some results. The domain is registered to Emailing Direct in Paris, France. The registrant contact email address is admin@emailing-direct.com. When visiting their site we get a nice web site.

A short contact with this ‘company’ learns us that you can get mailings for a minimum fee of € 500. This includes sending out 500.000 emails at € 0,001 per message in a fully managed campaign.

It is clear that pushing your email based campaigns to the limit isn’t always a good thing. Some general tips when you are into email marketing:

  • send from an authorised source, don’t spoof your from address,
  • use your own address, no Gmail or others please, so that subscribers can view the source and can contact you directly
  • make sure that your message has unsubscribe links that work and that remove an email address of the list immediatly
  • send your campaign weekly, monthly,… which is much more accepted by your audience
  • create your content with care (do not only include images but combine with text)

Filed under Spam Tagged with , ,

30th Anniversary of First Spam Email

May 7, 2008 Leave a Comment

Oeps, totally forgot another anniversary. This also happens in real life with family, I do forget anniversaries every time. It seems that spam is already 30 years old and I missed it.

Arpanet — the Advanced Research Agency Projects network — a research project that predated the Internet, appears to have received the first spam.

The contents of that spam:

DIGITAL WILL BE GIVING A PRODUCT PRESENTATION OF THE NEWEST MEMBERS OF THE DECSYSTEM-20 FAMILY; THE DECSYSTEM-2020, 2020T, 2060, AND 2060T. THE DECSYSTEM-20 FAMILY OF COMPUTERS HAS EVOLVED FROM THE TENEX OPERATING SYSTEM AND THE DECSYSTEM-10 (PDP-10) COMPUTER ARCHITECTURE. BOTH THE DECSYSTEM-2060T AND 2020T OFFER FULL ARPANET SUPPORT UNDER THE TOPS-20 OPERATING SYSTEM. THE DECSYSTEM-2060 IS AN UPWARD EXTENSION OF THE CURRENT DECSYSTEM 2040 AND 2050 FAMILY. THE DECSYSTEM-2020 IS A NEW LOW END MEMBER OF THE DECSYSTEM-20 FAMILY AND FULLY SOFTWARE COMPATIBLE WITH ALL OF THE OTHER DECSYSTEM-20 MODELS.

WE INVITE YOU TO COME SEE THE 2020 AND HEAR ABOUT THE DECSYSTEM-20 FAMILY AT THE TWO PRODUCT PRESENTATIONS WE WILL BE GIVING IN CALIFORNIA THIS MONTH. THE LOCATIONS WILL BE:

TUESDAY, MAY 9, 1978 – 2 PM
HYATT HOUSE (NEAR THE L.A. AIRPORT)
LOS ANGELES, CA

THURSDAY, MAY 11, 1978 – 2 PM
DUNFEY’S ROYAL COACH
SAN MATEO, CA
(4 MILES SOUTH OF S.F. AIRPORT AT BAYSHORE, RT 101 AND RT 92)

A 2020 WILL BE THERE FOR YOU TO VIEW. ALSO TERMINALS ON-LINE TO OTHER DECSYSTEM-20 SYSTEMS THROUGH THE ARPANET. IF YOU ARE UNABLE TO ATTEND, PLEASE FEEL FREE TO CONTACT THE NEAREST DEC OFFICE FOR MORE INFORMATION ABOUT THE EXCITING DECSYSTEM-20 FAMILY.

Let’s burn some candles and have a party. It’s never too late to party.

Filed under Spam, Various Tagged with , ,

Follow

Get every new post delivered to your Inbox.

Join 109 other followers