Jump to content
3000AD Forums
Sign in to follow this  
Supreme Cmdr

New Spammer Tactics

Recommended Posts

OK, this is cute, just cute. Yesterday I accidentally got wind of some jackass spammer using my [email protected] address as a return address for sending out spam. Funny enough, Mailwasher Pro actually flagged it for deletion because it was spam - even though it had my email address in it. So I downloaded it and inspected the headers. Well, take a look.

I have archived like six of these and one seemed to be coming from a server at familypc.com which is hosted by Road Runner (those incompetent bastards) and I have send email to their abuse dept.

Anyway, if anyone knows a way to clean up this mess, let me know.

code:


Return-Path:

Delivered-To: [email protected]

X-Envelope-To: [email protected]

Received: (qmail 30336 invoked from network); 25 Nov 2003 12:39:13 -0000

Received: from h24-84-53-74.vc.shawcable.net (HELO 3000ad.com) (24.84.53.74)

by qs292.pair.com with SMTP; 25 Nov 2003 12:39:13 -0000

Received: from leon-fdp7chah6b [24.84.53.74] by 3000ad.com with eSMTP;

Tue, 25 Nov 2003 04:39:14 -0800

Message-ID:

From: "dewey"

To:

Subject: Gener.ic Cia.lis - Lasts 2 times longer then Via.gra!

Date: Tue, 25 Nov 2003 04:39:14 -0800

MIME-Version: 1.0

Content-Type: text/html; charset="ISO-8859-1"

X-Priority: 3

X-Mailer: PHP

Return-Path: [email protected]

Hel-Tracking:

X-Spam-Filtered: d326419afd31d64e37ddbcb04596936e

X-Spam-Status: No, hits=2.1 required=4.0 tests=HTML_FONT_BIG,HTML_FONT_COLOR_RED,HTML_40_50,MIME_HTML_ONLY,UPPERCASE_25_5

X-Spam-Flag: NO

X-Spam-Level: **


code:


Return-Path:

Delivered-To: [email protected]

X-Envelope-To: [email protected]

Received: (qmail 47577 invoked from network); 22 Nov 2003 07:01:23 -0000

Received: from roc-66-66-251-198.rochester.rr.com (HELO 3000ad.com) (66.66.251.198)

by qs292.pair.com with SMTP; 22 Nov 2003 07:01:23 -0000

Received: from FamilyComputer [66.66.251.198] by 3000ad.com with eSMTP;

Sat, 22 Nov 2003 02:00:34 -0500

Message-ID:

From: "edward"

To:

Subject: **JUNK** We can he.lp you find the best rates!

Date: Sat, 22 Nov 2003 02:00:34 -0500

MIME-Version: 1.0

Content-Type: text/html; charset="ISO-8859-1"

X-Priority: 3

X-Mailer: PHP

Return-Path: [email protected]

Hel-Tracking:

X-Spam-Filtered: d326419afd31d64e37ddbcb04596936e

X-Spam-Status: Yes, hits=4.8 required=4.0 tests=HTML_FONT_BIG,HTML_FONT_COLOR_RED,THE_BEST_RATE,MIME_HTML_ONLY,HTML_20_30

X-Spam-Flag: YES

X-Spam-Level: ****


Share this post


Link to post
Share on other sites

The good news is: this is not a Trojan and you are dealing with an external problem. I've done a trace on the first message source and here is what I came up with.

http://www.senderbase.org/?searchString=sh...searchBy=domain

The server you are interested in is h24-84-53-74.vc.shawcable.net

Here is a website that will allow you to trace the rest: www.ip-trace.com

Unfortunatly there is really nothing you can do to prevent this sort of problem from happening. Since the spamer is rotating servers you cannot simply plug that hole. My only advice is to obtain a record of the server logs and find the home IP of the spammer's computer and then give him Hell (cross refrence sending times with login times).

Bon Chance,

IceCold

Share this post


Link to post
Share on other sites

UPDATE

Well now there is a reason to blame Canada

Here is specific information on the server that sent you the first message. It even has a listed owner and location: Shaw Communications Inc. in Calgary.

http://www.senderbase.org/search?searchString=24.84.53.74

Another bit of interesting info on this server: its sending volume is up 1722% from its average. Looks like someone broke in and is using this as a major spam hub. I bet the owners would love to hear that.

Share this post


Link to post
Share on other sites

This started happening to me last week when I went to add the sender to my block list, I noticed it was my own email addy. I've since got a total of 5 of these emails. I was and am still very pissed about this. If I ever catch this guy, I will drag him around the streets of Pittsburgh, tied to the back of my truck.

Share this post


Link to post
Share on other sites

quote:

Originally posted by Greg Miller:

If I ever catch this guy, I will drag him around the streets of Pittsburgh, tied to the back of my truck.

ROFL, I just got a mental picture of that.

Share this post


Link to post
Share on other sites
Guest

This actually happened to me about 6 months ago.

I kept getting these message cannot be delivered errors, hundreds of them, and I mean hundreds.

It just about drove me crazy, so I called my ISP and asked them to do something, and there was absolutely NOTHING that they could do about it.

They slowed down after about 2 weeks, but I was pissed that someone was using my e-mail address to spam people, and people were actually E-mailing me telling me to stop sending them this stuff.

I responded to about 6 and then gave it up.

Took about a month before everything finally halted and my e-mail address got back to normal.

Oh and this was on 56K, so it was just joyful, let me tell you.

Share this post


Link to post
Share on other sites
GIVE 'EM HELL BOSS!!!!!!

Share this post


Link to post
Share on other sites

SC, let me know when you've captured the scum. I will be down to hook him up to the back of my truck for the drive back to Pittsburgh. After a few trips around the 'burgh, then I will head out west to Gig Harbor so Jaguar can drag him around there for a while. I just hope there is enough of him left for Jaguar to get some satisfaction out of.

Share this post


Link to post
Share on other sites

Seriously SC, I know it's your normal procedure to report people to the "proper authorities" but make an exception this time please. Simply post his personal info on the boards here and the rest will be taken care of....really...

Share this post


Link to post
Share on other sites
Guest

i had a couple of messages like that - thankfully none of them were deliverable

i asked a friend who works for Symantec about it - he said it was an e-mail virus that would've harvested my e-mail addy from an infected user's address book to use as a return addy

Share this post


Link to post
Share on other sites

Was going to post about something simlier to this

As it seems, Im having a problem with spaming as well = I keep getting the same 867 E-mail Messages everytime I click on receive

no clue why this is happening =

Share this post


Link to post
Share on other sites
Guest $iLk

There was a virus a couple months ago that grabbed email addy's from address books to use as return address headers.

My ISP eventually blocked those messages... but it did take a couple weeks or so... until then I was getting dozens of messages an hour.

Share this post


Link to post
Share on other sites
Guest

quote:

Originally posted by Greg Miller:

SC, let me know when you've captured the scum. I will be down to hook him up to the back of my truck for the drive back to Pittsburgh. After a few trips around the 'burgh, then I will head out west to Gig Harbor so Jaguar can drag him around there for a while. I just hope there is enough of him left for Jaguar to get some satisfaction out of.

I got a couple of spots out here that would make him/her/it VERY uncomfortable, and I would make sure that it is prolonged agony!! VERY prolonged!!

Share this post


Link to post
Share on other sites

quote:


Originally posted by Remo Williams:

Well
here's
a few unhappy spammers.


Great. I hope he gets the death penalty. Seeing its Virginia and all.

Share this post


Link to post
Share on other sites

quote:

Great. I hope he gets the death penalty. Seeing its Virginia and all.

Better idea: Find a way to put him on every list in the country. Call it poetic justice.

Share this post


Link to post
Share on other sites

That was good news, i hope they give him the whole 20, just to help thwart off the rest of these spammers.

Share this post


Link to post
Share on other sites

Wow, I can't imagine a worse person to target this sort of thing.

Share this post


Link to post
Share on other sites

quote:

Originally posted by Baloogan:

my internet provider is shaw cable.... and Im guessing that the spammer lives near here...

anything I can do to help?

I hope this kan help

Try this http://www.keir.net/k9.html

It is really esay to configure. There are even sample of spam mail that you can use to teach the program to recognize spam.

As I said. I hope this will help

Share this post


Link to post
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×