How I tracked down a spammer
Many of those reading spamhuntress and annelisabeth.com are wondering who these Bulgarians are. I keep talking about them, but don’t explain who they are.
Well, as the regulars know, that explanation is scattered throughout the archive on annelisabeth.com.
But I’ve written a comprehensive page on it, just so everyone will know who and why they are spammers.
Dear Madam,
I appriciate your effort to fight spam generators. This problem became actual for many people. Spam generators leaving in comments a lot of crap, marketing sites for the people with deviated sexual orientations.
I have a sensitive question to you:
Why do you call these spam generators “Bulgarians”?
May I notice that the major of the spam, including promotion of drugs, loans and similar crap, are for the marketing of American producers of the mentioned in the spam goods. Why do you think these spammers have got name “Bulgarians”? Is it to destruct people’s attention from the real spam-makers and propaganding population with the image of bad Europeans with socialistic background?
If you do not have conclusive evidences, proofing, that the spam makers ARE really Bulgarians (not Americans with foreign background, or just Americans), please avoid use of this abusing naming and publish their real names.
A journalist,
Vasilij Nadulisnjak
Administritive contact for twins-bg.com:
Zahariev, Yavor em@twins-bg.com
Sofia
Sofia, Sofia 1434
BG
961 10 66
Nuff said.
I’ve talked about a Norwegian spammer as well, if you look in the archives on annelisabeth.com. I’m Norwegian myself. So this has nothing to do with where they are from. It’s just easier to use a name like that, rather than use their real name all the time. I didn’t name the Norwegian, but I know who he is. Together with his ISP, we scared him off spamming, but unfortunately he’s still selling his spamming software, and I have to contend with the outfall of that. Let’s just say he’s not my favorite Norwegian.
Vasilij has read both my e-mail replies and my reply on this page. I haven’t heard back from him yet.
I just stumbled across this topic and read it relatively fully because I am a Bulgarian (and not a spammer, or an annoyance, hopefully). It’s great that you busted those guys, but “The Bulgarians” does not sound like a “politically correct” term, does it? Yes, they might be Bulgarians, but not every Bulgarian is a spammer! You may say or think that this actual case is self-explanatory but sometimes humans judge pretty simple. And no, Bulgarian doesn’t necessarily mean “A really, really bad guy”. By the way, Yavor, Iavor, or Javor Zahariev is a common name here in Bulgaria, so chances are not even close that you are talking about the same person.
Hi Petar. Nice of you to comment.
Yes, I’m aware that not every Bulgarian is a spammer. In fact, that’s one of the reasons I used that name. I felt a bit self conscious using the Zahariev name all the time.
In fact, I only know of one spamming outfit from Bulgaria - them.
And as for the Yavor name, I know there are several by that name. I’ve identified two that are visible on the web. Two that must be different people.
However, since Emil (their father) owns a lighting shop, it’s very possible that Yavor is both the spammer and the gaffer. It’s not certain, but from what we know about them, it’s a good possibility.
My only problem with Bulgarians, is that their ISP’s won’t cut them off. Since Todor used to run an ISP, I can understand he might have some leverage. But even so, it rankles me that there’s little chance of getting them offline. They do seem to have lost some steam lately, though.
But Petar, can you stick around? I have to update the article on them based on new information. And I’d also like for you to read this post:
http://spamhuntress.com/2005/04/28/whats-up-zahariev/
Well, maybe after all I am my own kind of “pretty simple judging person”. The point is that the whole story, at least for the casual reader (the hey-what’s-this-it-might-be-interesting-to-kill-time-with reader, including myself), creates a label, which cannot, and should not be applied to an entire group of people.
I respect your efforts to bring such kind of nuisance in public, that’s for sure. And I am confident that you are not addressing Bulgarians in general for any of your spam problems. Off-topic closed?
It’s not the first time I’ve had comments about the misnomer (Bulgarians). The sad fact is that many spammers are from Eastern Europe or Russia. Spamming can mean good money. And when you’re in a locale where living costs are low compared with western wages, and spamming means a chance at earning western money in a very different economy, then I understand the temptation.
Sad, but even if some people will earn a good living that way, it doesn’t justify the web turning into one big trash can. So it’s necessary to try and fix the problem. Even if that means a few spammers will have to get other jobs.
Labeling a spammer based on their country is not unusual. Spammers change their products so often and fake their names so discussing them is hard unless you base it on where their spam comes from. There seems to be only a few widespread webspammers from Bulgeria, that is why talking about them as the Bulgerian spammers makes sense. If it were a huge problem as it is in China there is no point in even attempting to track them down. The problem with China is so bad that many people would like to just cut them off from the rest of the internet. Maybe some Bulgarian who sees these posts will contact the providers of these Bulgarian spammers and getting them cut off before more people decide it is a good country to send spam from. Sometimes a local person writing can do more good than we can.
My forum is now being attacked by this guy(s) using the http://www.planet-lab.org/ servers. He has somhow compimised them and using tem for both scaning and posting attacks. A list of the servers is here: https://www.planet-lab.org/db/nodes/all_hosts.php
NOTE: i got here from geeklog.net, the following comment is about their article, which brought me here.
“i believe there are spammers from different nations,
and I think there are spammers living in you country too.
I wouldn’t normaly waste my time writing stuff in your forum, but the fact is - when i wrote ‘bulgarians’ in google your article was one of the resulst on the first page.. right next to http://en.wikipedia.org/wiki/Bulgarians ..- and have a look - there aren’t mentioned any famous bulgarian spammers
no, but there is mentioned one of the fathers of the modern computer - John Atanassov.
So why don’t you GEEKZ wrote somethin` positive like.. :)) Bulgarians - inventors of the modern computer .. duh..”
And about the comment: “I’ve talked about a Norwegian spammer as well, if you look in the archives on annelisabeth.com. I’m Norwegian myself. ”
- when i wrote bulgarians in google i got “the bulgarian spammers”
- when i wrote norwegians i found Great Norwegians Homepage and Porn-surfing Norwegians awarded $40k | The Register, and so on
nothin` about norwegian spammers or spammers from england or german spammers or french spammers (and i’ve checked those)
So it’s not right when you type Bulgarians in google to find this article, PLEASE change it’s TITLE. Because, the title is “Geeklog - [Spam] Meet The Bulgarians”. Tell this to your geekfriends please elisabeth
Oh come on. The Geeklog article is way down the page. That Wikipedia article is way above.
There’s only one spammer in Bulgaria that I know of, and one software maker who used to offer a submitter. Kinda hard to say the Russian, when there are dozens of Russian linkspammers. I do say The Norwegian Spammer. But I can’t help it if that doesn’t rank on Google. Luck of the draw, as they say.
ok, but do you think it’s right the article to be titled “Meet the Bulgarians”
grr…
That’s up to the Geeklog people.
But Vesselin, would you be willing to help translate Bulgarian text now and then? There’s no option for Bulgarian at Babelfish.
the fact is you people really dont know much about bulgarians or any other east european contry and the people who live in that part of the same continent. So when you say “Meet the bulgarians” it is very often connected with negative content.
for example: yesterday i saw an article in one of the major newspapers in netherland, with similar title.. it was somethin like “The bulgarians are coming” or somethin like it.. not sure. Guess what - negative content.
ok - nothin` against it, but it’s really becoming a problem when people who haven’t even heard of Bulgaria to be floodet with negative content from every direction, and you people are being part of it. that’s why im writing all this in language i dont even know, looking in the dictonary and wasting my time, because i think you have your responsibility, and it looks like you’re not aware of your responsibility.
It’s not good to talk that way for your neighbours
what text should i help you with ?
Nothing right now. I’ll e-mail you next time I come across something that looks like Russian and isn’t. Usually that happens when I chase spammers. I remember one time I saw something that might have been Bulgarian, connected somehow with a spammer. But it may have been another language. Hard for me to know, unless the webpage makes it obvious.
ok, it may be serbian or macedonian but i can translate those as well… those are very common.
email me at slmr at dir dot bg or slmr at abv dot bg cause i don’t use slaymer at netbg dot com so often
Moderator: I munged the addresses. Harvesters come through here now and then…
kewl
i want to speak with you but those posts are kind of slow, got icq or something like it ?
I sent you an e-mail to the dir address, with the MSN messenger details.
Like many others I came to this site googling for something containing “bulgarian”…
After reading the way you track spammers, I can only say:
Guys, what a shame! You absolutelly do not know and do not undersrtand the spamming techniques and still you have the bravery of labeling the whole Bulgarian nation as spammers!
Let me give you some explanations:
- no spammer uses its own IP address
- all spammers use forged IP addresses
- the IP addresses the spammers use are usually IPs of vulnerable un-pached servers and workstations on the internet, thus allowing the spammer to use it.
Well, let me ask you some questions:
- how exactly you are tracking a forged IP address? If you have a real answer for this, you can become very rich by pattenting this, your first client will be FBI…
Best (Bulgarian) regards…
Well, Tony, I guess it’s you who don’t understand spam tracking.
Forget what you learned about tracking mail spammers. Linkspammers are a different breed entirely. Currently their favored method is using a server they lease or colocate as their spambot. Most of them don’t even layer a proxy on top of that spambot.
Why? Because webhosts don’t understand linkspam, and some of the big colocation/leasing facilities are spam supporters when it comes to linkspam.
Also, while linkspammers learn, they often use their own ISP connections when spamming.
I stand by my conclusions. And no, I don’t think Bulgarians are all spammers. In fact, there are extremely few Bulgarian spammers. Most are Russians…
[...] t spamware A Bulgarian thinks I made it up I got a comment on my How I tracked down a spammer post today: # Tony (Bulgarian) Says: July 19th, [...]
i like to fucked bulgerian women
please contact with me
at my handphone number - 0088 0191144351
engineermahmud@yahoo.com
I yet believe that it must be the reason for these spammers to keep on bombing our sites with BS. And if it is not material reasons, what are their might be?
Vasilij,
An EU journalist.