« Server error
Alseo spammer »

Recycled spammer

Writeup: OEM Software spammer

————

I caught a new spammer on annelisabeth today.

During the normal tracing process, I found that this guy is an old hand at spamming. He was caught on NANAS repeatedly in 2003 for mail spamming.

Here’s a sampler of his X-mailer lines:
X-Mailer: commit pray deprivation5459
X-Mailer: The Bat! (v1.49)
X-Mailer: olefin amazon manageable6571
X-Mailer: Holdit Mailer 4.04
X-Mailer: ChinHuan MaoZun 5.09
X-Mailer: Microsoft Outlook Express 5.50.4522.1200

He spammed from
195.206.123.33

And the domain (cheap-computer-software.com) is at:
195.206.123.59

I’m pretty sure he’s using a spambot. That seems the new weapon of choice for many spammers.

The IP block is from telecompoint-net in Russia, and is owned (according to RIPE) by Konstantin Melnikov.

This entry was posted on Sunday, July 3rd, 2005 at 12:36 pm and is filed under Comment spam. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “Recycled spammer”

  1. Sylvain Romiguier Says:
    April 26th, 2006 at 6:33 am

    Other spam from domain names soft104.com and oemnick.com during april 2006. All are linked to “Download Software” site which is hosted by a russian web hoster called relcom.ru

    They are registered by Alex Rodrigez in French Polynesia but the name server (ns1.oemguy.com) is a forwarded dns from ns1.oem-add.biz from anatolly vasin, Boulder, USA.

Leave a Reply