Spamhuntress

Check out the comment by Scott here. The guy from Ripway.

Spam Huntress » Blog Archive » Picking on guestbook spammers

Ripway is a free website provider, and is fed up with all the spammers. They use automated content scans to remove spammer sites.

I’ve seen quite a few ripway sites spamvertized lately. Maybe I should check some of them and send them to Scott if they haven’t been yanked? Maybe he could find some kind of pattern and find all the sites of a spammer?

Let me know if that’s possible, Scott!

I was looking for something specific on Google Groups. When I hit sort by date, I found almost only typical free for all posts. Turns out all those Google groups you can start are often full of what I’d term spam.

So, what we need is a way to blacklist certain groups individually. Which means, if I’m logged in, there should be a button next to each group (even if it’s a usenet group) that let’s me killfile it. Killfiling has been used on usenet for years to avoid having to see posts by trolls and people we dislike. What we need at Google Groups is a way to killfile entire groups so we don’t need to see the search results.

One especially bad group for my particular search term was “Mommies at home” and “Network Moms” (typical feminine topic, so that makes sense).

But there are loads of those groups, and with time, the pollution is only going to get worse!

I was checking out a referrer on a forum where someone had gotten help with an HP computer.

Then I get a popup talking about the Bloodhound virus, and pushing an antivirus solution that’s unknown to me. It was a popup with an alert. The only way out for most people would be to click on OK, because the window didn’t respond. I used alt F4 to get out of it.

But even when I did, I was led to the next window. Apparently this company had popups with the Windows security center logo in the past, but it’s been removed now. I wasn’t about to download some unknown software. I suspected it was malware of some sort.

Sunbelt BLOG: Another fake security site.

But my question is, has my Firefox been infected by something, or did this popup get triggered by something on the pro-networks.org forum?

I checked the code, and although the forum is apparently ad free, there’s some code there that pops under ads from fastclick.com. I suspect this is the reason for the popup!

So, fastclick probably let in some rogue player. Maybe they should check their advertisers more thoroughly?

amaena.com whois:

Hostmaster, Amaena hostmaster@amaena.com
P.O. box1048
Chernigov, NA 14032
UA
+380 96 381 4557

IP:
66.244.254.64
66.244.254.63

MX records show a host from Quebec, Canada: setupahost.net

Many people use their job e-mail for private things. It may seem completely innocent, but e-mail isn’t completely private. What may seem innocent in the beginning, may end up anything but.

Many of these examples are true stories.

What if you send a racy proposition to some business associate, and manage to misspell his address… That mail may end up somewhere it’s not supposed to be. If you’re lucky, it’ll bounce back to you, but you may not be that lucky.

What if you send a love note, and attach a file that gets stopped by some filters, or clog up the server? A note may get sent to you, but also to the admin, who even gets a copy of the entire mail…

Let’s say the boss sacks you for some offense, and decides to find out what you used company e-mail for. If you’ve been a really bad boy, the server logs alone will give the boss an idea of what you do with your free time. And forget about saying you only get spam. Good analysis will differentiate between spam and mail generated by a subscription.

Or even if you leave your job for another job. If there’s a lot of valuable incoming mail to your account, your old boss may decide to reroute your old e-mail address to a new employee, so no business contacts will be lost in the transition. If you’ve used that e-mail address for private stuff, it could get embarassing, if you forget to notify someone, or that someone is a bit forgetful…

And if you have your own e-mail address, don’t use the outgoing mailserver at work. Like I said, server logs are pretty specific about who you converse with.

Some companies keep and analyze logs of what you surf. They can’t tell what the contents of Hotmail, Gmail and Yahoo webmail is, though, without more invasive methods.

Just a little heads up.

Even if you don’t have anything to hide, separating company e-mail and private e-mail is a good rule of thumb, just in case you switch jobs or your company gets embroiled in legal action. Think about all those e-mails by Enron employees that have become public, even though some of those mails have nothing to do with the case!

Sometimes I just have to laugh.

I work for an ISP these days, and sometimes I get puzzling problems thrown in my lap.

Like the guy who couldn’t send e-mail through our servers. He couldn’t understand it, because he was hooked up to our net, and there was absolutely no reason he shouldn’t be able to send e-mail.

Then there’s the guy who threw a fit because our network blocked a racy site. Or so he thought.

Problem is, both of them were connected to a VPN (Virtual Private Network).

Many companies provide their employees with VPN connections to minimize the chance that their traffic could be sniffed and misused, because a VPN connection is encrypted. When you’re connected to a VPN, your IP address becomes that of the VPN connection. And your company may have installed filters, maybe even proxy servers for that connection. So you may not be able to reach everything. An ISP generally doesn’t filter your net access, but companies can usually get away with any kind of filtering they like. It’s not like their employees will leave over that…

Consequently, when these employees are unaware that they’re still connected to the VPN, then unexpected things could happen…

So next time unexpected things happen with your net connetion, check to see that you’re not hooked up to your VPN connection…

I got an e-mail from EdisonRex, whose online nick was misused by a spammer. EdisonRex had edited the spammer’s spampost on his forum, and the spammer took offence.

The nick was used as an online identity, so EdisonRex felt the need to protect it. That meant investigating the misuse, and getting information out.

He’s written 5 long chapters detailing their plight, that I thought might be of interest to my readers as well:

Spam’s Empire 1
Spam’s Empire 2
Spam’s Empire 3
Spam’s Empire 4
Spam’s Empire 5

There’s another installment coming soon.

But in the meantime, maybe one of you guys have seen spam coming from the same sources? maybe we can help him figure out if this is related to other spam?

If this spammer is only spamming for the role playing game, then revenge could be a tactic he’d be quick to employ.

On the other hand, professional spammers get a rather thick skin. Even so, we’ve seen revenge spamruns fairly often. The latest was this one.