« Blog spam is way up
Block words in Wordpress »

Mail spammer branching out?

I’ve been tracking certain comment spams that had …interesting contents.

The first I was aware of advertized e-mail lists for “email marketing”. The payoff in the spam was an e-mail address, but I also found a website address. On that website, spam hosting is especially mentioned. There’s a debate raging on a Russian forum about his services. How long the site will last etc.

Today I found two messages from the same outfit. This time selling skimmers. Yes, I’m talking about bank card skimmers! This is clearly illegal. He’s also selling dumps and pins. I’m guessing he’s referring to card numbers with pin numbers.

As I checked the logs, I found the same IP address and user agent selling those Russian grandmother dolls. The e-mail address used in those spam comments are linked with the e-mail lists through earlier spams I found on the internet. Those are mainly written in Russian.

The name on the registration of the domains involved is:

person: Alexey A Gusarov
phone: +7 906 1373729
e-mail: rassilka2006@yahoo.co.uk

At first I was unsure if this was the person behind the spam (due to the nature of Russian domain registrations), but the e-mail address is also used in the spam runs.

He’s also implicated in ICQ spam:

Domains (if you want to run him to ground…):

modmo.ru
424000.com
interneo.ru

E-mail addresses used in the spams (some of them hidden):

klimenkov-alekse@inbox.ru
kloffert007@yahoo.co.uk
eduard-rozumov@mail.ru
interneoster@gmail.com
admin@megafona.net

ICQ: 194-8-194

He’s spamming forums, with a registered user: Interneohyk007
The Russian sites has Alexey A. Gusarov as the owner, but the non-Russian ones have different whois info, probably fake:
megafona.net

Dougherty, Kevin arnybiz@yahoo.co.uk
616 Richards Lane
Champaign, IL 61820
US
9090909099

424000.com

Haza Int
Arnold Drew
Russia
Yoshka, MR 424000
RU
Phone: 1.75784845
Fax..: none
Email: arnybiz@yahoo.co.uk

This entry was posted on Wednesday, May 17th, 2006 at 1:03 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

5 Responses to “Mail spammer branching out?”

  1. Chris Says:
    May 17th, 2006 at 3:45 pm

    I saw that comment spam too. megofona.net was redirecting to le-trans.org which looks like a very dodgy site.

  2. My0 Says:
    May 17th, 2006 at 6:13 pm

    I saw some message board spam for the matryoshkas (nesting dolls)
    ( 424000.com )

    Now you identified this message board spammer, wears more than one hat it seems. His WHOIS info looks a bit more normal than the WHOIS for this phishing spammer: nop1237.com
    Funny how they are turning to using numbers in their domain names.

  3. gina Says:
    May 18th, 2006 at 2:12 am

    can i know how i can collect more spam? i’ve tried but i’m unable to get much….

  4. My0 Says:
    May 18th, 2006 at 8:11 pm

    post your email address all over the web, message boards, guestbooks, on your website in the metatags, and in Google groups (Usenet) - you should get a lot of spam then.

  5. gina Says:
    May 19th, 2006 at 12:26 am

    thanks My0… i’ll try that.

Leave a Reply