Yet another fake spamcop site
A reader at the Spamcop forums found yet another fake spamcop site.
This is uses the same redirect script we found at Redirect to Spamcop.
The javascript on the spamvertized throwaways is the same, except this time it redirects to:
http://netcat45.isprime.com/tools/r/?r=&cat=somekeyword
What comes out the other end is either the
abusepost.com
if you’re accessing the throwaway directly, like bloggers and others investigating would. If you access directly from Google or other search engines, you’ll be redirected to an affiliate page, depending on the keyword.
I found spam sent directly from the server abusepost.com is on: 66.230.167.245
But I also found spam with the e-mail address sksld@mymail.com, pointing to both redirect sites.
So, either the same spammer, or a software package that takes care of everything?
Whois:
08/26/06 17:47:15 whois abusepost.com
Registrant:
John Smith manager@abusepost.com +1.2024783654
Abuse Post Inc.
3520 Wisconsin Ave NW
Washington,DC,US 20016
Domain Name:abusepost.com
Record last updated at 2006-08-04 03:38:13
Record created on 2006/8/4
Record expired on 2007/8/4
Domain servers in listed order:
ns1.abusepost.com ns2.abusepost.com
From the looks of my recent email spams, I’d say SpamCop and the like are beginning to have significant impact.
This is good.
Now if we could just get more of these spammers prosecuted….
[...] Spamhuntress Just another WordPress weblog « Yet another fake spamcop site [...]
[...] I’ve written about a few fake Spamcop sites. [...]
So this seems to be a new trend? A couple of days ago I noticed one of the Umax pet spammers suddenly creating “antispam” somewhat doorway pages on his domains. This strategy makes sense because spammers would take those keywords their “enemies” rank for and undermine the credibility of search results. In other words a clear strategy to damage some organisation’s reputation.
Spamhuntress, you remember our friend Slava? Seems he initiated a new trend in creating spamlists :-). I wouldn’t be too surprised if this site only serves as convenient mean of data gathering. Whilst email addresses would be sold to email spammers the websites would land on several spamlists, even with description of the spammable targets.
I think this has a striking similarity to phishing.
Vasily
Something that crossed my mind:
What would happen if people entered emails and websites of spammers? I mean, I like the thought of spammers having each other on their spamlists and wasting their resources with killing each other’s bandwidth
Vasily
How about someone entering a newly minted spamtrap in one of them forms?
And I wonder what would happen if one spammer joe jobbed another - as in using the domain as from addresses? Those domains are outfitted with an MX record… And apparently catchall…
And of course, those forms might work just as well as my e-mail form in gathering webspam. Hmmm…
And most of all, how about some automation :-). The forms a quite simple without any checks or hidden fields, so they’re vulnerable to automatic submission. Hm, I’m thinking of a shellscript with a long list of anonymous proxies and another long list of known spammers (with email addresses and websites). Makes me wonder, whether the backend is database driven, and if so, how many concurrent open connections it can handle
Vasily
And of course, those forms might work just as well as my e-mail form in gathering webspam. Hmmm…
yep.