« First Norwegian spam conviction
Hard to spot spam »

New spambot set - powerstorm.ai.net

I just found a new spambot set represented among the spam comments received since last night:

205.134.172.131 , www131.powerstorm.ai.net
205.134.172.133 , www133.powerstorm.ai.net
205.134.172.137 , www137.powerstorm.ai.net
205.134.172.138 , www138.powerstorm.ai.net
205.134.172.139 , www139.powerstorm.ai.net
205.134.172.141 , www141.powerstorm.ai.net

The Israeli was on of the outfits represented (or rather, the spam was totally consistent with their MO). There was also spam for a porn outfit, with this whois:

Losie Janert ottmac@yahoo.com
55896 kolirer Rue
Paris
Leone
44589
FR
Phone: +1.6136140491
NS1.FUZZYNS.COM 67.15.133.2
NS2.FUZZYNS.COM 209.200.14.229

What’s interesting, is that this spammer uses the same dns servers as the Israeli, although the IP is 66.98.251.26, while the spam from the Israeli is (currently) on 205.134.172.136, and another domain on 205.134.172.135 - smack in the middle of the spambot range.

Hmmm, the whois for fuzzyns.com is textbook Israeli:

Susan Harris contact@top-contact-4u.com
Susan Harris
275 Main Street
St Lucia
VG
A2v W1
VG
Phone: +1.2852297362

Other’s have complained about these spambots as well:

Boblycat, Willmac 1, Willmac 2

According to Willmac, the spambots have been operational since the end of July at least!

This entry was posted on Monday, October 9th, 2006 at 3:52 am and is filed under Bots. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

4 Responses to “New spambot set - powerstorm.ai.net”

  1. WillMacc Says:
    October 9th, 2006 at 7:22 am

    I had only started my blog in June. I had actually seen them months before.

  2. A Daily Rant Says:
    October 9th, 2006 at 7:22 am

    Advice on AI.NET…

    OK, here’s a tip. Do not email AI.NET about their user’s abuse. They are more than likely part of the whole problem.
    Today, shortly after sending 2 emails to AI about a bogus sub-domain of AI (powerstorm.ai.net), I got a bunch of spam attem…

  3. darth_maul Says:
    October 9th, 2006 at 10:09 pm

    Wow, I bet you are so proud of yourself. Exactly what did you just accomplish? Oh, that’s right…nothing.

  4. Alkemisten Says:
    November 11th, 2006 at 3:08 pm

    Often, a spammer uses only a few nameservers to be responsable for hundreds or even thousands of domain names that are used to generate spam. If you can locate the common nameservers and target those, you can effectively shut down all the dependent domains (and thus e-mail spam / fraudulant websites).

    As a registrar can only act to suspend a domain name if the Whois information is inaccurate or incomplete, you can take direct action by filing an official complaint (ex. http://rip.gandi.net) with the registrar where the domain name of the nameserver is registered. If indeed the Whois information is inaccurate or fradulent, and if the registrar cannot contact the registrant of the domain name, than the registrar can put the offending domain name on “Hold” status, effectively shutting down all the spamming e-mail addresses.

    Thererfore, the most efficient way to truly compat spammers is to:

    1. Locate the nameservers
    2. See if the Whois information (registration information) is accurate
    3. If that data is inaccurate, file an official complaint where the domain name of the nameserver is registered.

    Do not:
    1. reply to e-mails
    2. trouble yourself with the domain name of the actual website or e-mail sender
    3. waste time with subdomains

Leave a Reply