Posts Tagged ‘spam’

Akismet works great

Thursday, June 1st, 2006

In the last week there has been a dramatic spike in the number of comment spam messages I’ve been getting. Yesterday I installed akismet, got a wordpress.com API key and in 24 hours it has stopped 300+ junk comments and let the one real one through — incredibly simple and painless to install and start using.

govbenefits.gov used to cover phisher’s hacking

Sunday, November 27th, 2005

I just got spam from a phisher allegedly from tax-returns@irs.gov saying I have a $571.94 tax refund that needs to be claimed in 12 days.

The URL had me fooled for a second — it looks like a link to govbenefits.gov with a long
identifier. It turns out that the badguys are using a poorly secured redirect page (externalLink.jhtml) on govbenefits.gov to send people to porterfam.org. Of course the resulting page asks for SSN, credit card number, etc — all the things needed for identity fraud.

And here is the email:

From: tax-returns@irs.gov <tax -returns@irs.gov>
Reply-To: no-reply-2005@66.34.46.216
To: my email
Date: Nov 26, 2005 12:16 PM
Subject: [IRS] Tax Refund

You are eligible to recieve a tax refund for $571.94.

To access the form for your tax return use the link below:

http://www.govbenefits.gov/govbenefits/externalLink.jhtml?url=h%74t%70:%2F%2F%77%77%77%2Eporterfam%2E%6F%72%67%2F2+005%2F%3F_cmd=/cgibin/2005/trefund/id=96596,00
(copy and paste this link in your browser address bar)

12 days left to apply for your refund. You may not receive your refund as quickly as you expected. A refund can be delayed for a variety of reasons. For example, a name and Social Security number listed on the tax return may not match the IRS records. You may have failed to electronically sign the return or applied after the deadline.

This email has been sent by the Internal Revenue Service, a bureau of the Department of the Treasury.

The bad guys are getting pretty tricky…

comment spammers topical news articles

Friday, September 23rd, 2005

I got two comment spam using text from one of the AP news feeds. Looks like they are trying to game google’s blog search engine by hooking themselves to breaking news keywords.

Name: SPAM PRODUCT | E-mail: SPAMMER@yahoo.com | URI: http://SPAM PRODUCT.com/ | IP: 195.206.123.33

HOUSTON – Hurricane Rita roared toward the Texas and Louisiana coasts early Friday, a major Category 4 storm that spurred a traffic-snarled exodus toward higher ground and fears it could cripple the heart of the nation’s petrochemical industry.
SPAM PRODUCT href

Just got a call from a telemarketer…

Tuesday, March 15th, 2005

And it was the first time in quite a while since the home phone was registered with the National Do Not Call Registry.

He was trying to drum up business for a Chiropractor
somewhere on D.W. Highway in town. The telemarketer said he was calling from New Rochelle, NY and caller ID caught his number as: 845-362-8732 and ‘D,R G TELEMARKE’. He said my number must not be on the do not call list since he called me. I just checked with donotcall.gov and we’ve been on it since 6/29/2003.

I’ve submitted a complaint and we’ll see what happens.

comment spam

Friday, November 26th, 2004

The daily comment spam is getting worse and worse — easily 100+ per day. It never makes it to the website because WordPress is setup so I need to approve all postings, but it is a PITA to weed
through the spam to find the occasionally real comments.

I’ve seen on Jeremy Zawodny’s blog that in order to post, you need to type *his* first name in one of the forms. Not rocket science if a human is making the posting, but perhaps just difficult enough for the spammer’s script to fail. The other nice thing is you can always change the question to something equally as trival. Say, “what the the color of the sky?” or “3141592 is my favorite number, what is my favorite number?”

Jeff Barr posted an entry on exactly how to do that in WordPress. The only thing that was a little tricky was the change to wp-comments-post.php was on line 22 in my copy of the file. The difference because the file is a DOS format and emacs displayed it with ^M^M at the end of each line (essentially halving the
number of line Jeff saw.

The changes work for me…

sideloaders.com is spamming me

Friday, March 26th, 2004

I just got the SPAM email below offering sell me Omega 4D MultiLoaders
(whatever those are).

Clearly they got my email from scrapping the web or somewhere because
they send to marc-at-tradeshow@nozell.com (from one of my blog
entries), marc-blog-feedback@nozell.com (used only here on my blog)
and marc-i-saw-your-weblog@nozell.com (same thing)

What also pisses me off is they included this graphic so I had to
download 130k of their junk — three times!





An image sent via spam by sideloaders.com (26 Mar 2004)

REMEMBER: Don’t do business with companies that use Unsolicited
Commerical Email (UCE) to market. It is an unethical marketing
technique. Thanks!

=====
Start of Junk email from shrewd@sideloaders.com
=====

    From shrewd@sideloaders.com Thu Mar 25 23:51:59 2004
    Return-path: <shrewd@sideloaders.com>
    Envelope-to: marc@localhost
    Received: from sideloaders.com ([68.20.209.65]) by aspworld.com with MailEn
able ESMTP; Thu, 25 Mar 2004 20:58:06 -0500
    From: "shrewd@sideloaders.com" <shrewd@sideloaders.com>
    To: "Marc-at-tradeshow" <marc-at-tradeshow@nozell.com>
    Subject: Invitation: MultiLoader debuts at Cleveland show
    Date: Thu, 25 Mar 2004 19:55:54 -0600
    X-MSMail-Priority: Normal
    Reply-To: "shrewd@sideloaders.com" <shrewd@sideloaders.com>
    Organization: BHS
    X-Mailer: Internet Mail Service
    Message-ID: <A3F2C67582AE41CCBF574EFD327C1.MAI@aspworld.com>

    Invitation: MultiLoader debuts at Cleveland show

    The first four-way truck with IC propulsion manufactured in North
    America by Omega Lift Manufacturing will make its debut during the NA
    2004 Material Handling Show in Cleveland, Ohio from March 29 to April
    1, 2004

    The show is held at the International Exhibition Center (I-X Service
    Center) on 6200 Riverside Drive. Please stop by at booth number 1241,
    where you and your customers can have a first look at the all wheel
    drive, all wheel steer MultiLoader.

    The Omega 4D MultiLoader series comes in capacities of 8,000, 10,000
    and 12,000 pounds with a Perkins diesel, or GM LPG engine. All mast
    types are available and load bed sizes from 30 to 60 inches are
    offered. Super Elastic tires are standard.

    Please, stop by and see us.
    Baumann Handling Systems, Inc.
    Manfred Kaufmann
    Baumann Handling Systems, 1208 Badger Street, Yorkville, IL 60560: 800-927-
0385, www.sideloaders.com
    If you wish to be removed from this mailing list, please reply to this emai
l with the word "unsubscribe" in the subject line.

=====
End of Junk email from shrewd@sideloaders.com
=====

Reply from goldlasso.com

Friday, January 16th, 2004

I replied to the unsolicited email offer pointing to my blog and got a
quick reply at 17:18 from “Elie D. Ashery”, the President & CEO,
with the warning at the end of the email:
=====
This email is considered original works and cannot be published in whole or
in part without the express written consent of Gold Lasso, Inc.
=====

So my interpretation of what he had to say.

-> Sends his sincere apologies for any inconvience and will
investigate how my email got on one of their marketing lists. I
appreciate that and am actually interested to see what he finds out.

-> Stated that Gold Lasso complies with the ‘CANN SPAM Act
legislation’ and respects out-opt. That too is nice to see.
Personally I’d prefer opt-in to these and other marketing mailing
lists.

-> Unfortunately it ends on a sour note when he warns me that he takes
‘serious offense for insinuating’ that they engage in unethical
business practices. He considers my statements libel will take
legal action if what I write prevents him from doing his business.

I’ve since clicked on the link in the original email to have my email
address removed and presume I will never receive email from their
marketing lists.

GoldLasso.com is spamming me

Friday, January 16th, 2004

I just got the SPAM email below offering to market my restaurant.
Clearly they got my email from scrapping the web or somewhere because
I never use marc@nozell.com to register at websites.

REMEMBER: Don’t do business with companies that use Unsolicited
Commerical Email (UCE) to market. It is an unethical marketing
technique. Thanks!

=====
Start of Junk email from Gold Lasso
=====

    Subject: New Restaurant Marketing
X-Subscriberid: 500153
X-Scheduleid: 923
Reply-To: Rebecca Matthews <glrest-reply@eloop.goldlasso.com>
To: marc@nozell.com
From: Rebecca Matthews <glrest@eloop.goldlasso.com>

Serve up some marketing that your customers
will really remember!

**************************************
Email Marketing for Restaurants
**************************************
E-mail marketing is taking the restaurant industry by storm.
You no longer have to spend a hefty fee on a cable TV spot or
coupon booklets. With Gold Lasso?s Restaurant Marketing Program,
you can identify your best customers, efficiently communicate
with them, and reward their loyalty. You can even ask for referrals.
All via e-mail!

- No technology to buy
- No computers or software to setup
- No data to enter

Click here for more info...

http://eloop.goldlasso.com/redir.php?s=XXX&u=XXXXXX&f=1&url=

http%3A%2F%2Fwww.goldlasso.com%2Fhtml%2Fservices_restaurant_form.html

Gold Lasso is a full-service e-mail marketing firm that can help
you get customers in the door and keep them coming back. You have
real-time access to your Gold Lasso account via our Web site so you
know immediately which promotions are working and which are not.
Don?t wait! Contact us now to find out how we can help promote your
restaurant via e-mail.

Click here for more info...

http://eloop.goldlasso.com/redir.php?s=XXX&u=XXXXXX&f=1&url=

http%3A%2F%2Fwww.goldlasso.com%2Fhtml%2Fservices_restaurant_form.html

Spammers hijacking may domain name — again

Friday, January 16th, 2004

I was joe
jobbed
again, but this time it looks like they are Russian — lots
of bounced mail destined for .ru, .ua and .su domains.

Time to update my procmail filter…

Spammers ‘hijacking’ nozell.com domain

Monday, September 15th, 2003

It looks like some spammer is using my domain name as for the return
address. Starting yesterday I started getting a bunch of bounced email
allegedly from addresses like this:

Here is a selection of the crap that they are sending out:

To: 

Subject: Re: fioricet, soma, buspar, prozac, and more prescribed
         online and shipped to your door jnk ngc vktv lsgqp uredu jb r
         nclh qovnbcdpzdvygvotdzljdt yqlis pvhq diijybv djkxitmhw xksh
         h

To: 

Subject: Fwd: get prescription meds to your door - no prior
         prescription needed rbthixw juminx wuzeh y m kywdghdyb tt xx
         dfzlztjajjzhz lyhnjufi omhb tsntghowomc gjm guuhleytw

To: 

Subject: Re: get prescribed viagra, diet pills and much more online!
         overnight shipping id pjvunfslev daqrksw qck lrrpqarma tlpkb
         ym q tu nk bgl lsc pmppwvlxiageo

To: 
Subject: Fwd: ever wanted real soma pills   rrvkmqjohenzzvowgseyb

To: 

Subject: Re: order status
         (%random_number%random_number%random_number%random_
         number%random_number%random_number) fph mbnyhhpbequue zaty
         zlhifzh ivb wdgfhbkgoyaw rjoslyduhrh xhrzphcp kbl
         aitqveaefytihoir lghshjqs 

The last one is interesting because it looks like the jerk messed up
his spamming software.