A collection of the spam I’ve received over the last week:
- It is the coolest site,keep so!
- Comiket there is growing number sites? Out is amateur hobby particular. Made in products one such game brawler a?
- I want to thank your page,it good!
- In demo trial form internet with full. Well their creators can make fulltime job. Dressed characters a fight a each looks News site from Computer.
- Everybody loves your guestbook,so do i.
- Rolex? Now you can afford it!
- Cheapest way to solve health problems.
Apparently one of the newer creative ways to spam is to leave messages on school discussion board as well as dropping multiple comments across blogs. They all follow the following format:
Name: ---
E-mail: ---@---.---
URI: http://---school discussion board---/---.htm
IP: ---.---.---.---
Date: --- --, ----
You have a good site
buy --- online
http://---school discussion board---/---.htm
[url=http://---school discussion board---/---.htm]buy --- online[/url]
I spent one week forwarding these comments to the Dean/Administration/IT Director/Webmaster of the schools and received no reply. As a matter of fact there seems to be more spam coming from the schools that I commented to.
Therefore the following school addresses are now listed in my Automatically Nuke filter. If you are a student at one of the following schools and have a genuine comment I humbly apologize, but I have no further intention of wading through dozens of spams originating every morning from your schools. More schools will be added as I see fit.
- alief.isd.tenet.edu
- biotech.sfasu.edu
- georgetowncollege.edu
- kennesaw.edu
- kent.edu
- nnu.edu
- sdsu.edu
- tcnj.edu
- tiger.towson.edu
- ttuhsc.edu
- tvi.edu
- uwa.edu
- uwc.edu
- vccs.edu
Also my Norton Internet Security 2005 has alerted me that 204.16.208.135 (13364) has attempted a UDP PORTSCAN on my home computer (port 1035) a total of eight times since October 1. According to ARIN WHOIS that IP belongs to:
OrgName: FAST COLOCATION SERVICES
OrgID: FCS-73
Address: 3791 N. Edgewater Dr
City: Wasilla
StateProv: AK
PostalCode: 99654
Country: US
NetRange: 204.16.208.0 – 204.16.211.255
NameServer: SANDY.THEHIDEOUT.NET
NameServer: SANDY2.THEHIDEOUT.NET
Fast Colocation is an ISP in California that offers tier 1 bandwidth colocation services for companies on a budget.
SANDY.THEHIDEOUT.NET redirects to http://www.smartmeasurement.com/en/home.asp, a global exchange network specialized in supply chain optimization of Process Control Instrumentation (PCI), with a local physical presence in 25 countries supported by an online procurement technology – what a great online system for a target of trojan, bot, or DDoS attack. I’m not saying that there’s anything wrong with their network, but I do find it strange that a company that I have had no dealings with, a company that I’ve never heard of before, would transmit a PORTSCAN to my home computer eight times since October 1. Of course Norton could be signaling a false positive, but I’m not taking the chance.
In other spam news, from eWeek.com:
The recent surge in e-mail spam hawking penny stocks and penis enlargement pills is the handiwork of Russian hackers running a botnet powered by tens of thousands of hijacked computers.
Internet security researchers and law enforcement authorities have traced the operation to a well-organized hacking gang controlling a 70,000-strong peer-to-peer botnet seeded with the SpamThru Trojan.
According to Joe Stewart, senior security researcher at SecureWorks, in Atlanta, the gang functions with a level of sophistication rarely seen in the hacking underworld.
For starters, the Trojan comes with its own anti-virus scanner—a pirated copy of Kaspersky’s security software—that removes competing malware files from the hijacked machine. Once a Windows machine is infected, it becomes a peer in a peer-to-peer botnet controlled by a central server. If the control server is disabled by botnet hunters, the spammer simply has to control a single peer to retain control of all the bots and send instructions on the location of a new control server.
Y’all get yourself some decent software, and remember that a virus is not the same as a trojan, and it may take multiple software to fully protect yourself – and protect the rest of us.
