... From: David B Funk dbfunk@engineering.uiowa.edu To: discuss@lists.surbl.org, users@spamassassin.apache.org Subject: New redirector: www.nate.com ...

Ugg, just ran across another open redirector abused in spam

www.nate.com/r/XY12/target.domain

where XY12 seems to be any combination of 4 letters and digits. Looks like some Korean ISP thingie.

-- Dave Funk University of Iowa <dbfunk (at) engineering.uiowa.edu> College of Engineering 319/335-5751 FAX: 319/384-0549 1256 Seamans Center Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527 #include <std_disclaimer.h> Better is not better, 'standard' is better. B{

The domains:

nate.com-munged gambia.com-munged (and actual ICANN listed registrar) sktelecom.com-munged KPPN.COM-munged and KPPINC.COM-munged

all seem to be part of a group of spam support services run from Korea. The true owner is hidden behind a set of legal shells. There do not appear to be an legitimate customers (but for Jeff C.), but I have not done a thorough enough investigation to say they for sure. I can say they have been "seen" before and have listings against them.

Paul Shupak track@plectere.com

P.S. The rfci whois listing for gambia.com-munged is one of my favorites, because it is the only time I have seem that particular violation.