This is a forwarded message From: Catherine Hampton ariel@spambouncer.org To: Jeff Chan jeffc@surbl.org Date: Thursday, March 23, 2006, 12:37:24 PM Subject: Please pass on to SURBL lists...
===8<==============Original message text=============== I don't think I'm subscribed to the lists that should see this soonest. Thanks!
=-=-=-=-=-=-=-=-=-=
Today I've seen a massive spam run on some of my domains, older domains that have a lot of spamtraps. The spams are all sent via open proxies/forged headers/etc., have subject lines of something along the lines of "for investors", "best way to invest", "do you want to invest", etc.
The message bodies are pure text, two lines long, and consist of URLs at legitimate domain registrars and other companies not involved in the spam. Here are a few sample message bodies:
=-=-=-=-=-=-=-=-=-=
We offer best way for investment. http://godaddy.com/investdot.com
We offer best way for investment. http://enom.com/talkgold.com
We offer best way for investment. http://1BLU.DE/SX-INVEST.COM
Do you want to invest your money ? Ask me how http://www.moneymakergroup.com/ [Is this one legit? I don't know. But it's part of the same pattern.]
Don't lose your chance to make really good investor carier! http://www.mailer.vascoinvestment.com [Not sure about this one either.]
400% profit per month is TRUE! Visit our site. http://everydns.net/privateopps.com
Don't lose your chance to make really good investor carier! http://namecheap.com/talkgold.com
=-=-=-=-=-=-=-=-=-=
I noticed that vascoinvestment.com is already listed in URIBL, and moneymakergroup.com is in SURBL (William Stearns). Just in case people hadn't noticed, I wanted to point out that we need to be careful about listing domains from these emails.
It's perfectly possible, of course, that some of them are spammy and the others are being used as camoflauge, to slow down the SURBL and URIBL volunteers, and to cause FPs and make those blocklists less effective. It's also possible that *all* of them are legitimate/innocent. In either case, I think blocklists, and particularly SURBL and URIBL, are the targets of this attack.
So please be careful and don't let the idiots win!
On Thursday, March 23, 2006, 8:23:52 PM, Jeff Chan wrote:
This is a forwarded message From: Catherine Hampton ariel@spambouncer.org
[...]
We offer best way for investment. http://godaddy.com/investdot.com
We offer best way for investment. http://enom.com/talkgold.com
We offer best way for investment. http://1BLU.DE/SX-INVEST.COM
Do you want to invest your money ? Ask me how http://www.moneymakergroup.com/ [Is this one legit? I don't know. But it's part of the same pattern.]
Don't lose your chance to make really good investor carier! http://www.mailer.vascoinvestment.com [Not sure about this one either.]
400% profit per month is TRUE! Visit our site. http://everydns.net/privateopps.com
Don't lose your chance to make really good investor carier! http://namecheap.com/talkgold.com
FWIW the four DNS registrars above are already whitelisted.
Joker put vascoinvestment.com on hold. moneymakergroup.com may be a scam, like SX-INVEST.COM.
Can anyone determine anything about 1BLU.DE? Is it a legitimate host?
Jeff C. -- Don't harm innocent bystanders.
On 24.03.2006 06:20, Jeff Chan wrote:
On Thursday, March 23, 2006, 8:23:52 PM, Jeff Chan wrote:
This is a forwarded message From: Catherine Hampton ariel@spambouncer.org
[...]
We offer best way for investment. http://godaddy.com/investdot.com
We offer best way for investment. http://enom.com/talkgold.com
We offer best way for investment. http://1BLU.DE/SX-INVEST.COM
Do you want to invest your money ? Ask me how http://www.moneymakergroup.com/ [Is this one legit? I don't know. But it's part of the same pattern.]
Don't lose your chance to make really good investor carier! http://www.mailer.vascoinvestment.com [Not sure about this one either.]
400% profit per month is TRUE! Visit our site. http://everydns.net/privateopps.com
Don't lose your chance to make really good investor carier! http://namecheap.com/talkgold.com
FWIW the four DNS registrars above are already whitelisted.
Joker put vascoinvestment.com on hold. moneymakergroup.com may be a scam, like SX-INVEST.COM.
Can anyone determine anything about 1BLU.DE? Is it a legitimate host?
1blu.de is very legit.
Alex
Jeff Chan schrieb:
1blu.de is a (relatively new) mass hoster - legit in any case
Dirk
Can anyone determine anything about 1BLU.DE? Is it a legitimate host?
Jeff C.
Don't harm innocent bystanders.
Discuss mailing list Discuss@lists.surbl.org http://lists.surbl.org/mailman/listinfo/discuss
On Thursday, March 23, 2006, 11:08:46 PM, Dirk Bonengel wrote:
Jeff Chan schrieb:
1blu.de is a (relatively new) mass hoster - legit in any case
Dirk
Thanks much Alex and Dirk. I'm whitelisting 1blu.de to prevent any Joe Jobs or chaff from getting it blacklisted.
Jeff C. -- Don't harm innocent bystanders.
1blu.de is a (relatively new) mass hoster - legit in any case
Thanks much Alex and Dirk. I'm whitelisting 1blu.de to prevent any Joe Jobs or chaff from getting it blacklisted.
Hey, gang, I'm here now. :) Sorry I had to get Jeff to post that for me. Thanks for the info about moneymakergroup.com. I'll list them too; they certainly appear dirty. And thanks for verifying that 1blu.de is legitimate.
That was a stinking trick on the part of some spammers, maybe even the idiots at moneymakergroup.com. :/ I just wanted to be sure that people were aware of the joe job aspect and checked things out even more carefully than usual because of it.
On Thu, 23 Mar 2006, Jeff Chan wrote:
FWIW the four DNS registrars above are already whitelisted.
Joker put vascoinvestment.com on hold. moneymakergroup.com may be a scam, like SX-INVEST.COM.
I don't know if moneymakergroup.com is a scam but they are definitely using spam to advertise. I've got multiple examples that hit my spam-traps from bots all over the world, both with and without the extra DNS registrars obfuscation.
On Friday, March 24, 2006, 12:09:31 AM, David Funk wrote:
On Thu, 23 Mar 2006, Jeff Chan wrote:
FWIW the four DNS registrars above are already whitelisted.
Joker put vascoinvestment.com on hold. moneymakergroup.com may be a scam, like SX-INVEST.COM.
I don't know if moneymakergroup.com is a scam but they are definitely using spam to advertise. I've got multiple examples that hit my spam-traps from bots all over the world, both with and without the extra DNS registrars obfuscation.
The google summary does not look at all good:
MoneyMakerGroup Forum - Make Money Online! HYIPs, Autosurfs ... Discuss all the ways to make money online including HYIPs, autosurfs, stocks, forex, MLM, affiliate marketing & other investments. www.moneymakergroup.com/
They can stay blacklisted.
Jeff C. -- Don't harm innocent bystanders.
Hi!
We offer best way for investment. http://godaddy.com/investdot.com
We offer best way for investment. http://enom.com/talkgold.com
We offer best way for investment. http://1BLU.DE/SX-INVEST.COM
Do you want to invest your money ? Ask me how http://www.moneymakergroup.com/ [Is this one legit? I don't know. But it's part of the same pattern.]
We noticed the same, thousands and thousands, fortunately we had them whitelisted, just another run to see if things get autolisted i guess...
Last week we saw the first run, with some othe r(mostly financial) domains.
Bye, Raymond.
-
Alex Broens -
ariel@spambouncer.org -
David B Funk -
Dirk Bonengel -
Jeff Chan -
Raymond Dijkxhoorn