[SURBL-Discuss] RE: Research wanted: age of spam gang URI domains
Steven Champeon
schampeo at hesketh.com
Fri Apr 22 18:27:56 CEST 2005
on Fri, Apr 22, 2005 at 09:05:57AM -0400, Chris Santerre wrote:
>
>
> >-----Original Message-----
> >From: Jeff Chan [mailto:jeffc at surbl.org]
> >Sent: Thursday, April 21, 2005 7:46 PM
> >To: SURBL Discuss; SpamAssassin Users
> >Subject: Research wanted: age of spam gang URI domains
> >
> >
> >Does anyone have research or references for the age profiles of
> >domains appearing in the URIs of spam gang (i.e. Ralsky, Lindsay,
> >Richter, etc.) spams? In other words, how old are the domains of
> >sites being spamvertised *by spam gangs*? (By age I mean how
> >long ago they were (most recently) created.)
> >
> >Jeff C.
>
> Off the top of my nogging, I've seen the major guys be about 1-3 days from
> registering.
>
> However......
>
> I also saw a pattern a few spammers using ones registered 3 months prior.
> This is when I began to theorise that there was possibly a spam domain
> service. Someone simply registering domain names full time, then selling
> them out to other spammers. I started researching the idea, then got busy on
> other stuff.
>
> When things settle I'll try to pick back up on the research. Sorry I don't
> have any hard data for you.
See:
http://www.merit.edu/mail.archives/nanog/2005-01/msg00225.html
for one particular spamgang (dunno who); seems to be entirely dedicated
to sending out spam in multipart with one redirector link (ends in .html,
with embedded hash URL) and one remove link (ends in .htm, otherwise the
same hash URL). I'm sure if you did some research you could find out more
about current SURBLized domains that point to the name servers listed in
the post. The joe job finally stopped around the same week as the post,
so maybe they got sick of giving us all that free information.
I've got some several hundred bounces, if you want to pore over them.
--
hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2554 w: http://hesketh.com
join us! http://hesketh.com/about/careers/account_manager.html join us!
More information about the Discuss
mailing list