VoyForums
[ Show ]
Support VoyForums
[ Shrink ]
VoyForums Announcement: Programming and providing support for this service has been a labor of love since 1997. We are one of the few services online who values our users' privacy, and have never sold your information. We have even fought hard to defend your privacy in legal cases; however, we've done it with almost no financial support -- paying out of pocket to continue providing the service. Due to the issues imposed on us by advertisers, we also stopped hosting most ads on the forums many years ago. We hope you appreciate our efforts.

Show your support by donating any amount. (Note: We are still technically a for-profit company, so your contribution is not tax-deductible.) PayPal Acct: Feedback:

Donate to VoyForums (PayPal):

Login ] [ Contact Forum Admin ] [ Main index ] [ Post a new message ] [ Search | Check update time | Archives: 123456789[10] ]


[ Next Thread | Previous Thread | Next Message | Previous Message ]

Date Posted: 23:06:13 08/17/03 Sun
Author: Observer
Subject: Spam: Call it what it is
In reply to: Observer 's message, "In the media" on 12:46:08 08/04/03 Mon

Spam: Call it what it is

Now I've heard it all. As I was deleting my 237 spams this morning, one really caught my attention and I couldn't resist tracking it down. It was mailed from "debra29@eastmail.com" and the subject line read:

Spam: Viagra, Phentermine, Xenical & many others prescribed
So at last at least this spammer decided it was time to stop hiding behind fraudulent subject lines and simply own up to sending spam. The message was also carefully shrouded to elude discovery of the actual spammer.

It was sent through ATTBI.com a notorious and prolific spam domain, and advertised "PharmacyFun.biz" -- obviously they think it's fun, but I don't.

Everyone thinks Yahoo is their friend, but if you see what I see, you'll agree they're not any computer user's friend except the spammers. Yahoo is acting as sort of a "SPAM BROADCASTER," doing some of the insidious dirty work for these sleaze-balls by redirecting traffic through "w2.rd.dcx.yahoo.com" (64.58.77.145) and on to its low-life destination. Which, in this case is PharmacyFun.biz.

The spammer uses this tag: <a rel=nofollow target=_blank href="http://rd.yahoo.com/10000759/154/*http://www.pharmacyfun.biz/184/">http://rd.yahoo.com/10000759/154/*http://www.pharmacyfun.biz/184/</a> to "shroud" their own link under Yahoo's to elude detection and make the spam traps think this is coming from Yahoo. It clearly redirects the user to the sleaze-bag's own web site.

This particular email went by the false identity of one K. Kjelou using the email address itsumih@yahoo.com. According to SpamCop this address bounces 437 times. Kjelou's web site was registered at the web registrar "GANDI SARL" in Kaohsi Taiwan by a company called "SoluteSolutions" if you can believe the Whois. Just the spot where everyone wants to buy their Viagra, right?

These go to great lengths to evade detection. The spammer's site is on a name server called L00kinAtYou.com, owned by Bobsas Doleas (bobdole@writeme.com) in Hullenbergweg Amsterdam. (The registrar of record, Joker.com, is in Arizona, so I thought I would give them a call. Once I reached the administrator I was informed they would not disclose the actual owner of the site -- I would have to obtain an official warrent. There are literally dozens of spammers using Joker.com thereby raising suspicion of their complicity in spam.)

To add salt to the wound, the IP address listed as the NS server for the spammer is really not in Amsterdam at all, but rather at "The Tech Group" supposedly in China, at tech-group@china-netcom.com (210.51.12.25) -- which, according to SpamCop bounces 47,801 times.

If we track where the email originates we find a firm in Japan, EKZM.co.jp, under the guidance of Yutaka Kinoshita (domain@ekzm.co.jp) of Nakagyo-Ku, Kyoto Japan -- who happens to be their OWN ISP, using TUCOWS as the registrar of record.

Now, as if this circus wasn't enough, EKZM is operating on servers using Iitomo.com (210.164.32.2) which is (are you ready for this?) owned and registered by Telstra.net, Telstra Corporation Limited in Melbourne, Australia -- who, in turn, accesses the backbone via the Asia Pacific Network Information Center (APNIC-DOM) in Brisbane, Australia, under the domain APNIC.NET.

Now I only went through this diatribe for two reasons:

APNIC.NET shows up dozens of times in the spam traps -- they aid and abet as much as 25% of all the spam reaching American email boxes. And much of that spam follows the very same trail as this example today.
Spammers go to these lengths not to be found. Does that tell you something about their honor and morals?
The domain "PharmacyFun.biz" (advertising in the spam,) was created just 18 days ago on the 10th of April, 2003. They are advertising weight loss, pain relief, muscle relaxants and "men's health" products, primarily Viagra. Can they be serious? Or, do they have some other more insidious agenda. I think they do. During March we received more than 40 spams, all with the very same offer, but all leading to different "pharmacy" oriented domains -- all trunking through the very same channels. Googling their phone number turns up: RXmedsOvernight.com, the spam address they operated under before the 10th, which is now dead. The phone number interestingly enough is in the U.S. 800-879-6704. Calling the number brings you into a complicated series of menus, each ending with "All our operators are busy, at the tone please leave your name and phone number." When you follow the scripts on the bogus ecommerce page it leads to a host in Baltimore Maryland.
The bottom line is:
Would you get a perscription from these people?
The notion that there are enough people buying from these people to keep them in business is really the scary part of this story.

Someone, somewhere should be able to do something about China-Netcom.com and APNIC.NET. But I suspect there's actually nothing that can be done. ICANN, who could remedy the situation in three seconds, refuses to become "involved". The registrar Joker.com won't talk without a court order, and EKZM doesn't speak English.

U.S. law enforcement can't touch them, and their harbouring ISPs obviously don't do anything, so you'll continue to get spam from them.

My only enjoyment from this was realizing that whoever Debra 29 is, she decided it was time to come out of the closet and start calling her email what it really is... SPAM. I guess at least that is a step in the right direction.

Thanks for reading, 'til next time -- Good day!

Fred

[ Next Thread | Previous Thread | Next Message | Previous Message ]


Replies:

  • Online prescription drug trade has deadly cost -- Dolly, 11:44:51 08/18/03 Mon
    Login ] Create Account Not required to post.
    Post a public reply to this message | Go post a new public message
    * HTML allowed in marked fields.
    Message subject (required):

    Name (required):

      Expression (Optional mood/title along with your name) Examples: (happy, sad, The Joyful, etc.) help)

      E-mail address (optional):

    Type your message here:


    Notice: Copies of your message may remain on this and other systems on internet. Please be respectful.

    [ Contact Forum Admin ]


    Forum timezone: GMT-8
    VF Version: 3.00b, ConfDB:
    Before posting please read our privacy policy.
    VoyForums(tm) is a Free Service from Voyager Info-Systems.
    Copyright © 1998-2019 Voyager Info-Systems. All Rights Reserved.