about | contact | disclaimer | home   


Spam Sunday

Or call it the week in spam. Or weekend in spam, for most of the ones listed below were received Saturday. I'm leaving out the one from from January 17 in which it was revealed that I won a 2006 BMW 530iA (Black Sapphire Metallic exterior and Black leather interior), a six speed automatic. The 419 email was even sent in the MS Comic Sans font. My reference number is BMW:2551256003/23 and PIN is x7pwyz2005.

From: kyra@goes.com
Subject: Re: please send me your photos
Date: January 18, 2007 2:21:57 PM CST

Hello !
Thu, 18 Jan 2007 20:33:11

I am Diana, 19 years old. I have just uploaded my new photos and a video sample here:


Please let me know what do you think about it!

Looking forward to hearing from you,

P.S. My contact information you can find on my home page

The thing to note about this is not that it is a porn spam (although it is not safe for work either), but that it is only apparently a porn spam. Instead it lures the reader with the promise of porn, but in order to view the model's movie one must use the supplied player, player.exe, and there is your trojan, so to speak.

The page source lists an iframe linked to http://walkcave.com/, which presents itself as a the “The Jonathan Photo Club” in Saskatchewan. The site is poorly developed, but presents no obvious spam or scam pages; it does, however, uses iframes back to http://dianajava.com/. The rest of the http://dianajava.com/ site is poorly developed, but presents a different face to its visitors than does the above pseudo-porn link. The links on the site are to seemingly legitimate Oregon photographers and such.

The least cynical evaluation I can provide is that someone cracked http://dianajava.com/ and put up the link in the email without the knowledge of the owner of the site. I'm too lazy to figure it out. The more cynical view is that the point of the site is the link from the email, and the rest of the site is just to make people think there is something legitimate behind it all.

The word spam has been diluted a bit further than even Hormel would (not) have liked, and I'm as guilty as anyone, and that's because in addition to unsolicited commercial email it can encompass scam (Nigerian, 419, Advance Fee Fraud), phishing (log into PayPal or else, check your online banking info, etc.), and trojan (just click on this attachment) emails as well—unwanted message? It's spam.

From:Maria <Lonnie@nis-portal.de>
Subject: trabajo
Date: January 20, 2007 11:08:13 PM CST

Buenos Dias,

Nuestra compania internacional ofrece el trabajo.
Podras ganar 150-300 Euros por dia.
Esto es legal y es seguro.

Nuestras exigencias:
1) Debes vivir en la Espana;
2) Debes tener el tiempo libre por la manana;
3) Debes ser mas mayor cerca de 20 anos.

Para el recibo de las instrucciones respondan
solamente a este email: BBMO@KM.RU


This is a truly international email. It is supposedly from a German address, written in Spanish (and one must live in Spain), and one should reply to a Russian address. On top of that It has a sort of multiple-personality syndrome going on, for it is from both Lonnie (man, woman?) and Maria. Sure, it's hard to turn down up to 6000 Euros a month, but somehow I'll manage.

From: Root_ecole@marketsource.com
Subject: Ltd. Enrollment Notification
Date: January 20, 2007 9:23:41 AM CST


Penis Enlargement Spam


From: SharonVazquezve@maxitd.com
Subject: Take my advice
Date: January 20, 2007 6:15:19 AM CST

Three hours apart I received identical penis enlargement spams, though they used different subject lines and had different senders. The low-quality jpg, complete with excessive artifacts from bad copy-and-paste jobs, compression, etc., is actually amusing.

Just when you thought the amount of spam you'd been receiving had gone down, that the spammers had given up and gone home, that the battle if not the war was won, MSNBC.com' Red Tape Chronicles (Bob Sullivan) reports that “Spam is back, and worse than ever.” The telling paragraph reads: “In fact, there's twice as much spam now as opposed to this time last year. And the messages themselves are causing more trouble. About half of all spam sent now is ‘image spam,’ containing server-clogging pictures that are up to 10 times the size of traditional text spam. And most image spam is stock-related, pump-and-dump scams which can harm investors who don't even use e-mail. About one-third of all spam is stock spam now.” I can relate. I've got image spam for penis enlargement, natural male enhancement, prescription drugs, stock pump-and-dump, 419 scams (free car! just send us ...), and more.

Actually, that wasn't the telling passage, for that would be: “Of course, there wouldn't be this much spam if it didn't work.”

It's what so many of us have wondered for ages. There are costs associated with sending spam, so short of the pure joy of making other people miserable, most spammers need another incentive, and assuming that they're rational creatures, and—limiting ourselves to the traditional definition of unsolicited commercial email—given that spam wants to sell us something, it is reasonable to conclude that enough people sign on for these things to work. Who are these idiots? Are we just talking about the same braindead Americans who do Amway, Scientology, Landmark Education, and the like?

From: johnson@cnslogistic.com
Subject: seek for cooperation
Date: January 19, 2007 10:46:32 PM CST
To: [list removed]


My name is Johnson, I come from C&S Intertrans (Shenzhen) Co.Ltd in China.

C&S Intertrans (Shenzhen) Co. Ltd is not only a first-class freight forwarding authorized by the Ministry of Foreign Trade Economic of China but also the member of of CGLN (WCA Family).

C&S Intertrans (Shenzhen) Co.Ltd was established in 1997 at shenzhen with an investment of USD One million. Because of our ardent dedication and professional ethics, we have been identified as one of the leading players in the field of ocean freight, air freight and logistics services in an international level. In a highly competitive scenario, C&S was able to show a steady graph of rapid growth in this industry.

The business scope of the company covers such agency business for international transportation both Chinese and foreign. We have rich experience & honesty & trusty. Currently we have established network in Shenzhen, Shanghai, Hongkong, Guangzhou, Foshan, Zhongshan, Qingdao, Xianmen, Dalian and Ningbo.

Our Services:

We are confident that we can service with full customer satisfaction in the field of sea freight, air freight and inland delivery. We can handle all types of consignments such as full Containers Load (FCL), Less Container Load, Consolidation (LCL), direct and consolidated air service from Hong Kong and all Chinese air ports to the world including pick-up, export preparation & customs clearance, assembly and distribution.

We have contract rates with EVERGREEN, CMA, NORASIA, MAERSK APL, LT, CSCL, COSCO, SENATOR, WANHAI, CSAV, HMM, TSLINE and so on. Our rates can catch any competitions. Our door to door services are highly professional with extensive network of worldwide agents. We have our own insured trucks later to the requirement of Guangdong province especially the pearl-river-delta region which is the nucleus of High Tech., electronics, furniture, lighting and toys, ceramic.

Thank you for your support and to the pleasure of working with you soon.

Best regards & Thanks,

Johnson Dong
Oversea Department
C&S Intertrans(Shenzhen)Co.,LTD
Tel: 0086-755-83461483
MOBIL: 0086-13249853153
Fax: 0086-755-83460671
Email: johnson@cnslogistic.com
MSN: johnsonmemecha@hotmail.com
SKYPE: johnsonmemecha
Website: www.cnslogistic.com
Address: Rm.606, Hai Tian Zonghe Building, Cai Tian Road Shenzhen, China

Thank you, Johnson.

We have rich experience & honesty & trusty. Trusty. Sounds like truthiness to me.

The important part of this message is invisible now: the To: list, which included a handful of email addresses I recognized, all people in some way affiliated with the International Brecht Society. This indicates that these were addresses in an address book or, more likely, in messages in an in- or out-box. In any case, the source of the spam/scam is a PC user who infected his/her own machine with a worm/trojan/etc. at some point.

Sullivan's article didn't tell us much that was new to be honest. It was followed by a deluge of responses from people upset with all the spam they get, but as one responder posted, “Interesting how many posts seem to think the answer to spam is invasive government control. I find this attitude simplistic and scary!”

And returning to the download-a-trojan-athon I present another email that I received twice, back-to-back, from different addresses:

From: news@kaspersky.com
Subject: Kaspersky Scamblocker - New Anti-Phishing Software
Date: January 19, 2007 8:48:40 PM CST
Reply-To: support@kaspersky.com

Kaspersky Scamblocker - New Anti-Phishing Software

The most promising method of stopping spear phishing is continuous periodic exercises for all your users in which they experience safe phishing. A child often learns not to touch a stove after he has burnt his finger. By making the phishing experience illuminating, but not too painful, you can get the same effect without doing real damage.

A second defense is universal two-factor authentication. If your organization is not economically strong and cannot afford two-factor authentication, another method used to prevent phishing and other types of comprises is the implementation of verification tools such as secret images, and or challenge questions. Secret Images works by having a user select one or more images in advance. The images is only known to the customer and the authenticator, the process works by showing this images to the end user, the end user should be instructed that when this image is not present the site is NOT legitimate and to contact a customer service rep as soon as possible. Challenge Questions work by having a user select multiple secret questions in advance, that only the customer and the authenticator are aware of. When authenticating the users are then challenged and respond with the predefined answers.

Less effective, but still valuable methods include

* Do not mass e-mail your customer base with web links directed to your site or any other website. Doing so teaches your customer base to accept web link opening, and to assume trust. This will open you up for Phishing attacks in the future.
* Do not use your authentication credentials, or other Non-public personal information to authenticate your customer base. (e.g. ATM Pin or Social Security numbers used as the password for your online web portal.)
* Log information such as IP address, location information, and computer finger prints to uniquely track any device accessing changing customers data online.
* Be sure to report all incidents of fraud to a law-enforcement agency so that the data can be correlated with other attacks for attack and incident pattern matches.

Applications that attempt to identify Phishing content in both e-mail and web sites usually integrates with Web Browsers and e-mail clients, in the form of a toolbar that displays the real domain name of the website the viewer is about to visit or is currently visiting in an attempt to prevent fraudulent activity.

Kaspersky Scamblocker v6.0
Today with a view of the advertising action - free!
Download and setup Setup_scamblocker.exe

The mini-irony of this one is obvious enough, I take it.

—January 21 2007