| View previous topic :: View next topic |
| Author |
Message |
ahoier
SIRT Handler
Joined: Jan 14, 2006
Posts: 1113
Location: USA
|
 Posted: Mon Apr 07, 2008 6:45 pm Post subject: Canadian HealthCare? What a generic name.... |
|
|
I got this spam:
| Quote: | .. FreeViagraPills ...
. Phentrimine
. Tramadol
. FemaleViagra
. & 400 more meds to choose from
Please find your meds on our site
httttttp://kgq.dpeclipse.com
|
and was just curious what brand(s) it would fall under or be related to since there isn't an entry for "Canadian Healthcare" at the spamwiki yet.
It's definately a botnet though! lol....
htttttttttttttp://attevm.com/ is another one...
Surprisingly, not much returned from SpamHaus other than lots of reference to CBL/XBL and "fast flux" (duh?) lol.
|
|
| Back to top |
|
 |
trobbins
SIRT Handler
Premium Member
Joined: Feb 19, 2007
Posts: 1180
Location: USA
|
| Posted: Mon Apr 07, 2008 7:36 pm Post subject: |
|
|
I would use the copycat pharmacies entry in the wiki.
Notice the awards are fake too, most notably the last two that say click here for more details when it isn't clickable.
|
|
| Back to top |
|
|
spamislame
SIRT Handler
Joined: Apr 19, 2006
Posts: 213
|
| Posted: Mon Apr 07, 2008 8:18 pm Post subject: |
|
|
This appears to be yet another of the SanCash properties, given that its order page claims to be "Infinity Secure". Try placing an order and then checkout, without completing. You'll see what I mean.
SanCash uses this page on the following site types:
Diamond Replica
King Replica
Prestige Replica
VPXL / Express Herbal
MaxHerbal
I can't wait til the New Zealand investigation concludes and finally begins taking action against this particular group.
SiL
P.S. If you are making a Wiki entry, please include that its sponsor is SanCash, as most of these other properties include.
|
|
| Back to top |
|
|
ahoier
SIRT Handler
Joined: Jan 14, 2006
Posts: 1113
Location: USA
|
|
| Back to top |
|
|
tembow
Blue Angel
Premium Member
Joined: Oct 10, 2005
Posts: 2942
|
| Posted: Mon Apr 07, 2008 10:23 pm Post subject: |
|
|
The redirector site runs on a botnet, 8 seats, 3-minute refresh. This is a known botnet hosting these brands
* Pharma Shop,
* SwissWatchesDirect,
* Reliable Pharmacy,
* Herbal King
Sample sites on that botnet include
cflastmonth.com
cgforthe.com
chfirsttimes.com
ciinmarch.com
cpeconomy.com
|
|
| Back to top |
|
|
spamislame
SIRT Handler
Joined: Apr 19, 2006
Posts: 213
|
| Posted: Tue Apr 08, 2008 1:40 pm Post subject: |
|
|
| tembow wrote: | | The redirector site runs on a botnet, 8 seats, 3-minute refresh. This is a known botnet hosting these brands |
<snip>
I am noticing a new (to me, anyway) trend with SanCash spammed sites.
Previously we'd see only one family of sites, typically Wondercum and ManXL / Elite Herbal. You'd see the exact same site setup for both. Only one product available, but in multiple quantities, large repeat amounts of spam messages to the same addresses, same segmentation of "sponsors" or claims of legitimacy, same order processing template and response copy. All sites hosted on same IP address as well. (Thousands of distinct spamvertisable domains, using a small family of DNS hosts.)
Then beginning mid-last year, before I was aware they were from the same sponsor, Prestige Replica and Diamond replica. Bogus shopping cart (which remains full after ordering), same order bage template as Elite Herbal / Wondercum, same response copy and order ID's. Again: thousands of distinct domain names all hosted on one single IP address, or at most three. Smaller family of DNS domains, usually some of the same ones used to host Elite Herbal.
Now we see a larger family of the first group (VPXL, WonderCum and MaxHerbal), and slightly more in the second group. The only significant change across both groups is that they now all use the "Infinity Secure" ordering page (which makes sense -- It was all the same output and functionality anyway.)
Now we have this newer group: new pharmacy sites, apparently now using fast flux botnet-provided hosting and dns, but still using the Infinity Secure order page.
I can't remember ever seeing any botnet hosting for any of the previous sites at any time. I previously put that squarely in the realm of Canadian Pharmacy (aka: Spamit / Glavmed group.)
Interesting to me, at least.
SiL
|
|
| Back to top |
|
|
matty700
Cadet
Joined: Jul 05, 2008
Posts: 8
Location: UK
|
| Posted: Sat Jul 05, 2008 8:49 am Post subject: |
|
|
hi yes i get this quite a lot and it is begging to annoy me the problem is that it is all the same
|
|
| Back to top |
|
|
matty700
Cadet
Joined: Jul 05, 2008
Posts: 8
Location: UK
|
| Posted: Wed Aug 20, 2008 1:47 pm Post subject: |
|
|
Im also getting new spam thats taking the name of cnn and a company called FEDEX and they are going around putting on things like Brittany Spears naked and other sorts and it is annoying me
|
|
| Back to top |
|
|
AlphaCentauri
SIRT Handler
Premium Member
Joined: Nov 20, 2003
Posts: 2889
|
| Posted: Wed Aug 20, 2008 5:47 pm Post subject: |
|
|
If that's all you saw, you may have a problem. Those sites will try to install malware on your computer. When I visit with a Mozilla browser, a dialog window pops up saying that it wants to download a file and where should it put it? Then I can either cancel it or change the name to .txt if I want to submit it for testing.
If you use Internet Explorer, it is possible it downloaded a file and started it running without you knowing it was happening.
Anytime you get an unexpected email that appears to be from a trusted source, don't click on the links. Type in the address of that trusted site yourself. And never open any files they tell you to open.
In an html email (one with clickable links) it is very easy to have one address visible but have another one be the real link.
|
|
| Back to top |
|
|
matty700
Cadet
Joined: Jul 05, 2008
Posts: 8
Location: UK
|
| Posted: Wed Sep 10, 2008 3:26 pm Post subject: |
|
|
hi yes thanks i dont click on the links when i go to my email box i have Mcafee installed on my pc and all the spam goes to the spaim box and then i get rid of it.I dont know whether you get this one which i do not understand it is called (you will right josef)
|
|
| Back to top |
|
|
|
|
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
But more information will be needed I'm sure, before "links" can be made.
