A request for evidence from law enforcement. Perhaps Knujon may have some examples in their archives


Herbal King Spam from your archives?

Do you have any samples of spam sent to Hong Kong
(with a ".hk address). I only need approx 10 samples in total of
Herbal King Spam sent from 12 October 2007 to 16 December 2007.

Full headers please, unobfuscated. They will not be published electronically, just produced in court evidence.

May want to try the contact at knujon address, Knujon doesn't appear too active on the forums as of late....but I'm sure they could come up with some samples.

Here's the problem with the herbal king. We've got lots of data on them but my guess is that they are distributed and deployed by kits. What we have may not match the specific incident in question. This situation requires some higher level planning and coordination since the whole picture is going to stretch across jurisdictions.

As AC rephrased, samples of Herbal King spam sent to .hk (hong kong) addresses is what's requested

Now.....I can understand, with all the data you guys are processing, pin-pointing ALL spam that contains a .hk address in the To: or Delivered-To area of the headers, could take a long time, depending on how advanced your search/data queries can be.

And even then, how would that affect evidence if a .hk address was forged/munged into the To:

If your system isn't this advanced, to create a query, and display the results of something like this, perhaps it might be something to look into expanding on, as I feel it could greatly help.

Overall, I don't think the problem here is anything with jurisdictions. But perhaps could lead to a greater investigation if evidence that matches this criteria has been submitted

We looked, we can find things pretty quickly. The issue is that herbal king is a moving target with lots of affiliates. The whole things needs to be taken out at the same time.

Red's not looking for things mailed from Hong Kong, just things with a recipient who is a resident of Hong Kong (or uses a HK mail service). It doesn't matter which affiliates, as we aren't being told whose head is in the noose yet.

All you need to filter is the "To" line, which isn't going to be forged like a "From" line. It all depends whether you have any submitters in Hong Kong -- if so, you'll have a lot of Elite Herbal spam, if you don't have a submitter in HK, you won't have any of their spam mailed to HK.

Understood, I believe that is the case since we don't have any .hk clients.

darn


I was about to edit my post, but it got too late and had to leave to work But AC summed it up quite nicely.

hmmm...where do .hk users hang out on the web? lol....orkut? myspace? Knujon advertising might be good lol.


hmm. wonder if Paul could grab/sort the CC members database by e-mail address, to see if we have any .hk users here....? - and nudge them, to see whether or not they have any specimens? lol.