One of the more interesting things that popped into my spam filter today was this.. at first glance it appears to be some sort of MLM scam spam:
From: email@example.comSo wtf is this? It looks like it is promoting a site called networking4africa.com (and networking4africa.net) which does exist (but more of that in a moment). But there are a couple of anomalies (highlighted) where the domain is quoted wrongly.. kind of odd for a promotional message. Oh, and September 1st is long gone..
Date: 17 September 2010 10:41
Subject: WOW 6 grand a month from your home
STOP!!! what your doing...do you know 3 people that have $15.00?
And do those people know 3 people that have $15.00?
and what about those people and the ones after that? Join Me With 3 subscribers
and when each subscriber does the same through 10 levels
your income would be $63,982.50 per month
Join Now Pay Nothing Until September 1st.
just get in now before we open to the public.
What if you just did 10% of that.
could you use and extra $6300.00 a month?****
all that for $15.00....
WoW that's the power of People Knowing People, Knowing People Knowing People....
Steven McGregor Owner and Ceo of www.Networking4africa.com and www.networking4afica.net
[personal address redacted]
+27.[personal number redacted]
Chat with me on face book http://www.facebook.com/smcgregor3
Please Note You will get Very rich with This program
Another odd thing is the inclusion of a telephone number and full postal, because be in no doubt that this email is spam. Typically we see this sort of thing when a Joe Job is in progress.. in other words, the spam is being sent maliciously by a third party and the telephone number is included to cause harassment for the victim.
The email originates from 184.108.40.206 which is a dedicated server some outfit called WebExxpurts who are assigned 220.127.116.11/24. A look around the netblock shows something interesting though, a site called iunmetered.com a few IPs away at 18.104.22.168 which is an anonymous VPN service. Given that the originating IP for the spam is a dedicated server (which appears to have no active web sites) then there's a fair possibility that someone is using iunmetered.com to mask their IP address. But why mask your IP address if you are including a telephone number? It seems bizarre, and again perhaps evidence that "Steven McGregor" did not send the email.
Networking4Africa.com itself is hosted on 22.214.171.124 (a completely different network from the email sender), and the WHOIS details do largely match the ones in the spam, but that proves nothing. But now the plot thickens..
126.96.36.199 is in an IP address range which is allocated to "TEK CHANNEL CONSULTING LLC DBA WHOLSALE BANDWITH" (sic). Tek Channel / Wholesale Bandwidth are a very well known spam-friendly firm that has a ROKSO file at Spamhaus. This range has then been reassigned again to Global Virtual Opportunities Inc of Schert, Texas. This range forms part of AS46549 which has been fingered by Google as being pretty evil:
What happened when Google visited sites hosted on this network?
Of the 2755 site(s) we tested on this network over the past 90 days, 371 site(s), including, for example, dontforward.com/, helpfulbackpaintips.com/, ultimatesneakers.com/, served content that resulted in malicious software being downloaded and installed without user consent.
The last time Google tested a site on this network was on 2010-09-17, and the last time suspicious content was found was on 2010-09-16.
Has this network hosted sites acting as intermediaries for further malware distribution?
Over the past 90 days, we found 16 site(s) on this network, including, for example, latenightwarriors.com/, tricitieslifeinsurance.com/, networkonlinereviews.com/, that appeared to function as intermediaries for the infection of 67 other site(s) including, for example, ccll-gtyarmouth.co.uk/, rogersvillelifeinsurance.com/, mediascout.kr/.
Has this network hosted sites that have distributed malware?
Yes, this network has hosted sites that have distributed malicious software in the past 90 days. We found 16 site(s), including, for example, aardvarkville.com/, extraganancias.com/, latenightwarriors.com/, that infected 253 other site(s), including, for example, meb.gov.tr/, anakku.com/, tottochan.jp/.
In other words, this doesn't look like the sort of place a legitimate web site would want to be hosted.
But then what about networking4africa.com itself? Does it tally with the ridiculous "get rich quick" scheme outlined in the email?
It turns out that the site offers an MLM program which gives part of its proceeds to charity. Now, I've never come across any MLM program that is not some sort of scam.. either an out-and-out Ponzi or something that simply fails to deliver what it seems to be promising.
The basic deal is that you join up for $15 of which $5 goes into a fund called the "Helping Portion" which is meant to eventually help children in Africa. What you get for this is unclear, but on the "Products" page are a couple of eBooks (you know the sort of thing).The idea is that if you sign up enough people then you can make a shedload of cash, and some of this will go to the "helping portion".
It gives an example that if 88,572 joined, then it woudl generate $442,860.00 a month for these good causes. But then if 88,572 people simply ponied up $5 a month to Oxfam or a similar charity then it would also generate $442,860.00 a month without participating in some crappy MLM scheme.
And yes.. it is a crappy MLM scheme that is little other than a pyramid scam, according to its own description:
Commissions are paid through a simple unlimited width, 10 level matrix.That's 1 - 3 - 9 - 27 - 81 - 243 - 729 - 2187 - 6561 - 19683 - 59049. Having difficulties visualising that? Well, it looks like this:
This means that you can introduce as many Subscribers as you want and they will appear on your level 1. The subscribers that they refer will be on your level 2 and so on.
You will receive commissions at the following rates for each level:
Level 1 - $2.00
Level 2 - $0.75
Level 3 - $0.75
Level 4 - $0.50
Level 5 - $0.50
Level 6 - $0.50
Level 7 - $0.50
Level 8 - $0.50
Level 9 - $0.75
Level 10 - $0.75
As an example, if you were to only introduce 3 Subscribers and each Subscriber did the same through 10 levels, your income would be $63,982.50 per month. Results will vary from person to person but with a deep matrix your income can be very stable and with unlimited width your potential income is unlimited.
Now, I don't know South African law and I have absolutely no idea to the legality of this scheme.. but legal or not, it is certainly bullshit and dangling the carrot of starving African children is nothing short of dispicable.
Which brings us full circle to the spam email.. it does bear all the hallmarks of a Joe Job, but the target site is a stain on the Internet anyway..
Update: Steven McGregor emailed me to say:
I apologise for the spam e-mail that you received. We have been under attack by a spammer based in the Philippines who has been trying to shut us down, but I believe that we have put a stop to it now.
Just a couple of points:
* The email address that you show in the article does not exist and never has.
* If you look at the full header of the e-mail you will notice that it did not originate from our domain or IP.
* We have authentication protection so it you contact our provider they will verify the above.
* If it was a marketing e-mail their would have been a referral link.
* If I was going to spam I would not include my personal contact details.
[...] We have had everything that we are doing confirmed by an actuary and I don't really care to go into details. The site and our actions cover this sufficiently.[...] Network Marketing is a completely legal business model and not a pyramid scheme.