Sponsored by..

Friday, 26 November 2010

Dynamoo.com is 10!

Dynamoo.com is 10 years old this week! Registered way back on 24th November 2000.. there wasn't much to see back then. Some would argue that there still isn't! Anyway, here's what the site looked like when it was first archived.

My first web site was created sometime in the mid 1990s (can't remember exactly when) and looked like this.


I largely learned about web design in the mid-90's and I think it still shows!

Slimeware sites to block

If you work in corporate IT, then you've probably had users come across sites that appear to be things like Acrobat Reader, Google Earth or some other application.. but are in fact a deceptive way to install some other software (typically some sort of adware). I call this "slimeware".

This list of sites are (in my view) [CSV] offering applications of limited use that you might want to consider blocking. Some example sites trade heavily on well-known names like Avast, Yahoo Messenger, Nero and other well-known apps. Quite a lot of these are sourced via MarketBay. Scroll down for some sample screenshots.

The list includes over 1000 sites of dubious value and a much shorter list of IP addresses (below) which might be easier, plus MyWOT ratings as a guide to the nastiness of the sites. You can download it from http://www.dynamoo.com/files/slimeware01.csv

IP Addresses:
64.38.49.191
64.141.101.204
64.141.103.177
64.150.190.80
67.212.90.67
67.212.90.71
67.212.90.72
67.212.90.73
67.214.176.218
67.215.2.90
67.215.2.98
67.215.2.99
67.215.2.100
84.22.98.11
208.82.121.34
208.82.121.46
208.82.121.69
208.82.121.140

Sample screenshots:







Wednesday, 24 November 2010

MarketBay.. yuk!

This post on the Sunbelt blog about apparently bogus anti-virus software rang a bell.. there was something eerily familiar about this whole operation that I'd seen before. A close examination of these so-called anti-virus sites shows a link to marketbay.com - so these look like some autogenerated affiliate sites or other.

MarketBay are pretty well known for shady practices, for example here and here. Before they were called marketbay.com, they were known as yourclick.com and run by a firm apparently called Three W Networks Ltd (Google it). Everything is hidden behind a shell company in the Bahamas, with a name of David Da Silva connected to it, although this is a fairly common name and it may well be assumed. The company recently changed name to Media Entertainment Guide, still quoting the Da Silva name and a Bahamas address as seen in the WHOIS for marketbay.org which is not privacy protected (unlike marketbay.com).

[As a side note, the historical WHOIS records for marketbay.com identify a previous owner who confirmed that the domain was sold to another party]

The software punted by MarketBay looks to be of questionable use, but that's an accusation that can be made against any one of a number of businesses.. caveat emptor and all that. But at the very least you can say that affiliates are marketing this software deceptively.

Now, the IP address of 67.212.90.64/28 is rather more fruitful to examine. It's a very small block of IP addresses, listed as belonging to Mango Ideas in Canada (note: these sites are no longer hosted there as of March 2011)

There is certainly nothing worth visiting in 67.212.90.64/28 and blocking the whole lot would probably save you some headaches, The block seems to be clean, but for research interest, the sites that WERE hosted are listed in this this CSV file with MyWOT ratings attached.

Update 23/3/11: It appears that most of the sites are no longer hosted here (they appear to have moved to other Canadian hosts), there are a few remaining sites that I can't vouch for one way or another.. as it is, I would suggest that this block is now clean and no longer evil.

Mr Kennedy says that he assumes that the bad sites were probably put on there by a reseller or perhaps a compromised account, and they have a very strict anti-abuse policy.

Friday, 19 November 2010

It's 30 for a reason, part 2

This guy claims that he was doing 20mph before he demolished about 15 metres of fencing, two gateposts and one gate before hitting my house.. backwards. I am largely disinclined to believe him.

I don't know what you have to do to pass a driving test in Lithuania where this guy hails from. I suspect driving backwards into a house isn't part of the test though.

But.. this isn't the first time that this has happened either. Three years ago we were lucky not to be picking body parts out of the garden after this accident.

And the speed limit? 30 miles per hour. It's 30 for a reason..

Monday, 8 November 2010

theciosummits.org / CIO Summits spam

theciosummits.org / CIO Summits is the same outfit as BizSummits  who have a particular spamming technique that has been seen before.

The technique appears to be that they search a website for strings that look like names, and then they try and guess the email address for that person at that domain. Email addresses tend to follow a limited number of formats, so it probably gets a reasonable success rate, but even so.. the name is still scraped and the recipient emailed without opting in to anything.

From: Jason Williams <jwilliams@theciosummits.org>
To: James Studer [redacted]
Date: 8 November 2010 15:06
subject: James, just following-up.
   
Hi James, is now a better time to reach out to you in regards to the CIO
Summit? You received a request on behalf of our Board due to your key
role in the technology field and I'm curious to know if a decision has
been made.

The CIO Summit is an invitation-only group comprised of the very best
executives and visionaries in technology. We meet monthly by
teleconference to exchange what is working, what is not, strategies and
ideas. It is a confidential forum with dedicated groups of other
successful VPs and key executives whose only agenda is to help each other
outperform. Our site is at www.theciosummits.org

I am certain you will find the experience both enjoyable and useful in
your efforts. Please take a look and let me know of your decision. Thanks,
 James.

Sincerely,
Jason Williams
CIO Summits
Tel. (803) 712-3027
www.theciosummits.org


The information contained in this message is confidential and intended
only for James Studer. If you have received this message in error, please
delete it or mail us back if you no longer wish to receive further
invites. For my records, I show your contact information as: James Studer,
 Dynamoocom, [redacted]  800-688-6115 If needed, you can reach
us at 201 17th St, #1200, Atlanta, GA 30363. Thank you.

Who is James Studer exactly? It turns out that he was a contributor to the Orange Book, which I have a section about on my website.. and as with the BizSummits spam I've seen before, the pattern is exactly the same.

CIO Summit's pitch looks fairly deceptive. They have guessed an email address, apparently to make it look like we have a prior relationship. It's worth noting as well that the BBB give parent BizSummits a very poor "F" rating which definitely makes it look like one to avoid.

Massive yourfreeworld.com / downlinegoldmine.com spam run

Sometimes it is difficult to tell if a spam run is a Joe Job, or if the spammer is really a moron.

Over the past few hours, a massive spam run has been caught by several spamtraps and has also been spammed out heaving to spamcop.net email addresses:

From: Rohit Seth - YourFreeWorld <seth@yourfreeworld.com>
Date: 8 November 2010 07:39
Subject: Amazing New MLM Scripts, Mass Mailers, Downline Builders
   
- Hide quoted text -
Check out our amazing range of money making matrix scripts, bulk emailers, safelists, banner ad scripts and downline builders.

Check out our latest additions too by bookmarking our site and checking it often.

Our ingenious affiliate program integrates your ClickBank ID into your affiliate link. So when someone comes to our page and conducts a search for any ClickBank product, YOU can make up to 75% commissions with very little effort!

"Imagine earning commissions hand over fist 24 hours a day, 7 days a week, 365 days of the year -- even while you're sleeping! This is truly a no-effort style affiliate program that maximises multiple income streams."

http://www.yourfreeworld.com

or make monster cash for the holidays by becoming a reseller of our fantastic scripts, it's that simple!

http://www.downlinegoldmine.com

If you are ready to start to MAKE MONEY online, Downlinegoldmine.com is the place to do it! We will give you the keys to build your Downline, to create your own Downline Program and to learn winning techniques so that you can sit back and let the earnings begin!

From the desk of Rohit Seth
Delhi
India

WHOS details are consistent with the message:
  Registrant :
    Name: Rohit kumar Seth
    Organization: Dr. M.Seth & Co.
    Address: S-5,Naveen Shahdara
    City: Delhi
    State: DE
    Postal Code: 110032
    Country: IN
    Phone: +91.0112232
    Fax:
    Email: rolovedeep@yahoo.com


The originating IP is 64.244.62.22 [Point North Networks / XO Communications, US] pointing to two spamvertised sites, downlinegoldmine.com on 72.29.67.174 and yourfreeworld.com on 66.7.201.119  [both at Hostime, Orlando].

Almost all MLMs are some sort of scam, and these are two sites promoting MLMs. But these sites also promote "safe email sendlists", but clearly sending hundreds of spam emails to spamtraps is clearly a poor definition of "safelist".. it's almost as if this activity is deliberately designed to generate spam complaints..

..and here's the thing. There's no evidence linking 64.244.62.22 to the alleged sender, and sending massive amounts of the same email to SpamCop.net addresses is either a massively stupid move, or it could be a deliberate attack on these sites by an unknown party.

In my opinion, both yourfreeworld.com and downlinegoldmine.com look like crappy sites that are worth avoiding. 

Monday, 1 November 2010

europa-consult.com job offer scam

Another scam email in a long-running series of fake job offers, this time using the domain europa-consult.com (not to be confused with any companies of a similar name).

for CV #19


EXPANDING COMPANY LOOKING FOR SALES SUPPORT/ADMINISTRATIVE ASSISTANT TO HELP US! FULL IN HOUSE PRODUCT TRAINING IS PROVIDED!

COMPETITIVE INDIVIDUALS.....START ASAP!

Who are we:
We are an international leading property investment and development company.
Our firm has recently acquired new clients and are continuing to expand to new locations across the US.
We are inlolved in a variety of activities that include construction, realty management, investment sector,
rental services etc. Right now we are working on more than 10 objects around the world, primarily in Europe, United Kingdom and North America.

Our Mission:
If you have an oustanding experience in sales and administration, we would welcome you immediately!
If you don't have a formal qualification but have gained skills and knowledge through experience - apply today!
We also equip new grads or candidates with no experience with the experience they need to build a successful business in the field of sales,
advertising, or marketing. Many high school grads or college & university students hear employers tell them they need more experience.

WE ARE LOOKING TO GIVE YOU THAT EXPERIENCE!

What you'll be doing: You will conduct comprehensive residential and/or small commercial property audits.

Other duties of the Administrative Assistant/Sales Support include, but are not limited to:
Incorporating effective priorities for the virtual office function
Administer day-to-day financial responsibilities for our clients
Reporting online daily
Preparing brief summary reports, and weekly financial reports

What's in it for you: - Excellent Pay (guaranteed Euro 725/weekly) - Great Opportunity
All compensation/salary is paid biweekly. Compensation involves uncapped earnings and bonuses.

If you are interested, please reply to : info@europa-consult.com with your latest CV.

Best regards,

Claire Haynes
Hiring Manager

The WHOIS details look very familiar:

Registrant:
    Aleksandr Lapatau
    Email: lapatasker@earthling.net
    Organization: Private person
    Address: Lenina, 34, 8
    City: Minsk
    State: Minskaya
    ZIP: 456123
    Country: BY
    Phone: +375.172427204 



Avoid.