Subject: I will be glad to get to know you
Hello! How are you? I hope you are ok. I am Anete.
You remember, we have got acquainted with you at dating site?
You have given me your email and today I write to you.
I think, now we can begin our acquaintance. I will be glad! Hope you too.
I am 30 years old. I want to find the man and to create serious relationship.
I want, that you have answered me if you still want to know me.
I send you my photos, and I want, that you do the same.
I will be glad to get to know you more close.
Please reply only to my personal e-mail: utinanete@BonBon.net
I look forward your answer. With the best regards, Anete...
Thursday, 13 May 2010
Dating scam: "I will be glad to get to know you"
There have been quite a few dating scams soliciting replies to BonBon.net lately, and coming with an attached photo. This one is meant to be "Anete".. what do you mean, you don't remember Anete? Anyway, it's probaly some fat sweaty Russian bloke trying to part you from your cash, so avoid this one.
Labels:
Dating Scams,
Scams,
Spam
Monday, 10 May 2010
Evil network: Sagade Ltd / ATECH-SAGADE
There's been an awful lot of badness from Latvia recently, with several fake AV apps and other Very Bad Things hosted in the range 91.188.59.0 - 91.188.59.255, which appears to be a wholly bad subnet of pure evil. It looks like a similar setup to Real Host Ltd which was shut down last year.
inetnum: 91.188.59.0 - 91.188.59.255
netname: ATECH-SAGADE
descr: Sagade Ltd.
descr: Latvia, Rezekne, Darzu 21
descr: +371 20034981
remarks: abuse-mailbox: piotrek89@gmail.com
country: LV
admin-c: JS1449-RIPE
tech-c: JS1449-RIPE
status: ASSIGNED PA
mnt-by: AS6851-MNT
source: RIPE # Filtered
person: Juris Sahurovs
remarks: Sagade Ltd.
address: Latvia, Rezekne, Darzu 21
phone: +371 20034981
abuse-mailbox: piotrek89@gmail.com
nic-hdl: JS1449-RIPE
mnt-by: ATECH-MNT
source: RIPE # Filtered
% Information related to '91.188.32.0/19AS6851'
route: 91.188.32.0/19
descr: BKCNET Autonomous System
descr: IZZI SIA
descr: Ieriku 67a, Riga, LATVIA
origin: AS6851
mnt-by: AS6851-MNT
source: RIPE # Filtered
All these websites appear to be malicious, I cannot find a single site that I can identify as being legitimate. Most have obviously fake WHOIS details too. I would recommend blocking access to the whole IP block.
1zabslwvn538n4i5tcjl.com
Urodinam.net
A-fast.com
00g00.ru
Odnotraxniki.ru
Td0.ru
Kerrimckeetq.info
Maiamaribeihlv.info
Marguriiexyhamlin.info
Privatetechnology.biz
Syscodec.com
Systemcodec.net
Traffcash.biz
Kimirleonarda.info
Nitrosearch.info
Fastglobosearch.com
Likinto.com
Mcml1.com
Trol0l0.com
Mokato.com
Ziko.in
Viasot.com
Billsolutions.net
Fastsecurebilling.com
Fast-payments.com
Easypayments-online.com
Billingonline.net
Lotise.com
Manytis.com
Membernameserver.com
Ossarix.com
Soterpo.com
Stepil.com
Winepsy.com
Zingis.com
Bombastats.com
Pornowars.info
Superspuperporn.com
Pornopeace.info
Smackmybitch.info
Belleplaceurl.com
Christophecoinurl.com
Coinurlredirect.com
Coinurlredirection.com
Endroiturlredirect.com
Glossipfd.com
Goldcoinurl.com
Gork.in
Gulk.in
Hnarmettis.com
Hotelplaceurl.com
Lieuurlredirect.com
Mnuyetsgrr.com
My654bestsite.com
Nuvolokijj.com
Parkplaceurl.com
Polk.in
Rozg.in
Samk.in
Sekmoon.net
Silvercoinurl.com
Sumk.in
Vvven.in
Worldplaceurl.com
Zoid.in
Smackbybitch.com
Videosite1.com
Beeape.com
Supercrazynight.com
Supersporns.com
Sys-force.ru
Firsttunesclub.in
Viiistifor1.com
Visiocarii1l.net
Skachivay.com
Allforyouplus.net
Hotfilesfordownload.com
Allforil1i.com
Alltubeforfree.com
Allxtubevids.net
Freeanalsextubemovies.com
Freetube06.com
Freeviewgogo.com
Homeamateurclips.com
Hotxtube.in
Hotxxxtubevideo.com
Iil10oil0.com
Ilio01ili1.com
Illinoli1l.in
Porn-tube-video.com
Porntube2000.com
Porntubefast.com
Viewnowfast.com
Viewxxxfreegall.net
Xhuilil1ii.com
Yourbestway.cn
Youvideoxxx.com
Cern-a.com
Xbasex.com
Rowfirst.com
Autouploaders.net
Poafirst.com
Rodfirst.com
Solaruploader.com
Noafirst.com
My-best-web.com
Pakwer.com
Kdjkfjskdfjlskdjf.com
Stablednsstuff.com
Oklahomacitycom.com
inetnum: 91.188.59.0 - 91.188.59.255
netname: ATECH-SAGADE
descr: Sagade Ltd.
descr: Latvia, Rezekne, Darzu 21
descr: +371 20034981
remarks: abuse-mailbox: piotrek89@gmail.com
country: LV
admin-c: JS1449-RIPE
tech-c: JS1449-RIPE
status: ASSIGNED PA
mnt-by: AS6851-MNT
source: RIPE # Filtered
person: Juris Sahurovs
remarks: Sagade Ltd.
address: Latvia, Rezekne, Darzu 21
phone: +371 20034981
abuse-mailbox: piotrek89@gmail.com
nic-hdl: JS1449-RIPE
mnt-by: ATECH-MNT
source: RIPE # Filtered
% Information related to '91.188.32.0/19AS6851'
route: 91.188.32.0/19
descr: BKCNET Autonomous System
descr: IZZI SIA
descr: Ieriku 67a, Riga, LATVIA
origin: AS6851
mnt-by: AS6851-MNT
source: RIPE # Filtered
All these websites appear to be malicious, I cannot find a single site that I can identify as being legitimate. Most have obviously fake WHOIS details too. I would recommend blocking access to the whole IP block.
1zabslwvn538n4i5tcjl.com
Urodinam.net
A-fast.com
00g00.ru
Odnotraxniki.ru
Td0.ru
Kerrimckeetq.info
Maiamaribeihlv.info
Marguriiexyhamlin.info
Privatetechnology.biz
Syscodec.com
Systemcodec.net
Traffcash.biz
Kimirleonarda.info
Nitrosearch.info
Fastglobosearch.com
Likinto.com
Mcml1.com
Trol0l0.com
Mokato.com
Ziko.in
Viasot.com
Billsolutions.net
Fastsecurebilling.com
Fast-payments.com
Easypayments-online.com
Billingonline.net
Lotise.com
Manytis.com
Membernameserver.com
Ossarix.com
Soterpo.com
Stepil.com
Winepsy.com
Zingis.com
Bombastats.com
Pornowars.info
Superspuperporn.com
Pornopeace.info
Smackmybitch.info
Belleplaceurl.com
Christophecoinurl.com
Coinurlredirect.com
Coinurlredirection.com
Endroiturlredirect.com
Glossipfd.com
Goldcoinurl.com
Gork.in
Gulk.in
Hnarmettis.com
Hotelplaceurl.com
Lieuurlredirect.com
Mnuyetsgrr.com
My654bestsite.com
Nuvolokijj.com
Parkplaceurl.com
Polk.in
Rozg.in
Samk.in
Sekmoon.net
Silvercoinurl.com
Sumk.in
Vvven.in
Worldplaceurl.com
Zoid.in
Smackbybitch.com
Videosite1.com
Beeape.com
Supercrazynight.com
Supersporns.com
Sys-force.ru
Firsttunesclub.in
Viiistifor1.com
Visiocarii1l.net
Skachivay.com
Allforyouplus.net
Hotfilesfordownload.com
Allforil1i.com
Alltubeforfree.com
Allxtubevids.net
Freeanalsextubemovies.com
Freetube06.com
Freeviewgogo.com
Homeamateurclips.com
Hotxtube.in
Hotxxxtubevideo.com
Iil10oil0.com
Ilio01ili1.com
Illinoli1l.in
Porn-tube-video.com
Porntube2000.com
Porntubefast.com
Viewnowfast.com
Viewxxxfreegall.net
Xhuilil1ii.com
Yourbestway.cn
Youvideoxxx.com
Cern-a.com
Xbasex.com
Rowfirst.com
Autouploaders.net
Poafirst.com
Rodfirst.com
Solaruploader.com
Noafirst.com
My-best-web.com
Pakwer.com
Kdjkfjskdfjlskdjf.com
Stablednsstuff.com
Oklahomacitycom.com
Labels:
Black Hat,
Evil Network,
Hosting,
Latvia,
Malware,
Sagade Ltd
Thursday, 6 May 2010
"I live in a city under name Kirov"
Unlike some other dating scam emails promoting very young women, this particular one claims to be from a 37-year-old economist, which I guess might say something about their target audience. In reality, "Mariya" is probably a fat sweaty male Russian who is trying to scam you out of some money.
Date: 6 May 2010 09:44
Subject: I live in a city under name Kirov
Hello my the surprised Friend!
I understand, that you are surprised now, when this letter has arrived to you. BUT I ASK YOU TO SPEND 5 MINUTES, your time and have read it up to the end then probably it will change your and my life. At first I wish to tell a little about myself. My name is Mariya. To me of 37 years. I live in a city under name Kirov, it is a small city in northern part of Russia. I not married and never was. I also do not have children. I have left school then has finished institute on a
trade of "economist". If it is interesting to you I will necessarily tell about it, but now not in it the purpose dear friend. Recently, I watched TV and saw, that in Russia there are 35000000
women who live without men, and there are such agencies of marriage which have many electronic addresses, and such agency can help to find for women the suitable man. I have gone to one of such agencies, and have addressed to them with inquiry that they have found for me the
good man. They have informed at once me, that in Russia I should search for the good and decent man very long time. Then they have offered me acquaintance to the man from other country, on what I have looked from a positive side. As I know, that at us in the country of the man, do not appreciate women, is possible because women several times more.
In general, I have agreed to strike up acquaintance to the man from other country, and they have given me your electronic address. Having told that you the lonely fair and decent man who searches for the woman for creation of relations. Then I took your electronic address and have gone to the cafe Internet to write you the letter. Here now you can my letter see. I have written you it with hope, that you will answer to me. I have inserted one my photo that you could see, my appearance and to solve for you directly completely, you will like to begin dialogue and relations with me or not. Only I ask, concern my letter seriously, look my photo, the letter, think and solve, precisely you would like to have the correspondence with me? I do not wish to be the friend, it is not necessary, I am ready to serious relations. It is very necessary to love, give my love to the MAN and family creation. If you really wish to have serious relations with me
write to me. If you do not want to have a relationship with me, just do not respond to my letter, I can understand everything myself. And nevertheless, I wish to tell to you, that my photo is made not professionally, but you see me, such what I in a life. And you can precisely define such woman as I am necessary for you or not. Very big inquiry as wanted if you however interested in me write to me about your e-mail where we can speak with you and small good photos you. Like everything, that I wished to tell you, and now I only need to wait from you for the answer, and I hope you write to me. If I was not pleasant to you, or serious relations are not necessary for you then do not write me anything, I will understand!
I hope your new friend, I hope that I can become for you friend Mariya!
You can send your letter and photo to this email address: mashalovers@BonBon.net
The lonely woman from Russia Mariya.
Labels:
Dating Scams,
Scams,
Spam
Saturday, 1 May 2010
Scam: "The big prospects for intelligent people from England and other regions"
Another money mule scam dressed up as a job offer from an estate agents. The estate agent pitch seems popular at the moment, having come up recently here and here.
From: Heather Crum
Date: 1 May 2010 01:31
Subject: The big prospects for intelligent people from England and other regions
I am HR manager in international real estate agency.
Your electronic address is taken from base of people who are searching for the job. We have the job offer for you. If it is an error and you aren’t searching for the job or you aren’t interested in additional earnings, please ignore this message. We apologize for spent time.
If you are interested in this offer, you need to address to e-mail: Schiavone.Basso@HotPOP.com
The basic direction of our company: The search of clients and partners. Sale, resale and rent of the elite real estate and the industrial areas.
Required qualities for the post:
Practical knowledge of the program “Microsoft Office Word”.
Ability to communicate, intelligence.
Experience in commercial activity is welcomed.
The knowledge of the Italian language and of other languages is welcomed.
The minimum salary is 2000 euro. Frequently the monthly income exceeds 10.000 euro. It all depends on intelligence of the Agent and on his desire and ability to work to his full extent.
For the additional information can refer to the electronic address which is specified above.
Yours faithfully, on behalf of all employees “Europe Real Estate”.
Labels:
Money Mule,
Scams,
Spam
Friday, 30 April 2010
What is this I don’t even
Seriously, no.
Labels:
WTF
Why doesn't Windows include native PDF reader support?
F-Secure asks: Why doesn't Windows include native PDF reader support? Perhaps it's time for Microsoft to act in character and help kill off Acrobat Reader for good.
"I am looking for the second half"
A straightforward dating scam email, but one notable for including a picture of a pretty Russian girl, which most spammers don't bother with. In any case, if you respond to "Natalia" (who is probably note even a woman in real life) then you'll soon find that she has unexpected "expenses" that will require you to send money..
Subject: I am looking for the second half
HELLO!!! My name is Natalia! I live in Russia, dating site, I am looking for the second half. I want to find true love, I loved your profile, I would like to continue with you dialogue.
If you do not mind to write me an e-mail: mamaevanatalia20@HotPOP.com
I am very tired of being single. I really want to build a serious relationship. I'll be glad to communicate ..... Natalia
Labels:
Dating Scams,
Scams,
Spam
Tuesday, 27 April 2010
I have a bad feeling about Donald Trump..
I have a bad feeling about Donald Trump.. one day he might become president.
Friday, 23 April 2010
"Twitter Support" phish
This phish claims to be from Twitter, but it actually redirects to a fake site at adcopy.awbweb.com/differential.html hosted on 216.81.74.9 which appears to be a legitimate site that has been hijacked.
From: Twitter Support <support@twitter.com;>
Subject: Undelivered Message 52-629
Hi,
You have 1 unread message(s)
http://twitter.com/account/message/0C5B9-C2FEF
The Twitter Team
Please do not reply to this message; it was sent from an unmonitored email address. This message is a service email related to your use of Twitter. For general inquiries or to request support with your Twitter account, please visit us at Twitter Support.
Wednesday, 21 April 2010
nettempsin.co.uk / NetTemps Inc scam
There are probably plenty of legitimate companies with names like "NetTemps Inc", but this money mule scam email soliciting replies to nettempsin.co.uk is not from one of them.
Unusually, the mail server that deals with replies is multihomed:
In any case, this is just a Money Mule scam and it should be avoided.
From: "Polly Richardson"
Subject: representatives wanted
Looking for a job? My name is Juliette Barnes, I am a recruiting manager of NetTemps Inc, a recruiting agency for direct-hire, contract, and freelance professionals within various professions.
Today I would like introduce some part-time and virtual office vacancies in the spheres of Advertising, Education, Engineering, Finance, Health care, Information technology, Media, Real estate and Transportation.
If you are interested to learn more about the jobs offered, please get back to me, providing your name and contact number.
We are eager to help you find a better job and improve your career!
If you have questions, please do not hesitate to e-mail me on:
c v @ n e t t e m p s i n . c o . u k [please delete spaces in the email address before sending it to us]
Yours sincerely,
Juliette Barnes
NetTemps Inc
==================================
Unusually, the mail server that deals with replies is multihomed:
- 79.125.134.191 [ADSL subscriber, Macedonia]
- 91.41.145.247 [Deutsche Telekom dial-up subscriber, Germany]
- 83.132.68.62 [TVCABO cable modem, Portugal]
- 87.116.150.117 [Broadband customer, Serbia]
- 186.137.3.195 [Cablevision customer, Argentina]
In any case, this is just a Money Mule scam and it should be avoided.
Labels:
Money Mule,
NetTemps Inc,
Scams,
Spam
Tuesday, 20 April 2010
martin-argiento.eu / Martin Argiento scam
A slight remix of this money mule scam from last month, but with a slightly different name.
Mail is directed to 85.112.126.89 in Russia [colocat.ru] but there is also a website hosted at 188.130.250.248 in Latvia [Fastmedia].
There's a whole bunch of badness on the same server in Russia, all of which should probably be avoided:
Subject: The Italian company is looking for reliable partners
From: "Cindy Jeffers"
Date: Tue, April 20, 2010 6:03 pm
Dear Mr\Ms
My name is Martin Argiento. I am the manager in international real estate agency Europe Real Estate.
At present, we increase the number of part-time employees on the territory of England and other regions. In this connection, we carry on hiring new employees for the post of the regional real estate Agent.
Activity of the agent:
The search of the clients, advertising of the company.
Purchase \sale of the elite real estate.
Talks.
The monitoring of the market in several region.
Required qualities for the post:
Practical knowledge of the program Microsoft Office Word.
Ability to communicate, intelligence.
Experience in commercial activity is welcomed.
The knowledge of the Italian language and of other languages is welcomed.
The minimum salary is 2000 euro. Frequently the monthly income exceeds 10.000 euro.
It all depends on intelligence of the Agent and on his desire and ability to work to his full extent.
For the additional information refer to the electronic address:
realestate@martin-argiento.eu
Yours faithfully, on behalf of all employees Europe Real Estate.
Mail is directed to 85.112.126.89 in Russia [colocat.ru] but there is also a website hosted at 188.130.250.248 in Latvia [Fastmedia].
There's a whole bunch of badness on the same server in Russia, all of which should probably be avoided:
- agency-sunsea.com
- allinwondernews.com
- apolcentral.com
- apolonline.com
- argiento.com
- argiento.eu
- argiento.net
- beastdat.com
- beinorder.com
- bgrealty.org
- bm-holding.com
- cannibalcannibalistic.com
- catcherscatherine.com
- cemeterycentaurus.com
- cephaliccerebrum.com
- cesspoolchainsaw.com
- chelseacinderblock.com
- clubdatingckoo.com
- coleldatingcom.com
- comdatinghorse.com
- comecloserit.com
- confessionconducting.com
- corporectomycorpus.com
- crowpathcuernos.com
- cunthuntcraniotomy.com
- dacelie.com
- datdos.com
- datingfooool.com
- datinggogocolelc.com
- datingord.com
- datingsermon.com
- datingswot.com
- datomg.com
- datyandel.com
- decapitationcattle.com
- forurelax.com
- freedom-dating.com
- gaterk.com
- goforitdear.com
- gogodatinghorn.com
- gskcorp.com
- handshakesharvest.com
- hatebeakhereafter.com
- hereufame.com
- hornydatingyou.com
- ise-sl.com
- itmakesuhappier.com
- josetxe-financiero.com
- klaipedetis.com
- lovesexdatings.com
- mail.swpost.net
- martin-argiento.eu
- myapol.com
- negligentcondemned.com
- new-crash.com
- olsen-rossi.com
- oppsmyhotty.com
- orddating.com
- prime-techno.net
- pro-job24.com
- qgraphicinstalls.com
- rdnets.com
- reallyforu.com
- shekelsta.com
- shufersalta.com
- swpost.net
- umap-btl.com
- uwillhappy.com
- youthesuperman.com
- znakomilka.com
Labels:
Money Mule,
Scams,
Spam
Monday, 19 April 2010
MICROSOFT WINDOWS-2010 lottery scam
A French language advanced fee fraud scam email with a colourful PDF file attached. The PDF does seem to be free of viruses, but you should never open unsolicited Acrobat documents from untrusted sources as they often carry a virus.
Subject: BONJOUR Mr/Mme
From: "DOMINIQUE LOVERS"
Date: Mon, April 19, 2010 10:44 am
BONSOIR Mr/Mme
Nous sommes heureux de vous annoncer que vous faites partie des heureux
gagnants de la loterie MICROSOFT WINDOWS-2010, veuillez prendre connaissance du message en pièce jointe, ensuite contacter l'huissier de justice du Maître JEAN MICHEL .
E-MAIL: jean-michel.brousseau@live.fr
Veuillez surtout lui faire parvenir votre numéro de lot et vos informations
Ci-dessous en vue de vous donner la procédure de retrait de votre gain.
Recevez nos sincères félicitations.
Bonne compréhension à vous
MICROSOFT WINDOWS
Direction Marketing
Mr WEI ANDRE
Labels:
Lottery Scam,
Scams,
Spam
Saturday, 17 April 2010
euvacant.com job offer scam
This is some sort of money mule operation, euvacant.com has the domain registered with hidden details though a registrat in China, the website and mail server are hosted at 178.162.135.100 which is Pegashosting Network in the Ukraine.
In this case the originating IP was 190.22.247.165 in Chile. Avoid.
Note that the return email address varies, another example used "c v 2 @ e u v a c a n t . c o m" but in all cases the domain seems to be the same.
Subject: part-time employment in Europe
From: "Katheryn.Parra"
Date: Sat, April 17, 2010 7:38 am
Hi,
West Union Group is searching for a European representative in order to satisfy the
requests of our well respected costumer. To be welcome to our team you need to be a
communicative person and to possess the skills in proper customer care.
We provide you with:
- Flexible schedule
- Good salary
- We pay-off all taxes for you
- Insurance
To obtain more information, please fill up the form below and send it to:
r e p l y 9 @ e u v a c a n t . c o m [please delete spaces in the email
address before sending it to us]
First Name:
Last Name:
Country:
E-Mail:
Contact Number:
Best time to contact you:
Attached resume is preferable
Our operators will contact you and will assist all your questions.
Position available for European citizens only!
Best Regards HR Management of West Union Group
In this case the originating IP was 190.22.247.165 in Chile. Avoid.
Note that the return email address varies, another example used "c v 2 @ e u v a c a n t . c o m" but in all cases the domain seems to be the same.
Labels:
Job Offer Scams,
Lapatasker,
Money Mule,
Scams,
Spam
Wednesday, 14 April 2010
"IMPORTANT: Royal Mail Delivery Invoice #1092817" Virus / Trojan
The wording may vary, but this is a PDF exploit currently doing the rounds pretending to be from Royal Mail. Sophos, F-Secure and Avast detect it along with some other products (VT results here) but otherwise detection is patchy.
The bad PDF file looks like some sort of calendar, I have not yet been able to analyse exactly what sort of evil things it does.
If you still use Adobe Acrobat then you should make sure that you update to the latest version which is 9.3.2, or use an alternative like Sumatra.
Subject: IMPORTANT: Royal Mail Delivery Invoice #1092817
From: "Royal Mail" <delivery@royalmail.com>
Date: Wed, April 14, 2010 11:28 am
We missed you, when trying to deliver.
Please view the invoice and contact us with any questions.
We will try to deliver again the following business day.
Royal Mail.
Attachments:
Royal_Mail_Delivery_Invoice_1092817.pdf
The bad PDF file looks like some sort of calendar, I have not yet been able to analyse exactly what sort of evil things it does.
If you still use Adobe Acrobat then you should make sure that you update to the latest version which is 9.3.2, or use an alternative like Sumatra.
Monday, 12 April 2010
FarmTown, impressionclub.com and justimpression.com
Sandi at Spyware Sucks reports that the popular(ish) Facebook game of FarmTown (not FarmVille) has be compromised, possibly through a malicious banner.
The domain justimpression.com has been fingered as part of the malware chain, registered to the infamous "Private person" of:
The site is hosted on 64.120.176.42 along with a site called impressionclub.com. "Impression Club" claims to be a Pennsylvania based company that has been in business for four year, except the domain was only registered in January 2010 with anonymous contact details, and Russian nameservers.
You can probably count impressionclub.com as a rogue ad network and one to avoid.
The FarmTown developers have a forum thread about the problem (one poster identifies an ad for greetingcards.com as the culprit) and there are several threads on Facebook about this [1] [2] [3] [4] [5] which also point at the following domains as being part of the chain
All these domains are registered with apparently false details, there are probably a bunch more but I'm having difficult resolving the IPs at the moment.
This could be a fairly big deal, Quantcast reports that justimpression.com has a traffic rank of 6,227 and pulled in 329,000 US visitors during February.
This is another good reason to block Facebook in corporate enviroments, and also a useful warning that you need to be very, very careful when selling ad space!
The domain justimpression.com has been fingered as part of the malware chain, registered to the infamous "Private person" of:
Registrant:That email address is pretty well known for malware distribution.
Private person
Armand Gregori (armandgregory3@gmail.com)
Federicsshopen via 3
Katowice
Katowice,S589FG
PL
Tel. +34.41528965
Creation Date: 17-Dec-2009
Expiration Date: 17-Dec-2010
Domain servers in listed order:
ns2.reg.ru
ns1.reg.ru
The site is hosted on 64.120.176.42 along with a site called impressionclub.com. "Impression Club" claims to be a Pennsylvania based company that has been in business for four year, except the domain was only registered in January 2010 with anonymous contact details, and Russian nameservers.
You can probably count impressionclub.com as a rogue ad network and one to avoid.
The FarmTown developers have a forum thread about the problem (one poster identifies an ad for greetingcards.com as the culprit) and there are several threads on Facebook about this [1] [2] [3] [4] [5] which also point at the following domains as being part of the chain
- scan-and-protect3.com
- scan-and-protect5.com
- scan-and-protect7.com
- scan-and-protect8.com
- scan-and-remove10.com
- scan-and-remove55.com
- scan-and-remove99.com
- 1server-antivirus.com
- 2server-antivirus.com
- 4server-antivirus.com
- 6server-antivirus.com
- 1web-antivirus.com
- 2web-antivirus.com
- try6-your-scanner.com
- 111-your-scanner.com
- 222-your-scanner.com
- basketballtickets2.com
- batman2010.com
- spread2010.com
- terminator-2010.com
All these domains are registered with apparently false details, there are probably a bunch more but I'm having difficult resolving the IPs at the moment.
This could be a fairly big deal, Quantcast reports that justimpression.com has a traffic rank of 6,227 and pulled in 329,000 US visitors during February.
This is another good reason to block Facebook in corporate enviroments, and also a useful warning that you need to be very, very careful when selling ad space!
Labels:
Facebook,
Malvertising
Tuesday, 6 April 2010
reycorporacion.com - bogus job offer
A slightly unusual twist to bogus job offers, this one solicits replies to reycorporacion.com which appears to be a legitimate company, but it looks like the mail has somehow been compromised.
Subject: Position OpeningNothing in the registration details, IP address or MX records looks particularly suspect, so it is likely that the reycorporacion.com server has been compromised in some way. In any case, avoid this job offer as it will be some sort of Money Mule operation. If you get one of these, then I recommend alerting the web host abuse-server -at- strato.de to the problem.
Speech of welcome
I am a representative of the HR department of a large international company. Our company has been working in different fields, such as:
- real estate companies setting-up and winding-up bank accounts opening and maintenance logistics private undertaking services etc.
We are making a regional managers team in Europe now:
- salary 2.600 euro + bonus
- part-time employment
- flexible work time
If our offer is interesting for you send us the below information on our e-mail address: marta.urzola@reycorporacion.com
Name:Surname:Country:E-mail:Mobile phone-number:
Note! We are searching Europeans only!
Please, write you
Labels:
Job Offer Scams,
Lapatasker,
Money Mule,
Scams,
Spam
"Represent Party" / representparty.org spam
Sent to a postmaster role account.. classy.
Anyway, how's this for a positive idea.. stop f**king spamming me.
From: Represent [mailto:ben.lynch@representparty.org]Originating IP is 109.228.0.79 which also hosts representparty.org and representparty.com. It will probably come as no surprise to see that this IP address belongs to Fasthosts in the UK who are very tolerant of bulk emailers like this.
Sent: 05 April 2010 16:22
To: UK Postmaster
Subject: How would you improve the UK - we need your ideas.
Hi,
How would you improve the UK - we need your ideas.
We have just launched a new website ‘Represent’ – and we are looking for ideas on how to make the UK a better place - any ideas will do as long as they are positive.
All ideas submitted will be published on the website where they can be rated to find the most popular ideas for improving the country.
Go to http://www.representparty.org <http://www.representparty.org/>, register (this does not mean you are joining any organisation it helps you to add ideas and rate other ideas) and add your ideas. Remember the website is new so there may not be many ides at the moment but bear with us as we process the ideas uploaded and we’ll get more ideas published as soon as possible.
Thank you for your time.
Regards
Ben Lynch
Represent
PS – If you believe that this email was intrusive please accept my apologies. If you do not want to receive any further emails from us please click on the link below.
http://www.representparty.org/unregister.aspx?action=unsubscribe&value=[redacted]
Anyway, how's this for a positive idea.. stop f**king spamming me.
Thursday, 1 April 2010
Wednesday, 17 March 2010
argiento.eu / Piccini Real Estate Company scam
This is a money mule scam, email originating from a hacked PC in Brazil, site hosted on 188.130.250.248 in Latvia which is a well-known bad IP address.
Note that there are several reliable real estate companies with "Piccini" in the name, this scam is not related to any of these companies. Avoid.
Note that there are several reliable real estate companies with "Piccini" in the name, this scam is not related to any of these companies. Avoid.
From: "Kathryn Crum"
Subject: The Italian company is looking for partners in England
Date: Wed, March 17, 2010 2:15 pm
Dear
My name is Martin Argiento. I am working in the international real estate agency Piccini Real Estate. Our company is registered in Italy.
Currently we are taking on the employees to hold a post of regional agents. We have a vacancy which you could fill.
Your electronic address, is taken from a database of the company which is engaged in employment. If it is an error, or if you do not have time, or you are not interested in this offer, we ask you to ignore the message. We apologize for the wasted time.
The vacancy description:
The salary from 2000 Euros.
Non fixed working ours.
The guaranteed prospect.
Requirements:
Practical knowledge of the program Microsoft Office Word.
Having skills in Microsoft Office Excel.
Ability to communicate, intelligence, responsibility.
Ability to come to an understanding with people and to carry on negotiations.
Experience in commercial activity is welcomed.
If you are interested in cooperation, please send mail on the electronic address: m@argiento.eu
On behalf of employees of Piccini Real Estate company.
Labels:
Money Mule,
Scams,
Spam
Thursday, 4 March 2010
"west-es-company.com" scam job offer
This is another money mule email, soliciting replies to west-es-company.com which is hosted at 193.104.94.57 in the Russian Federation along with a whole bunch of other badness.
Subject: hello!
From: "Ronald"
Date: Thu, March 4, 2010 11:10 am
Hello,
My name is Ronald and our company currently has several positions it needs to fill in your region.
We are a well known company with offices throughout Europe, Asia and North America.
Our current turnover is over 130 million annually and we are still seeking for expansion.
I have 12 vacancies of Financial Assistant that need to be fulfilled immediately.
Major operational duties are prompt receiving and processing customerÂ’s payments for their further transfer according to the specified method. Detailed work scheme will be provided upon request.
I am looking for self-motivated individuals with strong work ethics and ability to schedule work hours effectively.
Requirements:
* Expert skills in managing payments and transfers between our company and clients
* Knowledge of basic payment systems
* Bank account (personal or business)
* Advanced PC and Internet skills
* Minimum 24 y.o.
Benefits:
*Salary plus commissions
*Full reimbursement of banking and Western Union fees.
NOTE: This vacancy is valid for American residents ONLY.
Contacts: Ronald@west-es-company.com
Avoid this one at all costs.
Subject: hello!
From: "Ronald"
Date: Thu, March 4, 2010 11:10 am
Hello,
My name is Ronald and our company currently has several positions it needs to fill in your region.
We are a well known company with offices throughout Europe, Asia and North America.
Our current turnover is over 130 million annually and we are still seeking for expansion.
I have 12 vacancies of Financial Assistant that need to be fulfilled immediately.
Major operational duties are prompt receiving and processing customerÂ’s payments for their further transfer according to the specified method. Detailed work scheme will be provided upon request.
I am looking for self-motivated individuals with strong work ethics and ability to schedule work hours effectively.
Requirements:
* Expert skills in managing payments and transfers between our company and clients
* Knowledge of basic payment systems
* Bank account (personal or business)
* Advanced PC and Internet skills
* Minimum 24 y.o.
Benefits:
*Salary plus commissions
*Full reimbursement of banking and Western Union fees.
NOTE: This vacancy is valid for American residents ONLY.
Contacts: Ronald@west-es-company.com
Avoid this one at all costs.
Labels:
Money Mule,
Scams,
Spam
Subscribe to:
Posts (Atom)