Friday, June 08, 2007

The spam selection of the past few days has been more interesting than for a while ...

From: ms_sarah_boko1@hotmail.com
Subject: Hi Dearest,
Date: June 8, 2007 10:28:15 AM GMT+01:00
Reply-To: ms_hopedaniel@yahoo.co.uk
Return-Path:
Received: from mrson2148.com ([196.207.219.199]) by ...com (Xserve/smtpin14/MantshX 4.0) with SMTP id l58BRFcl019517; Fri, 08 Jun 2007 04:27:16 -0700 (PDT)
Message-Id: <200706081127.l58BRFcl019517@...com>
Mime-Version: 1.0
X-Mailer: Microsoft Outlook Express 5.00.2919.6900 DM
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Original-Recipient: [my email]

Hi Dearest,
I'm Miss Hope Williams Daniel, i slim in staure above all i like being honesty,trusted, sincere. I have gonne through
your porfiles, it interest me to know you more, and I hope to use this opportunity to explain myself a little about me,
i am fair in complexsion,5.9fit tall, 44kg. I wish you to write me through id (ms_hopedaniel@yahoo.co.uk). also i
will send you my picture after hearing from you. Somethings I like to do in my spare time are gardening, home
improvement projects, camping, bicycling in the park, backyard bar-b-ques, moon-lite walks on the beach, preparing
candle-lite dinners for someone special, sending flowers to someone special for some reasons, sitting and watching
the sun set with someone special, and cuddling in front of a fire with someone special. I enjoy cooking, gardening,
playing billards, darts, dinning out, going to the cinama, traveling and site-seeing, museums, and concerts. I like
almost any kind of music, but I think my favourite is instrumental jazz. i will tell you more about myself again in my
next mail dear and hope to hear from you soon.
Love From,
Miss Hope Williams Daniel


Interesting, a fair complexed 'woman' in Britain that spells worse than a Nigerian banker, and who has her weight and height in metric.
Oh dear Hope, I'm into women with creative spelling and such original hobbies... tell me what kind of women turn you on and you are looking for?
Oh and dear "Miss Hope William Daniel" .. why do you make some Sarah Boko read your email replies?

Thursday, June 07, 2007

What kind of spam would you like to see here?

And some interesting statistics for once again.. keywords from logs how this site has been found (mostly google).

lochers paris
africans hotmail
nomarriage.com
cmpgnr.com
angelstar pornstar
you have won the yahoo/msn inc and the microsoft windows lottery
pacnames
yahoo/msn lottery incoperation
scam exquisite replicas
bookmyname.com
felicia samson
yahoo/msn lottery inc & windows live
yahoomsn lottery
alex rodrigez
yahoo and microsoft window inc lottery



So it looks like that I am not the only one getting these scam attempts and my mailboxes loaded with these spams ....
If you found yourself here searching for something special - what is it that you would like to see in an antispam site? Do you have any good spams and scams that you got recently? Please post as comments, we are open to collaborators ...

THREE soldiers from Ameria whose style is the same of the Nigerians

From: dayansalim31@hotmail.fr
Subject: Please Comfirm Reciept
Date: June 7, 2007 8:30:16 PM GMT+01:00
Reply-To: wilkinsdenis@myway.com
Return-Path:
Received: [...] from hotmail.com ([65.54.174.41]) by bay0-omc1-s26.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668); Thu, 07 Jun 2007 12:30:18 -0700
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Thu, 07 Jun 2007 12:30:17 -0700
Received: from 65.54.174.200 by by103fd.bay103.hotmail.msn.com with HTTP; Thu, 07 Jun 2007 19:30:16 +0000 (GMT)
X-Originating-Ip: [41.223.251.78]
X-Sender: dayansalim31@hotmail.fr
Message-Id:
Mime-Version: 1.0
Content-Type: text/html; format=flowed
X-Originating-Email: [dayansalim31@hotmail.fr]
Original-Recipient: [email]
X-Originalarrivaltime: 07 Jun 2007 19:30:17.0909 (UTC) FILETIME=[47AD5E50:01C7A93A]


Dear friend,

We are team(THREE IN NUMBER) of American soldiers writing from Baghdad in Iraq.We are urgently seeking your assistance to secure the below consignments with attached photos.Please see photo below.

The goods were captured here in Baghdad 2 weeks ago abandoned in one of the underground treasure house.The goods consist of GOLD BARS, GOLD COINS and HUGE AMOUNT OF CASH in the sealed boxes.

To make my message short I will go straight to the point.At this moment we have succeeded shiping the goods outside Iraq to another country and have placed it in the custody of a treasury company.We will want you help us receive and secure the boxes.Once you receive it open the boxes and re-transfer the money to bank a account which we will give you latter.Due to law and restriction order we are unable to transport and secure the good in Ameria ourselves that is the reason we are seeking your help in receiving the goods on our behalf.You will be entitled to 20 bars of gold and raw cash;amount we will tell you once you reply.We will appreciate you reply us quickly indicating your readiness to help us.As soon as we receive your positive reply we shall furnish you with further details;the amount you will be entitled to and the current location of the boxes containing the goods. Perfect arrangement have been made to make sure the boxes arrive you safely.

Please note that this information must be handled with utmost confidentiality so as to avoid publicity which may risk our job, as you may know we are at war and still in active service.You may call me on phone +964 7032700320,ask of Sergent.Ray,for security reasons call me only between 19 hours-21 hours GMT.

Yours truly.

SGT.Wilkins Ray
Team Leader


Dear team of THREE soldiers from Ameria, would you mind to explain me why your style of writing looks identical to all these Nigerian scams?

Rolex spammers - intheworldseries.com

From: pokk8hmcy@starstream.net
Subject: Swiss Rolex, Patek Philippe, Panerai, Omega, Breitling, IWC, Tag Heuer From $199, Limited Stock! srbb
Date: June 6, 2007 8:07:03 PM GMT+01:00
To: [some email]
Return-Path:
Received: ...
from ioxemua (adsl-dyn12.91-127-77.t-com.sk [91.127.77.12]) by [isp] (Xserve/smtpin60/MantshX 4.0) with SMTP id l56I71Xh018208; Wed, 06 Jun 2007 11:07:26 -0700 (PDT)
Message-Id: <564r564p.6650732@starstream.net>
Mime-Version: 1.0
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: 7bit
X-Accept-Language: en-us, en
Domainkey-Signature: a=rsa-sha1; q=dns; c=nofws; s=surely.changed; d=starstream.net; b=QjJVeUfegyYhvqkLmVHoLomQcOrCDMssOAHyXiVaPuAoJWtvJfSoOBwehpNRjZvfMWYXVJxozeJWNeUT;
User-Agent: Mozilla Thunderbird 1.5 (Windows/20060111)
Original-Recipient: [email]

garden within know? using dark sudden bought,Swiss Watch Retailer
Special From $ 199
Bestseller Watches
A.Lange & Sohne
Audemars Piguet
Breitling
Bvlgari
Cartier
Chanel
Chopard
Franck Muller
IWC
Jaeger-Lecoultre
Omega
Panerai
Patek Philippe
Rolex Ladies
Rolex Mens
SWISS Rolex
Tag Heuer

Checkout the hottest watches now
circumstances know and mistress bad? favour your appearance blue?


had link to http://rymibryk.intheworldseries.com/

Of which we get very similar results than for the previous entry. Again real registrant hidden, but internet.bs is the domain used by the spammers. Once I find a third spammer using that domain, or a spam of a third different product and domain registered by that domain, I'll count that domain registry service as spammer operated as well.

Domain Name: INTHEWORLDSERIES.COM
Registrar: INTERNET.BS CORP.
Whois Server: whois.internet.bs
Referral URL: http://www.internet.bs
Name Server: NS1.ROCKETSKYROCK.COM
Name Server: NS2.ROCKETSKYROCK.COM
Name Server: NS3.ROCKETSKYROCK.COM
Name Server: NS4.ROCKETSKYROCK.COM
Name Server: NS5.ROCKETSKYROCK.COM
Status: clientTransferProhibited
Updated Date: 05-jun-2007
Creation Date: 05-jun-2007
Expiration Date: 05-jun-2008

Theyankeesbeat viagra spam

From: kvobm0bzg@ups-scs.com
Subject: Ciali Valiun Viagre Xanas At Super Low Price, Express Ship To All Countries lm
Date: June 6, 2007 8:07:51 AM GMT+01:00
To: [my email]
Return-Path:
Received:[....]
from wxiww ([84.36.22.143])by [isp] (Xserve/smtpin70/MantshX 4.0) with SMTP id l5667pG7023666for ; Tue, 05 Jun 2007 23:07:52 -0700 (PDT)
Message-Id: <830l240s.7096704@ups-scs.com>
Mime-Version: 1.0
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: 7bit
X-Accept-Language: en-us, en
Domainkey-Signature: a=rsa-sha1; q=dns; c=nofws; s=miserable.food; d=ups-scs.com; b=lLKFpjXnVVPKMaCbkqvNRbIHtbWVBUWnoRhnzItZNSkUYnEsIrQxyAWJkddyfytzcwBZDLIoJrcCdofO;
User-Agent: Mozilla Thunderbird 1.5 (Windows/20060111)
Original-Recipient: [my email]


Express Drug Mart
We are the best price on all high quality meds. Established by a reputable Canadian Doctor and Scientist, Express Drugmart's mission is to provide you with a secure online environment to purchase the safest, quality medication

Viagraa (Brand & Generic available) - as LOW as $ 2.25 per D0SE
Cialiss (Brand & Generic available) - as LOW as $ 2.25 per D0SE
Valiumm - as LOW as $ 1.50 per D0SE
Xanaxxxxx - only $ 1.50 per D0SE
Ambienn - only $ 1.65 per D0SE
Ativann - only $ 1.50 per D0SE
Somaa - only $ 1.50 per D0SE
Clenbuterol - only $ 2.50 per D0SE
Meridiaa (brand name) - only $ 3.99 per D0SE

See What Meds Has Special Discount
Click On This Link [had a link to http://btsckz.theyankeesbeat.com/]



Of which we get

Domain Name: THEYANKEESBEAT.COM
Registrar: INTERNET.BS CORP.
Whois Server: whois.internet.bs
Referral URL: http://www.internet.bs
Name Server: NS1.ROCKETSKYROCK.COM
Name Server: NS2.ROCKETSKYROCK.COM
Name Server: NS3.ROCKETSKYROCK.COM
Name Server: NS4.ROCKETSKYROCK.COM
Name Server: NS5.ROCKETSKYROCK.COM
Status: clientTransferProhibited
Updated Date: 05-jun-2007
Creation Date: 05-jun-2007
Expiration Date: 05-jun-2008

Unfortunately can't dig the details of the registrant person or gang yet.

And Alex Rodrigez aka Leo Kuvayev has his wikipedia entry

I wondered how long it would take before Alex Rodrigez would get his own wikipedia entry. It didn't take that long, since he already has one. Under his real name it appears.
From that wikipedia entry:
The last known email address for Kuvayev, under his alias, was domains@locu.st.
If that brings any joy for your revenge.
More on Leo Kuvayev / BadCow owned domains.
European spam wiki puts
Russian/American spammer, a spin-off or occasional partner with Alan Ralsky, Igabromiv, Lindsay and also the P/A/Y gang.
Does "OEM CD" pirated software spam, child and animal porn spam, porn payment collection, pharma/pills, phishing, and others. Does his own DNS, possibly does DNS for other spammers. Buys bulletproof hosting wherever he can get it. Noted for enormous numbers of domains (bogus registration info, of course), often rotating every three hours in the spam to avoid URIBL filters. Mails via proxies using the usual spamwares, probably off his own (leased) servers. Noted for having "fresh" peas, meaning he is very close to the botnet masters collecting new, unlisted, zombie IPs. Was part of Sun Network spamhaus on MCI, gets BP hosting in Brazil, China, Russia, etc.