Domain: spamtrackers.eu
Stories and comments across the archive that link to spamtrackers.eu.
Comments · 10
-
Re:EvaPharmacy has been doing this for years...
The SpamTrackers wiki has a much lengthier, though still somewhat clueless description of the EvaPharmacy hijack:
http://www.spamtrackers.eu/wiki/index.php?title=My_Canadian_Pharmacy
It doesn't look like they run from RAM (the article claims they do, but whoever wrote it clearly doesn't understand UNIX filesystem semantics). What really happens is that they copy the binary in, run it, and delete it (thus they run from a linkless inode, but it's still on disk). It should be possible to get a copy of it from
/proc//exe. -
1000 piracy sites for starters
The Net-Chinese registrar in Taiwan has accepted a service contract to register over 1,000 software piracy sites. It is just this sort of widespread abuse for which legislation like this is needed.
For the last 5 days alone, see the pirate sites listed at http://rss.uribl.com/nic/NET_CHINESE_CO_LTD_.html
For over 1,000 examples in October/November check http://spamtrackers.eu/wiki/index.php/Net-Chinese
If the US can't ensure compliance at home, how can anyone expect to convince the Taiwanese piracy sponsors? -
Re:There is a bright spot in this....
That's normally between 24 hours and 7 days
Just because something is customary doesn't mean it's mandatory. RFC1035 explicitly states TTL should be set to 0 (zero) if the "[Resource Record] can only be used for the transaction in progress, and should not be cached" or "for extremely volatile data."
The article you mention (which btw. seems to be a wikipedia invention)
Damn those Wikipedians! They've poisoned SecurityFocus, Whatis.com, The EU SPAM Trackers group, and even Google!
would be done with custom DNS anyway, otherwise it's easily blocked by the ISP setting its cache to ignore a TTL less than a couple of hours (as most do.. hell, my even my home DNS does that).
It would be done by setting your DNS record (yes, a DNS RR you are responsible for) to have a short TTL. Not a custom DNS server, just administrative rights to the DNS record associated with one or more resources. And if, by setting the TTL to a low value, I tell you that my DNS record is going to be quite volatile, you can disagree with me all you want (by "ignor[ing] a TTL less than a couple of hours"), but don't be surprised when your cache goes stale.
Gosh, I wish I could live in the world you live in, with deathless and ultrastable interfaces and static network architectures. You could probably get by with just a really big "hosts" file. But out in the real world, sometimes you need short DNS TTLs for stuff like warm-failover high-availability architectures.
-
Info re. cited "Canadian Pharmacy" site
The "Canadian Pharmacy" in question appears to be this one according to spamtrackers:
http://spamtrackers.eu/wiki/index.php?title=Canadian_Pharmacy
Lots of good info including sponsoring registrars & nameserver info at the spamtrackers site for the adventurous souls out there. -
Re:General problem of spam with Google/GmailMove up the spammers' food chain. Take a look at Complainterator which is described in the Spam Wiki at http://spamtrackers.eu/wiki
It's the registrars who have the power to knock hundreds - even thousands - of spam sites off their perches in one shot, and in response to one complaint. You can see its success rate there.
-
Blogspot Abuse
Where is all this spam abuse people talk about in Google Blogger aka Blogspot?
First of all, anyone who has a Gmail account can create a blog. If I want to create 10,000 blogs to use for spam site redirection, I need to get 10,000 Gmail accounts. That way, when Google tries to communicate about 1 of those 10,000 sites, they will have to go to 1 out of 10,000 accounts. In the last resort, they may terminate the Blog site, and the Gmail account. 1 in 10,000 is not too bad.
So where do I get 10,000 Gmail accounts? Well, heck, that ain't hard. Some enterprising turkey called "William Lim" is selling any number up to 10 Million Gmail accounts over there in the spammer haven, BulkerForum. 10,000 is only a small portion of his portfolio.
Then I have a simple automation tool that cycles to the next one of my list of 10,000 Gmail accounts, logs in, auto-creates a site, and puts in an obfuscated java script that redirects to a spam brand, like "Canadian" Pharmacy - you know, that well documented fake pharmacy using a domain name registered in China, running on a web server in Korea, and if it ships any counterfeit pills or placebos at all, they come from India. Your credit card details and payments go to the herders in Russia, and a month later you find your details have been used to order more domain names.
So you think Google doesn't know all this? Yeah, right. You can see the rate of abuse in the site that builds a list of spamvertized blogspot URLs as they land in the spam-traps. We are talking 600-1000 abuses of the Blogspot terms of service per day. That's about one every 3 or 4 minutes, 24/7!
The abuse list for the last 5 days is updated in real time and is at the URIBL blogspot tracking site
You can even compare how the competitors, Yahoo (Geocities) and Lycos (Tripod) who have been equally abused at the same rate, are performing in handling this issue. The comparison is in the statistics for the blog site hosters -
Re:What is fast flux DNS?
see the Spam Trackers wiki for a detailed explanation
http://spamtrackers.eu/wiki/index.php?title=Fast-flux -
Re:Woe be goneLets assume that these spammers actually have some kind of product (whether it works/does what is claimed or not is irrelevant, what matters is that they have a product) and are actually sending it out to people who buy from their crappy
.biz website.
If the place where the pills are coming from is located outside of the US, the drugs can be stopped in the mail (I believe mailing drugs into the US from outside of the US is illegal). If the place where the pills are coming from is located inside the US then the places they are being sent from could be shut down for not having a license or something. If enough people bought these "generic drugs" and didnt actually get them, they might care enough to complain to the supplier. The spam sites don't have a real product - they simply collect the credit card information from users for use in further criminal activity (e.g. ident theft, child porn, etc.) For at least one of these sites, the process is described in great detail: http://spamtrackers.eu/wiki/index.php?title=My_Can adian_Pharmacy
In my opinion, placing orders using randomly generated contact/CC info would do more damage, as they would have to filter through these false orders. If done to enough of a degree, it makes operating the site unproductive. Based on linear math from two datapoints, I suspect about ~300 orders within one month for one site in particular (based on order numbers RX52007-***331 from and RX52007-***724, about 30 days apart. )
I 3 online pharmacies, and I am aware that typing < instead of < causes me to teabag rather than to heart. -
Re:Who's gonna pay for that?
-
Fighting back
Is there any effective methods of fighting back against identity theves?
The tactic that I've recently started involved visiting the sites found in spam e-mails that I receive (for example, the My Canadian Pharmacy series of spams), take an identity generated from a fake name generator (that also provides CC and CVV numbers), and place an order. This series of companies tends to queue up the order for processing in 24 hours before shipping.
While fun, it doesn't seem directly productive if I'm the only one doing it (or using a modified Lad Vampire). Thus, is there some other method I can use?