Domain: specialham.com
Stories and comments across the archive that link to specialham.com.
Comments · 27
-
Nobody seems worried over at Specialham
Over at SpecialHam, the forum for bottom-feeder spammers, it seems to be business as usual today. No mention of any crackdown in China. Typical message: "Please give me ICQ UINs of poeple who make installations at trojaned computers. I need to install some software." There's some gloating over the collapse of BlueSecurity. Some new ways to spam Myspace. But no real concerns about enforcement today.
-
Re:Spammers: "The war has been won!"
That is one scary forum
http://www.specialham.com/specialham/appid_0/p_1/t mode_1/smode_1/tt.htm -
Spammers: "The war has been won!"
From Spammers forum:
Congratulations to all contributors! Kiss the frog goodbye
(disable scripting before clicking to get past login) -
Re:This isn't just between PharmaMaster & Blue
You don't have to read the forums (which requires registration). There are plenty of sponsoring advertisers prominently displayed on the specialham.com web pages. If they sponsor the thing, why not send some other business their way too? Whois is your friend, assuming any of this is valid:
Domain Name: S-RX.US
Domain ID: D9372348-US
Sponsoring Registrar: ONLINE SAS
Registrant ID: BMN-127000
Name: Frederick MAGNUSSEN
Address1: 1081 Yorkshire DR
City: Carrollton
State/Province: Texas
Postal Code: 75007
Country: United States
Phone Number: +1.9726581544
Email: funoconne@yahoo.com
Domain Name: BULKER.BIZ
Domain ID: D9517892-BIZ
Sponsoring Registrar: ESTDOMAINS INC
Sponsoring Registrar IANA ID: 832
Registrant ID: DI_1374532
Name: Hasan Aly Polat
Organization: Hasan Aly Polat
Address1: Sair Esref Bulv. 27
City: Izmir
Postal Code: 35201
Country: Turkey
Phone Number: +90.2324897325
Email: queencyman@hotmail.com
Domain emailsupply.net
Owner's Contact Information:
Manila Industries, Inc.
3843 S. Bristol St. #628
Santa Ana, CA 92704
Phone: 949-743-1697
Email: manilaindustries@excite.com
Domain ID:D98216152-LROR
Domain Name:BULKMAILS.ORG
Sponsoring Registrar:Dotregistrar.com (R114-LROR)
Registrant ID:114453-R
Name:Domaincar c/o Perthshire Marketing
Street1:Trident Chambers, Wickhams Cay 1
Street2:P.O. Box 146
City:Road Town
State/Province:Tortola
Country:VG
Phone:+1.7344134989
FAX:+1.7344134989
Registrant Email:info@domaincar.com
Domain mmailer.net
Registrant
Robert Martin, 3616 Far West Blvd, Austin, TX (US)
78731
Administrative Contact
MainStream Mails LLC, Admin Dept
# 249 13 Summit Square Center, Langhorne, US
19047-1098
215-579-4669
slamelza@mainstreamemail.com
Stupid lameness filter. Why do I have to put all this in just to avoid the 'junk' characters complaint? Now it's complaining about too few characters on a line. Is there some easy way around this silliness? The least it could do is be more specific about what it needs to be acceptable. I took off the registration dates and some whitespace to try to make it happy, and then added this fluff -- sorry: LKJHADF LKAJSHD LKAF :LWKBSC:K KLH SKLDJHKLABKCNASDC LKJAHDKLJH LKSADH KLJASD LKASND KABSFLKJGFHQ:JHW:LJHLKN KB,cmbzlkjH lkjha qlkwjeb lkJHlkjh WLEKJH LWKjeh lkjWH ELKNWLKNLDKJBsdb,.SDB Kbwe kbwlkjlwkejhWLKE. zx,cmnsasdf lkjh alkjhr elkjahlrekjh alkjr lakjdfhlkajdhfkljadhfkl jasdhflkasdhfjk asdjklfhasdjklfhajklsdh fjkla hfklafvNZcnm,vbkladfhjkah lfjkhlkajdhflk jasdhfjklha sdklfjhlaksdf. -
FULLTEXT
http://www.specialham.com/specialham/searchpro.as
p ?phrase=list&appid=ALL&topicreply=combined&message =both&author=&timeframe=%3E&timefilter=-1265&langu age=single&top=3000&criteria=OR&submitbutton=+OK+
Try that on specialham also... I played around with the text search query string, had it look 5 or 6 years in the past and pull 3000 records. A few hundred of these queries will probably bring down the db to a crawl. -
Re:Coral Cache
Or you could always visit the spammer's forum site instead.
-
Re:Question about what Blue Security doesHow is this any different from forwarding my email to myspamaddress@spamcop.net?
As I undersatnd it, if 1,000 Blue users get the same piece of spam , the spammer gets 1,000 automated responses asking to opt out. Their inbox is flooded, and they are unable to determine the "legit" sales leads from the opt outs, without some serious filering. (Ironic, huh ?). There is also 1,000 complaints sent to the ISP. Read the spammer message board, complaing about unfair this is, that they have to filter their incomming mail. http://www.specialham.com/
-
Re:This isn't just between PharmaMaster & Blue
They were pretty successful at it, they got it really slow before the rehosting at a University. They also made the forum cancel registrations and blanked a few gateway pages, which had to be a bit of a nuisance to the spammers. See it here.
-
Re:I want names and addresses!
The forum that organized (or at least helped in) the attack is located here, but I think it's still down. It was nailed by a deliberate vigilante DDoS from about a hundred or so Digg members yesterday/last night. They hacked a university to host it after the first host got nailed. Not sure what happened after that.
-
Monitor where the spammers hang out online
We also need to keep track of what they are saying in their own forums, like http://www.specialham.com/specialham/m_36028/mpag
e _1/p_/tmode_1/smode_1/key_bluefrog/tm.htm.
As you'd expect from the incestious children of script kiddies, a few spammers are coming up with the list and then passing it out to their "collegues". -
Actually, spam filtering is working pretty well.Spam filtering technology is now working pretty well. That's what's driving this new "sender pays to bypass the filters" stuff. The spam filters don't care if there's some excuse under CAN-SPAM to let it through; they just recognize it as bulk mail selling something and delete it. Sellers hate that. Which is a good reason to keep the filters honest.
The real effect of CAN-SPAM has been that most spam either gets deleted by filters, or involves a felony by the sender. The remaining spammers are either selling drugs illegally, trying to manipulate the stock market, or running a scam. That's ordinary law enforcement work, and it's now routine to hear of spammer arrests and convictions. We used to just have ineffective civil suits. That's over. Now they're doing hard time. It's not a safe business to be in any more.
SpecialHam.com is still up, and the usual suspects are still at it: "Looking for people with botnets to run ads! pm me for more details". But it's clearly a board for the clueless now.
-
Re:Weakest LinkThere was something else of interest in TFA. Wired posted the address of a "spammer community site," specialham.com.
That plus a few curious slashdotters will probably slow their spam chatter for a few days.
-
Spammers discussing arrests on specialham todaySpecialham, the spammer hangout, usually has ads for botnets. Today, though, the spammers are discussing someone who got caught:
Adam Vitale aka Batch1 arrested by Secret Service
-
From what I heard it was a guy named Sean Dunaway (spelled wrong I think). He used to work for AOL, sold out their huge 90+ million members dbase, got jail time, and apperently is working for the man now. This is a big case, pump and dump stock scams can hurt people to the tune of millions of dollars.
M. -
Yeah pump & dump would seem more like the Secret Service's department... the article just spoke of "promoting computer security software"... perhaps additional charges will be filed later... maybe this was just the SS's way to get him jailed and put pressure on him...
Saw your other post too.. U r right, whoever isn't mailing compliant these days and is promoting illegal shit like pharm or stocks on top of it, is just asking for the feds to bust through their door...
Hamster - From what i hear it wasnt about stocks or spamming, the security spam stuff was just a coverup. What the feds were really after was a botnet the guys were mailing from. Dont know the truth to this but i would not doubt it one bit, it would make sense why the SS was involved.
-
Just goes to show swank has ties with the antis look at this http://www.spamhaus.org/rokso/evidence.lasso?roks
o _id=ROK4262
I am not saying this guy didnt scam tons of people which is not right however if swank does not like you for whatever reason he will post you info on his anti friends websites so be very very carefull when dealing with swank and make sure your personal info is kept to you.. Personal revenge is the key to try and recover money that was scammed not whoring shit out to the anti's....
P.S. swank you know I dont like fake people.. You guys get a kick of this one http://www.spamhaus.org/rokso/evidence.lasso?rokso _id=ROK4021
Look half way down the message and you will see this
"Swank"(Chris Brown) and "Batch1"(Adam Vitale) are in a tiff over a spam deal gone bad, and are in a flame-war on spamforum.biz.
Swank has repeatedly posted "Batch1's contact info that was used in their spam dealings with each other.
I think this is what I have been explaining all along about how swank has ties to the antis and posts peoples info if he doesnt like them and if you notice reading these articals the anti's really never say anything bad about swank HMMMM I wonder if he is friends with them.. Enjoy guys..... - Sean Dunaway is spelt correctly and he did not work for AOL and did not receive jail time. Soo sad that people are this missinformed.
-
Also the math makes no sense: Spammed 1.2 million AOL users with onbly 47,000 messages? Huh?
...
1200000 / recipients_per_Email = 47,000 emails sent.
hard to understand isnt it hamster ;)
also if you've paid any attention to the forum, the informant (sean dunaway) is already notified and you've started a double thread because of your ignorance :P
This is starting to sound like those Mafia wiretap transcripts that came out as the New York Mafia was coming unglued. Law enforcement was doing well enough that the crooks were more afraid than the good guys, and were desperately trying to figure out who was selling out.
Spamming is starting to yield to straightforward police work.
-
From what I heard it was a guy named Sean Dunaway (spelled wrong I think). He used to work for AOL, sold out their huge 90+ million members dbase, got jail time, and apperently is working for the man now. This is a big case, pump and dump stock scams can hurt people to the tune of millions of dollars.
-
Re:Spam forums lying low todayUpdate: Specialham is back up today. Some ads:
- "We need spammers for phishing sites. We can pay by E-gold..."
- "I buy all types of pharmacy lists. They must have full data..."
There's no honor among spammers, by the way. About half the postings are complaints about being ripped off by someone else in the business.
Specialham's banner ad today is for Bulker.biz. Today, they're hosted in Poland, at "amb186.internetdsl.tpnet.pl".
-
Spam forums lying low today
The usual places where you rent botnets, Specialham and Spamforum are down today. When the heat is on, they tend to go offline, but come back in days or weeks.
-
Suddenly, the botnet ads are goneSpecialHam, the spammer forum, usually is full of ads for botnets. But not today. There are far fewer ads for "proxies" today. And there are notes like "hey, watch yourself" and worries about "spamhaus honeypots".
So there's been some effect. The spammers are becoming afraid. Not very afraid. Yet. But afraid. It's becoming hard to spam without committing multiple felonies. Those felonies are leading to a few arrests and jail sentences. Not many, but enough to scare off many spammers. The remaining spammers look more and more like traditional crooks.
There's plenty of stuff on SpecialHam for law enforcement to go after. "Special Hurricane Katrina Promotions". "Offshore bank accounts for sale". Anyone active against spam should be looking there.
-
Zombies will steal your sender IDRight now, most zombie machines send using some arbitrary identity. Most of them are just proxies or forwarders, not mail generators. The way the spam industry works is that you rent some zombies at SpecialHam, get a "bulletproof mail server" from Black Box Hosting in China, install Dark Mailer, and go. Dark Mailer runs on the "bulletproof mail server" and generates the messages, which are sent via your rented proxy farm.
If sender ID goes in, the software that takes over a target machine will just have to use the normal sending identity for that machine, or, more simply, transmit it back to the bulk mailer so the mailer can construct the outgoing messages accordingly.
MX Logic reports that, as of March, 9% of spam already has valid SPF markings, and 0.83% have valid Sender ID markings. So the technology to bypass SPF and Sender ID is already deployed.
-
The usual suspects are still up.The notorious Black Box Hosting ("Our offshore bullet proof web hosting plans allow bulk email hosting, spam friendly web hosting and bulletproof host.") is still up. They claim to be in "some province in the highlands of China", and their netblock (219.148.32.234) comes up as "CHINANET HEBEI PROVINCE NETWORK".
There's no indication on the spammer forums of any fears about China-based hosting yet.
So, thus far, any crackdown is vaporware.
-
Rent botnets here! $0.05/machineYou, too, can rent your own botnet. Just visit one of these spammer-run sites.
And the new WildBiz.
WildBiz does not require registration; the other two do. Just enter the forums and look under "Proxy Lists". Typical ads:
-
"Hello everybody here...
First of all Hi to all of my seniorshooters here..
Having good collection of fresh Proxies and got DM ["Dark Mailer" .. ed] Latest Version (Full Version) at really cheap rate.
DM Latest version (Full) for $49
Fresh Proxies $50 for 500 proxies
dmandproxies@iamdns.com -
Today's Fresh Proxies
61.246.226.69:3128@TUNNEL$GOOD$20297$Australia
81.33.4.70:3128@TUNNEL$GOOD$2953$Spain
61.246.226.69:3128@TUNNEL$GOOD$20297$Australia
218.208.247.81:3128@TUNNEL$GOOD$15219$Malaysia
219.144.194.74:1080@SOCKS4$GOOD$1125$China
66.154.54.215:80@TUNNEL$GOOD$4157$United States
66.154.54.224:80@TUNNEL$GOOD$1266$United States ...
We provide Hourly Updated Fresh Proxy Lists, which can be used for bulk mailing ... standard port proxies and non-standard port proxies are both provided, become our members, and download fresh proxy lists hourly. USD 50 per month, then you can access our proxies database . proxies updated from every 15 minutes to 30 minutes . For more infomation, please contact proxylists@iamdns.com
That's how you market a botnet.
Yes, these operations are addressed to wannabe spammers. But the fact that they're advertised openly indicates how weak enforcement is.
-
"Hello everybody here...
-
Rent a botnet here!You, too, can run a phishing scam. You'll need a botnet, bulk-friendly hosting, and bulletproof credit card processing. And you can get them all here.
Yes, "Specialham", the spammer hangout, is back! "SpecialHam is the premier online destination for email marketing professionals." With great new topics like "What are the most anonymous ways to transfer money".
That site seems to be aimed at low end and clueless spammers.
Further up the food chain, we have Black Box Hosting. "Fully featured bullet proof dedicated server. Allows direct mailing and website hosting. All our plans allow Adult, Gambling and Pharmacy Content." They also offer "Mailing Servers". You have to supply your own list of proxies, and your own bulk mailing program. They recommend DarkMailer.
So you go on Specialham and rent some open proxies. Then order a mailing server and a web server from Black Box Hosting. Run your scam. Launder the money through an offshore credit card processor. Profit!
What we really need in honeynets is for about 10% of these support operations to be sting operations run by law enforcement. That would make phishing and spamming a much higher risk operation.
-
Rent a botnet here!You, too, can run a phishing scam. You'll need a botnet, bulk-friendly hosting, and bulletproof credit card processing. And you can get them all here.
Yes, "Specialham", the spammer hangout, is back! "SpecialHam is the premier online destination for email marketing professionals." With great new topics like "What are the most anonymous ways to transfer money".
That site seems to be aimed at low end and clueless spammers.
Further up the food chain, we have Black Box Hosting. "Fully featured bullet proof dedicated server. Allows direct mailing and website hosting. All our plans allow Adult, Gambling and Pharmacy Content." They also offer "Mailing Servers". You have to supply your own list of proxies, and your own bulk mailing program. They recommend DarkMailer.
So you go on Specialham and rent some open proxies. Then order a mailing server and a web server from Black Box Hosting. Run your scam. Launder the money through an offshore credit card processor. Profit!
What we really need in honeynets is for about 10% of these support operations to be sting operations run by law enforcement. That would make phishing and spamming a much higher risk operation.
-
Re:Rent zombies online!Here is a specific offer of zombie rental:
-
Anonymous Sock Proxies all Non-Std Ports
Here is a sample of what you will get You will have many lists to choose from
socks.txt is the raw lists. and then you will have several domain connect checks lists to choose from as well.samples are provided.
ICQ: 340450685Only 2 Available Slots Remain
::Anonymous DOMAIN Connect Checked,RBL Checked Proxies
# socks.txt Updated Dec 28, 14:58 (8076 proxies) :: Anonymous DOMAIN Connect Checked Socks ::
# msn.txt Updated Dec 28, 14:52 (4591 proxies)
# aol.txt Updated Dec 28, 14:53 (4551 proxies)
# hotmail.txt Updated Dec 28, 14:54 (4589 proxies)
# yahoo.txt Updated Dec 28, 14:56 (4539 proxies)
# gmail.txt Updated Dec 28, 14:57 (4590 proxies)
# http.txt Updated Dec 28, 14:59 (1189 proxies)
Must have References.
The "non-standard ports" is the giveaway. They're not just finding open proxy servers. They're making them.
There's also a nice how-to on how to spam with proxies on Google Answers.
-
Anonymous Sock Proxies all Non-Std Ports
-
Rent zombies online!They're down today, but SpamForum.biz carries ads for zombies, open proxies, botnets, etc. Numbers available range from 1000 to 50,000.
When they're up, they're very entertaining.
An older spammer forum, SpecialHam.com is back up. With banner ads, even. "DarkMailer - not for newbies". "Blackbox Hosting - bulletproof hosting options" "SendSafe - bulk mail has never been this easy". "Bulkhost.com - the leader in bulk-friendly e-mail hosting".
Sites like these are where the hackers and spammers meet, find deals, and scream about being ripped off by each other. The actual deals tend to take place on ICQ.
-
SpecialHam.com?From the USA Today article...
One indication of the going rate for zombie PCs comes from a June 11 posting on SpecialHam.com, an electronic forum for spammers.
And you guys didn't put that link in the main Slashdot article?!?!?! Oh come on! If there's a site that deserves to be slashdotted, that one must be it.
-S
-
Holy crap...Take a look at http://www.specialham.com/. I had no idea spammers were being this open. For example, check this message:
Anyone interested in an undetected socks 4 bot for computers that you have access to? Completely undetected and self-spreads via unique methods.
"self-spreads via unique methods": Hello, I am selling MSDoom.VQY. Jesus Christ.
-Executable for sale only (no source)
-Updates
-CGI/PHP notification
-Random Ports or user defined port.
-EXE only
aim: ofnoAnd they're sponsored by our old friends, The Bulk Club. Can't we spread a rumour that Osama is actively funding spammers or something?
-
Holy crap...Take a look at http://www.specialham.com/. I had no idea spammers were being this open. For example, check this message:
Anyone interested in an undetected socks 4 bot for computers that you have access to? Completely undetected and self-spreads via unique methods.
"self-spreads via unique methods": Hello, I am selling MSDoom.VQY. Jesus Christ.
-Executable for sale only (no source)
-Updates
-CGI/PHP notification
-Random Ports or user defined port.
-EXE only
aim: ofnoAnd they're sponsored by our old friends, The Bulk Club. Can't we spread a rumour that Osama is actively funding spammers or something?
-
Holy crap...Take a look at http://www.specialham.com/. I had no idea spammers were being this open. For example, check this message:
Anyone interested in an undetected socks 4 bot for computers that you have access to? Completely undetected and self-spreads via unique methods.
"self-spreads via unique methods": Hello, I am selling MSDoom.VQY. Jesus Christ.
-Executable for sale only (no source)
-Updates
-CGI/PHP notification
-Random Ports or user defined port.
-EXE only
aim: ofnoAnd they're sponsored by our old friends, The Bulk Club. Can't we spread a rumour that Osama is actively funding spammers or something?