[SpamCop.net - protecting the internet through technology]

[SpamCop-List] Re: How do I report these spamvertised sites?

Anonymous none at domain.invalid
Mon Jul 5 05:35:14 EDT 2004 

"Furry Raccoon" <nobody at devnull.spamcop.net> wrote in message
news:40E93184.B033A23E at devnull.spamcop.net...
> lowest-price-soft.biz  and  fetchsoft.biz.
>
> The IP addresses keep changing.  Is there
> an easy way to report all the addresses being
> used in one report or do I have to submit a
> report for each one I find?

I tried doing a DNS lookup and a DIG on those, and came up with nothing, at
first. Then, it popped up again with the following IP addresses:

Canonical name: lowest-price-soft.biz
Aliases:
  www.lowest-price-soft.biz
Addresses:
  12.2.217.40
  142.165.115.143
  4.245.75.136
  64.61.214.158
  12.64.216.91


Canonical name: fetchsoft.biz
Aliases:
  www.fetchsoft.biz
Addresses:
  209.137.153.50
  24.226.80.181
  194.228.179.178
  62.94.14.232
  81.77.230.243

Then, it came up with this about two minutes later:
Canonical name: lowest-price-soft.biz
Aliases:
  www.lowest-price-soft.biz
Addresses:
  4.245.75.136
  64.61.214.158
  12.64.216.91
  12.2.217.40
  142.165.115.143

Canonical name: fetchsoft.biz
Aliases:
  www.fetchsoft.biz
Addresses:
  194.228.179.178
  62.94.14.232
  81.77.230.243
  209.137.153.50
  24.226.80.181

So, yes, it looks like the Russian spammers are using their website
stealthing techniques on these. They use compromised machines with proxy
software on them to do what I call 'relay hosting'.

I'd say, in addition to reporting them, start hitting them with
FriedSpam.net. It won't matter what their IP addresses are, you'll still be
hitting the website's URL. And those open proxies that the websites are
'hosting' through will notice the additional traffic and close those open
proxies.

I take it one step further, and actually use those same kind of proxies to
fry the spamvertised websites. This hides my IP address, and abuses the open
proxies. And what's the quickest way to get a computer system secured?
That's right... abuse it. I've already seen over a dozen just today that are
no longer acting as open proxies, because I've run a few GB's of data
through them. Killing two birds with one stone, so to speak. I fry
spamvertised websites and create enough traffic through the proxies that
either the owners or the ISPs take notice and secure the systems.

What would be interesting to do is to do a DNS lookup once a minute, and
record all the IP addresses, then collate them, and report them in batches
to the responsible ISPs. It'd take a while, but the spammers don't have an
unlimited pool of IP addresses to work with... so someone who was willing to
do this could really hit them where it hurts, since large numbers of their
compromised machines would get fixed over a short period of time.

More information about the SpamCop-List mailing list