![[SpamCop.net - protecting the internet through technology]](http://news.spamcop.net/newlogo.jpg)
[SpamCop-List] Re: An example (Re: Lottery Spam/Scam)
Mike Easter
MikeE at ster.invalid
Thu Jan 26 06:27:36 EST 2006
Ilgaz Ocal wrote:
> "Mike Easter"
>> Ilgaz Ocal wrote:
>>> This took my attention:
>>> "ISP does not wish to receive reports regarding
>>> http://lottery.co.uk/res - no date available
>>> http://lottery.co.uk/res has been appealed previously."
>> If a provider doesn't want to hear about reports, there is no point
>> in sending them.
>>> It is like 40th time I see that message...
>>
>> SC facilitates or helps a spamverider who doesn't want to get SC
>> reports.
> Thanks for response but I tried to mean that it must be sort of
> zombie/botnet/virus doing such thing.
Yes. The mechanism for the injection is a separate issue from the
mechanism for the 'gig'.
This item is sourced from 211.199.214.74 of a little .kr provider --
which IP is listed all over the place for proxytrojan spamtrap hitting,
such as CBL and blitzed and numerous others, including SC.
> The mails are identical from
> various ISPs.
The most common spamming method today is injecting via proxytrojans,
naturally from ISPs everywhere.
> I was not caring at all, I saw "'lottery" and said
> myself "oh another scam". When I figure I get same spam over and
> over, I thought it would be nice if there were an authory to report
> these.
Sequentially -- in the first place something is 'only' spam, in
violation of very little meaningful regulation. Here, the
responsibility for the spam issue should lie with the .kr provider
'forcing' security of its user IP. Next, you have the issue of whether
or not something is an 'invitation' to be scammed and whether or not
there is an agency which is interested in receiving 'evidence' of such a
lottery scam. I would assume that this evolves into some kind of
advance fee fraud.
I have observed what happens locally when an acquaintance tried to
involve law enforcement in an issue with much more direct and concrete
evidence of the evolution of an international fraud. There just isn't
much interest in local law enforcement enforcing something
internationally, and there isn't much interest by international law
enforcement in these 'petty' gigs which arise from email.
> I figure it is same spam because of the URL I tried to mean :) (took
> my attention as it is red)
The verbose output of the parse shows up in magenta, blue, red,
orange -- where the red print seems to emphasize that the site provider
doesn't want to hear about it. The .kr provider notify also isn't
really useful for the source, and the IP is SCbl listed.
--
Mike Easter
kibitzer, not SC admin
More information about the SpamCop-List
mailing list