[Hidden-tech] Drum Roll Please.... As another spammer walks to the financial guillotine

Robert Heller heller at deepsoft.com
Sun Oct 12 22:52:03 EDT 2008


At Sat, 11 Oct 2008 11:45:52 -0400 romanvictor at rvpmdesigns.com wrote:

> 
>    ** Be sure to fill out the survey/skills inventory in the member's area.
>    ** If you did, we all thank you.
> 
> 
> Hi Jim,
> 
> By driving the user to what I call the dark-side web site a virus or malware
> can get installed just by viewing the dark-side site's hidden iframes.
> Sometimes, I think what you maybe seeing are tests of zombie botnet systems.

It could also be a flavor of Denial Of Service attack as well -- simply
sending zillions of these messages with the sole intent of making
sendmail too busy to deal with ligit E-Mail.  Or to flood someone's
inbox to the point that it becomes impossible to get to ligit E-Mail
because so much time is being used to delete the junk.

It is also possible that there is some sort of contact form on at the
website site pointed to by the E-Mail.  Many of the products and
services offered by these spam E-Mails are not 100% legal (eg
prescription drugs being sold *without* a prescription), the people
selling these items have reasons NOT to provide any sort of contact
information.  Instead, you enter a shipping address and some sort of
payment info (eg CC#) and they mail the product out to you, assuming
that they are in fact honest -- it could also be a complete scam /
ripoff -- much of the time, the products or services are in fact
non-existent and the whole point is to collect credit card numbers and
related sorts of information for the purpose of pure theft.

Most spam is not for totally legal products or services. Because spam
itself is so 'grey' marketing at best (even what the product or
service is itself 'legal', the marketing process is not really 100%
legal), spammers are going to avoid including any contact info in the
E-Mail messages, since that makes it real easy for ISPs to take direct
legal action.  It is easy/trivial to just point to a website someplace
where the contact info of the owner is difficult/impossible to get (eg
China Russia) and put on that website a form that collects customer
info. The spammer can then contact the customer to complete whatever
transaction might be involved.  In the case of the Iowa case, the
spammers, just 'sold' the customer contact info to third party, who
than contacted the customer.  Actually, for most of the 'work at home'
comeons and the debt services, the spammer is just collecting customer
contact info ('leads') and selling this info to third parties, who then
contact the customer.  As happened in the Iowa case, it required a bit
of work to set up a 'trap' of sorts to uncover the identity of the
spammers.

-- 
Robert Heller             -- Get the Deepwoods Software FireFox Toolbar!
Deepwoods Software        -- Linux Installation and Administration
http://www.deepsoft.com/  -- Web Hosting, with CGI and Database
heller at deepsoft.com       -- Contract Programming: C/C++, Tcl/Tk
                                                                               


Google

More information about the Hidden-discuss mailing list