OT - Spam

Discussion in 'HTML' started by terau neredbojias, Apr 21, 2010.

  1. I logged into here using Google Groups, and, kripes!: is there the
    spam!! I never saw it using the news reader and service I have. No
    wonder this group is dying.
     
    terau neredbojias, Apr 21, 2010
    #1
    1. Advertisements

  2. terau neredbojias

    rf Guest

    And 90% of it comes from google groups.
     
    rf, Apr 21, 2010
    #2
    1. Advertisements

  3. terau neredbojias

    DLU Guest

    I have been forwarding the spam from this group to:

    Almost every day. Eventually they may take notice.
    It looks to me like the amount to this NG has declined.

    There is one in NGs that is particularly dangerous as it contains malware:
    The link is such:

    http://my-best-web.com/13/bathroom-double-vanity
    The extension after the 13/ is variable.

    This is where it actually goes.
    From news.admin.net-abuse.email

    I get redirected to a different end location:

    supersafe21p.xorg.pl (94.228.209.219)

    Takes three redirects to get there. The first in the sequence, which
    I've lightly munged, is:

    http:// my-best-web.com / url / nnn.php

    which is presently hosted on 61.4.82.77, in China. This then redirects
    to:

    http:// www.safeonezone.net ? uid=212 & pid=3 & ttl=214447e063b

    which is hosted on 95.169.186.25 in Russia. This checks the user-agent
    to see if it's empty and, if it is, returns a 404 error. If the
    user-agent isn't empty, it then sets 7 cookies and redirects to:

    http:// supersafe21p.xorg.pl ?
    p=p52dcWplal%2FCj8bYbnOCdVik12qZVp%2FZatrauZqqppeLw8ydb5aYiaafpqjYm4rapZxqZmNsmGGZlWCcYMWK1qWYpqvYnpRfo3FfqKGopJ6eU8rPnZVqWqihyaSfVpnWapuUkWJuaGSWlZVnZGdvWqqZnnaHodejYmJkZGVvnGaVYVbaoJWhlGNuYmmcmZxsY1qcl3V7el%2FYlsijaGhj

    which is hosted on 94.228.209.219 in The Netherlands. This loads a
    javascript file from:

    http:// supersafe21p.xorg.pl / 8a3f6b536f75300eee362af806756a1b563008411.js

    which then does the "scan" and wants you to download an executable from:

    http:// pikorb28pd.xorg.pl / build8_212.php ? cmd=sendFile & counter=1 &
    p=p52dcWplal/Cj8bYbnOCdVik12qaVp/ZatrauJ+CoKXcz4mbm5h2lpeJpqTPnNvUV6ShoG9qlWGWZGfLXZmXxVeqppfZ1tZ2Y1qqcV6ooa3NkqGMl5mZmW9e2pbHp22MltOhlGppYGebmZFpYGVsZV6mnZ+eU9jZbmFfa2Jrm2WWYmWModaWoGJpaWaYmJttZGlfl5txf3uHpM3Kbmdlag==

    which is only recognised by 5 of the 41 anti-virus programs used by
    virustotal.com, :

    http://www.virustotal.com/analisis/...3a3e285f9a06db5fc9cb298ba428616341-1270380554


    Regards,
    David Bolt


    Of course, that's just the downloader/installer. After unpacking I can
    see a list of 589 executables relating to anti-virus and other
    security software which no doubt it will try to disable or terminate.

    Other strings in the binary indicate where it might report back to or
    download the main scamware application:

    cleanupantivirus.com
    save-secure.com
    securityearth.net
    trdatasft.com
    update1.winsystemupdate.xorg.pl
    update2.winsystemupdates.xorg.pl


    So what is happening here are worms that will turn your machine into a
    botnet zombie.

    These seem to be flooding USENET, they are propagated by a botnet.
    I know most of you are not spam fighters, it takes time and your work on
    websites and such probably takes most of that time. However I ask all of
    you to forward these to:

    It only takes a few seconds and we hope that if google gets enough
    complaints they will do something about it. The recent attack on their
    system from China has given them a wake up call, so just maybe they
    might see the threat to their systems.

    --
    ***************************************
    * This is the Spammish Inquisition *
    * Not Lumber Cartel Unit 75 [TINLC] *
    * I am not SPEWS.ORG *
    ***************************************
     
    DLU, Apr 21, 2010
    #3
  4. terau neredbojias

    cwdjrxyz Guest

    For alt.html on Google Groups, your post of April 21 is the first on
    topic post since April 10.The off topic sales posts, mostly from
    China, also greatly fell for a while, and Google may have cut them off
    for a while. Now some are coming back under new names such as ckedsdt.
    Until your post, I was beginning to wonder if Google by accident
    blocked on topic posts and allowed off topic posts. Many posts do use
    a Google address, likely because it is very easy to sign up with
    Google. In the past Yahoo was a favorite. For people who have been
    around quite a while the various newsreader services are popular.
    However for the younger generation that only wants to visit a group or
    two to ask a question, Google does provide an easy entry. Most of the
    spam recently has been sales spam, and if you subtract that, the other
    old fashioned type of spam posts have not been very frequent. Google
    should ban all posts from China on this group and other groups that
    are having a large volume of this type of sales spam from China.
    Perhaps that would get the attention of the Chinese, and in China the
    government likely could put a stop to Chinese companies posting so
    many ads for what appear to be mostly cheap goods and fake copies of
    famous name goods.
     
    cwdjrxyz, Apr 21, 2010
    #4
  5. terau neredbojias

    dorayme Guest

    <
    m>,
    You are probably right. But Google is having all sorts of trouble
    with China already... it might complicate their troubles.
     
    dorayme, Apr 21, 2010
    #5
  6. No, this group is dying because it has little to offer any more.
    Doesn't the subject of the group even say to use a different group? 5
    or 6 years ago this place was hopping. Lots of good info, plenty of
    arguments, and the occasional slam.

    Slowly the "regulars" moved away leaving a few of us here to check
    every now and then.

    But, if you don't want to see the spam you have to use a reader or
    filter the posts using gmail.
     
    Travis Newbury, Apr 21, 2010
    #6
  7. terau neredbojias

    dorayme Guest

    <
    m>,
    Remind me, what is this group for... I have forgotten what my old
    favourite was about? I take grave exception to the suggestion
    that it has nothing to offer! Glad to know you are alive Travis,
    I raised a question about this in another group.

    You can easily test how active this group is, go on, say
    something about Flash or about the desirability of fixed width
    sites... <g>
     
    dorayme, Apr 21, 2010
    #7
  8. terau neredbojias

    Neredbojias Guest

    Yeah, but all of it comes *directly* from assholes and I'm not a
    Blinkyist in the Google Groups thing. I think it's nice to have an
    easy-access way to the ng.
     
    Neredbojias, Apr 21, 2010
    #8
  9. terau neredbojias

    Neredbojias Guest

    Perhaps a moderator is the answer. If the craps never shows, it will
    stop eventually.
     
    Neredbojias, Apr 21, 2010
    #9
  10. terau neredbojias

    Neredbojias Guest

    Yeah, I saw that, too...
    Agreed in flying colors!
    Some kind of hands-on approach is necessary, I think. Either that or a
    set of really excellent filters.
     
    Neredbojias, Apr 21, 2010
    #10
  11. terau neredbojias

    Neredbojias Guest

    Not to vacillate, but sometimes I agree with that and sometimes I
    don't. Why should it be any different now than it was 5 years ago?
    Certainly there are just as many experts as well as "experts" here now
    as there were before, and just as many of the other types, too. It may
    be a matter of "old hat", I dunno, but I definitely have NOT seen any
    web-based forum become a real substitute. Interest in html may have
    changed, too. Those who want to have learned it and those who don't
    care less.
    The regular posters, maybe, but I don't believe there's any lack of
    knowledge or expertise currently hindering the viability of this group.
    Manners and decorum, however, could be another matter.
    Uh huh, so if you ask me Google should delete the crap (however they
    choose) before it even gets posted. A shoe ad has no place on an html
    board and eliminating it is not censorship.
     
    Neredbojias, Apr 21, 2010
    #11
  12. That depends on how many regulars use Google Groups.
     
    Harlan Messinger, Apr 21, 2010
    #12
  13. Gazing into my crystal ball I observed Travis Newbury
    When ever HTML5 really gets going, I'm sure there will be plenty to talk
    about. After all, it IS HTML.
    I know, and I miss Brucie and Luigi.
    I'm using eternal-september.org and they filter VERY well. I was
    wondering what was happening because I haven't seen any posts, on my end
    at least, for about three days.
     
    Adrienne Boswell, Apr 21, 2010
    #13
  14. terau neredbojias

    DLU Guest

    I would be nice if google would block the Chinese IPs at the root
    servers. Unfortunately the spam is coming from botnets that are widely
    distributed world wide. The bot herders place these spams on the net
    designed to get people to look at them. The porno groups are flooded
    with them with various enticing titles. Many of these spams come from
    Malaysia and eastern Europe. Korea was one of the worst but seems to
    have cleaned up its act, but Taiwan and Brazil also are major sources.
    The problem is with the ISPs in those countries. They will not cut off
    customers wiht infected machines. The US Government is also slow to act
    on ISPs that have C&C (command and control) servers. These machines
    contact the zombies and give them the command to send the messages.

    For the Nike spams the address is: .
    For Gucchi:
    --
    ***************************************
    * This is the Spammish Inquisition *
    * Not Lumber Cartel Unit 75 [TINLC] *
    * I am not SPEWS.ORG *
    ***************************************
     
    DLU, Apr 21, 2010
    #14
  15. terau neredbojias

    dorayme Guest

    He is very quiet in my newsreader. Like he is visiting a morgue
    and cannot be heard from the office.
     
    dorayme, Apr 22, 2010
    #15
  16. <E. Fudd>Shhhhhhh! Be vewwy, vewwy quwiet!</E. Fudd>
     
    Jonathan N. Little, Apr 22, 2010
    #16
  17. terau neredbojias

    Neredbojias Guest

    Well, a lot of people seem to agree with you. Nevertheless, I still
    like Googlegroups, and glad it's there, and am not usually bothered by
    the spam as my news service filters it very effectively. I *DO* admit
    that Google could probably do some filtering itself and cut-out all the
    ads and really wayout stuff because the true objection to the interface
    is that it abets just the kind of thing we all don't like.
     
    Neredbojias, Apr 27, 2010
    #17
  18. terau neredbojias

    Neredbojias Guest

    What you wear or don't wear has nothing to do with the manners and
    decorum you are able to display when posting to newsgroups. However,
    if you are unable to control yourself in certain attire, put on a
    skirt, spread your legs, and think "Sock it to me, Daddy."
    Ergo, your maturity level is that of a high-schooler. Wowie.
     
    Neredbojias, Apr 27, 2010
    #18
  19. terau neredbojias

    Neredbojias Guest

    True, and I'm not saying that GG shouldn't do *something* to alleviate
    the problem but going-out-of-existence is a little extreme.
     
    Neredbojias, Apr 27, 2010
    #19
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.