PGTS PGTS Pty. Ltd.   ACN: 007 008 568

point Site Navigation

point Other Blog Threads

  Valid HTML 4.01 Transitional

   Give Windows The Boot!
   And Say Goodbye To Viruses!


   If you own a netbook/laptop~
   Download Ubuntu Netbook!

PGTS Humble Blog

Thread: Internet Security/Malware/Spam

Author Image Gerry Patterson. The world's most humble blogger
Failure is not an option. It comes bundled with Microsoft Windows

Terry Swope Spam Incident (1)

Chronogical Blog Entries:

Date: Sun, 05 Oct 2008 12:30:06 +1000

Recently I noticed this email in the assassinated folder:
----790503267796321 Content-Type: text/html; Content-Transfer-Encoding: quoted-printable

Wake up America!

The Dollar is falling fast, have you hedged your bets yet?

I'm here to tell you about an exciting new way to beat inflation and re= ach the next level financially.

Can you survive if the economy crashes? If you check this out you can l= augh as the dollar slides and cashin bigtime!

The Royal Bank of Scotland has advised clients to brace for a full-fled= ged crash in global stock and credit markets over the next three months as i= nflation paralyses the major central banks.

Protect yourself from inflation right now!

Don't wait until it is too late, you have to see this.

Terry Swope


I have not fixed the mistakes in the HTML, so the above is a text copy of how it would render in w3m on a console. It may render ok in Outlook (the most popular MUA target for spammers and scammers).

Normally I don't spend too much time on the contents of the assassinated folder. However this spammer was extremely egregious. Possibly even more so then the highly aggressive Cashblaster Pro Scammers.

The Terry Swope Spammer started spamming my domain with this particular message on Thursday at 2008-10-02 00:48 UTC. After which a similar message was repeated about every three minutes. Within an hour, the IP address was sent to the sin bin by a scheduled spam post-processing script. Nevertheless the spam engine on continued trying to connect with the PGTS mailhub. Before too long the IP address had been listed in a major block list. And the spammer continued trying to get through. After three hours had elapsed many of the major lists in the world had listed the IP address. It now has a poor reputation, and may not be able to send email to any site that uses DNSBL technology. I presume that as with the Cashblaster Pro Scammers, they continued sending the same message over and over.

The details of the IP address were as follows:

	Network Owner:  Abacus America Inc.
	Registered on:	1999-05-28
	Updated on:	2000-11-02
	Expires on:	unknown
	Nameserver(s): 	NS1.ABAC.COM

	   Aplus.Net Aplus.Net (DT882) support at aplus dot net
	   Aplus.Net Internet Services
	   7500 W 110th St. Suite 400
	   Overland Park,    KS    66210
	   United States
	   Phone: +1 (913) 890-7700
	   Fax: +1 (913) 890-7701

	Technical Contact (and Administrative) Contact:
	   A+ Net (AD384-ORG) support at aplus dot net
	   A+Net Internet Services
	   10350 Barnes Canyon Road
	   San Diego,    CA    92121
	   United States
	   Phone: +1 (858) 410-6900

	Domain servers in listed order:


As I said above, the HTML in the email was broken and would not render correctly with w3m. However it might be ok on a microsoft machine (guess I'll never find out). And although the URL that the Terry Swope Spammer was trying to advertise had not been setup, It did lead me to find someone whose name was Terry Swope, who was associated with that domain.

At the time, I speculated that the Terry Swope whose profile I found might have been associated with the spam incident. This speculation appears to have been unfounded. The real Terry Swope has since contacted me. There are more details here.

Other Blog Posts In This Thread:

Copyright     2008, Gerry Patterson. All Rights Reserved.