PGTS PGTS Pty. Ltd.   ACN: 007 008 568

point Site Navigation

point Other Blog Threads



  Valid HTML 4.01 Transitional

   Stop The Internet Filter!

   No Clean Feed

   The Internet Filter Is An Ex-parrot!






PGTS Humble Blog

Thread: Internet Security/Malware/Spam

GP JPG
Please, please don't throw me into the briar patch, Brer Fox!

Media Temple - Back On The Radar


Chronogical Blog Entries:



Date: Sat, 17 Mar 2012 22:29:40 +1100

About 4 weeks ago, an email request to exchange links came to your blogger's attention. Then this week a similar email turned up. The email had in fact been sent to another person, however it turns out that even though it had been passed as ok by spam assassin, it had a distinctly spammy flavour. In fact it had been constructed in an identical manner to the earlier innocent looking email. Could it be the work of the same spam gang?

The email recently brought to your blogger's humble attention, originally arrived on Wednesday last week. It purported to be from Ellie. The headers were as follows:
From anonymous@wufsd.org Wed Mar 14 05: 5:55 2012
Return-Path: <anonymous@wufsd.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pgts04
X-Spam-Level:
X-Spam-Status: No, score=-0.1 required=5.0 tests=BAYES_00,HTML_IMAGE_ONLY_16, HTML_MESSAGE,MIME_HTML_ONLY autolearn=no version=3.3.1
X-Original-To: xxxx@danbyrnes.com.au
Delivered-To: xxxx@danbyrnes.com.au
Received: from wufsd.org (wufsd.org [216.70.80.43]) by pgts04.pgts.com.au (Postfix) with ESMTPS id CBDA73E0A27 for <xxxx@danbyrnes.com.au>; Wed, 14 Mar 2012 05:25:54 +1100 (EST)
Received: (qmail 23857 invoked by uid 48); 13 Mar 2012 11:22:50 -0700
Date: 13 Mar 2012 11:22:50 -0700
Message-ID: <20120313182250.23854.qmail@wufsd.org>
To: xxxx@danbyrnes.com.au
Subject: Website question
X-PHP-Originating-Script: 10002:sendEmails.php
From: Ellie Stevens <ellie.stevens@bestseniordatingsites.org>
MIME-Version: 1.0
Content-Type: text/html; charset=ISO-8859-1

These headers and the (HTML) body bore a striking similarity to an earlier email purporting to be from someone promoting online Christian dating services.

The HTML text in the body of this (seniors dating) email was as follows:

Hello,

My name is Ellie, and I blog for a site called bestseniordatingsites.org. I checked out your site danbyrnes.com.au/lostworlds/ archives/lwlinks2.htm and found some interesting and informative articles.

My site, bestseniordatingsites.org, is the only independent online resource exclusively dedicated to senior singles who want information on how to safely use online dating sites--serving the single seniors community by authoring articles on topics like how to protect your privacy and financial information online, as well as by providing general resources such as our Comprehensive List Of Senior Centers In The US, the first resource of its kind.

Would you mind having a look at bestseniordatingsites.org and, if you agree that my site could be a helpful resource for your readers, consider adding a link to it from your site?

Thanks for your time,

Ellie Stevens
Blogger | Owner
Best Senior Dating Sites
*

The earlier email promoting online dating sites had been constructed in a similar manner, and it had (initially) also scored quite low on Spam Assassin's rating. It would have been completely over-looked by your humble blogger, had the spammers not made the mistake of sending out three spam runs in the one day. It was then after closer examination that the (earlier) email campaign appeared to be suspicious.

The obvious similarities between the most recent email (above) and the earlier example are even more striking if the full body texts (including HTML) are examined. It leads to the inevitable conclusion that both emails have been constructed with the same template.

Also both emails were sent to email addresses that are available in the public domain. It seems likely that these email addresses had been harvested by spambots.

All of which suggests that they were both manufactured by the same spam engine.

Furthermore the websites which were promoted in the email promotional campaigns, bestseniordatingsites.org and christiandatingsites.net, have been setup in a similar manner. On the face of it, they were both fairly bland, but well-constructed sites which offer links and advice for people searching for online dating services.

The simple well constructed email and the rather Spartan websites all seem above board. There does not seem to be any sign of a "payload" or "hook" ... However despite their rather innocuous appearance, there is something strange about the way the sites have been registered, which hints at something possibly more sinister ... Both bestseniordatingsites.org and christiandatingsites.net have been registered by GoDaddy.com, LLC using the following organisation address:

DomainsByProxy.com
15111 N. Hayden Rd., Ste 160, PMB 353
Scottsdale
Arizona 85260
USA

This technique of registering domains is infamous ... And has been used extensively by scammers and spammers who are, often with good reason, shy about revealing their true identities.

Another thing the Christian dating and seniors Dating promotions have in common is DNS for the webhosts and for some of the email campaigns, which has been provided by a Californian organisation, Media Temple Inc., which has a registered address in Culver City.

On the face of it, Media Temple Inc. appears to be a legitimate organisation. Their website which runs on the Russian based open source nginx web server, offers webhosting services, which they claim are optimised for performance and efficiency.

There are however, some reports from disgruntled customers that claim that the hosting services offered by Media Temple are in fact poor quality and generally sub-standard. There are also some more ominous reports of Russian dating scams which have come from servers hosted by Media Temple.

If Media Temple are a legitimate organisation, they should give more consideration to the fact that allowing spammers and or scammers to use their network will, in the long run, taint their reputation, and may cause closer scrutiny of their operations.

Also if the organisations which advertise their services on the bestseniordatingsites.org and christiandatingsites.net sites are legitimate and relatively free of scammers then they should consider using other means to advertise their services. Because contrary to the old adage, there is such a thing as bad publicity.

And being associated with spammers is definitely bad publicity.


Other Blog Posts In This Thread:

Copyright     2012, Gerry Patterson. All Rights Reserved.