Chao284
join:2006-01-08
| 419 Spam bypassing filters and blacklists?
Well it seems anyone with a Hotmail/MSN, Yahoo and Gmail account would be the victims of a new theme that the 419ers are unstoppable, well it looks like it, because in the past few weeks ever since the Mebroot/Torpig trojans went alive, the number of 419 spams has skyrocketed and even worse these Nigerians have found a way to make use of these innocent IPs in the event the Mebroot may have infected more machines and likely crippled their control in order to forge and use IPs from clean non spam ISPs which increases the risk of filter and blacklist bypass, and lately it has come to the point I may have to delete my Yahoo account in order to clear out of the spamtrap.
I just need to know if anyone has seen a rapid increase of this latest theme that is already making people to give in to the Nigerian bastards that are now invincible with this latest malware wave that no one can get out of? |
|
avd706
insert annoying animated gif here
Premium
join:2003-02-06
Union, NJ | A bunch got through on AOL and Gmail last week, but it is all quiet now.
--
Team JON. |
|
antiphishing
Phishing Scam Terminator
Premium
join:2004-06-09
Wilkes Barre, PA
| reply to Chao284
said by Chao284  :I just need to know if anyone has seen a rapid increase of this latest theme that is already making people to give in to the Nigerian bastards that are now invincible with this latest malware wave that no one can get out of? I get huge amounts of those B.S. Nigeria 419 scams on a daily basis which seems to get worse as the months go by. 
--
Specializing in "takes downs" of phishing and advance fee scams
Send your Phishing/Advance fee scams to: phish@antihotmail.com
»www.phishtank.com
»www.fraudwatchers.org
|
|
Doctor Four
My other vehicle is a TARDIS
Premium
join:2000-09-05
Dallas, TX
 ·AT&T U-Verse
| reply to Chao284
My mother gets quite a few of these on her Yahoo email, but nearly all of them end up in the spam folder. The same goes for phishes.
In both cases, only about 3-5% get past Yahoo's filter on the initial attempt.
--
"The trouble with computers, of course, is that they are very sophisticated idiots." - Doctor Who (from Robot)
|
|
Chao284
join:2006-01-08
| Well right now if anything what is also most disturbing about this latest run of 419 scammers, they are using some trojan that is difficult to remove and does not include an originating IP, instead it just has the IP of an innocent account that never turns up on the backlists, and currently hotmail.com and msn.com email accounts are the prime target to these Scammers to hide the originating IP, in turn the only trojan known for this is the Torpig/Mebroot, their botnets are nearly bullet-proof and likely reason almost every 419 scam never contains a originating IP and most of them connected to here is an example,
Return-Path:
Authentication-Results: mta278.mail.mud.yahoo.com from=; domainkeys=neutral (no sig); from=; dkim=neutral (no sig)
Received: from 65.55.111.81 (EHLO blu0-omc2-s6.blu0.hotmail.com) (65.55.111.81) by mta278.mail.mud.yahoo.com with SMTP; Tue, 30 Jun 2009 04:30:47 -0700
Received: from BLU146-W8 ([65.55.111.73]) by blu0-omc2-s6.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959); Tue, 30 Jun 2009 04:30:11 -0700
Message-ID:
Return-Path: conana051@msn.com (Forged email address)
Content-Type: multipart/alternative; boundary="_c87b12ed-1f9d-4286-8efe-3383f6c1ce10_"
Reply-To: (also forged)
From: MRS.THOBKA CONANA Add sender to Contacts
Subject: Private and Confidential
Date: Tue, 30 Jun 2009 11:30:11 +0000
Importance: Normal
MIME-Version: 1.0
Bcc: (this part of the full header is exploited)
Content-Length: 10982
And in turn the IPs on MSN's mail server are at 65.55.111.xx, apparently a botnet trojan likely running on this IP since I have received this scam from this IP many times, and in turn some botnets such as the cutwail2 and the xarvester botnet in previous emails already reported on google groups, most likely in connection of the Torpig/Mebroot botnet gang probably using open relays. |
|
garys_2k
join:2004-05-07
Farmington, MI
 ·Future Nine Corpor..
·Vonage
| You won't find the lads' real IPs until you get their first reply to your initial "Can I really get this money?" query. The bots ONLY send out the mass emails, the replies are handled by the first tier of lads (the ones that are the most fun to screw with). |
|
Chao284
join:2006-01-08
| Well their IPs do have a hidden direct link with the scammer, but use MSN/hotmail to prevent spam filters making it spam and just an innocent person's email address, in that method plus such bots as cutwail2 and xarvester have a higher success rate at infecting Microsoft related systems that would prolonged the spam problem, oh and that is not all, I had found a bit more infomation that the captcha system has been broken on MSN/hotmail system out there next to google's Gmail service and these 2 bots likely have the capability of doing that task which means Nigeria has some capability of doing this kind of method. |
|
