Trel
Good Evening
Premium
join:2002-10-08
Hillsborough, NJ
| [Spam] Oddest emails
I've been getting these odd spam emails.
They're coming from random domains.
All of them have all the text as attached images.
None of them contain any hotlinked images nor do they have any links to external sites.
I'm attaching an example image. Sometimes the image is in multiple parts. I'm at a loss as to what the purpose of these emails are.
--
/chown -R us:us /yourbase |
|
Jon_Hanson
Mountain Dew Rules
Premium
join:2001-07-09
Gilbert, AZ | They want to pump up the interest in that garbage stock so people will buy it and then the scammer can sell it at a profit. It's called pump-and-dump. There is no website to go to they just want you to buy that stock. |
|
newview
Ex .. Ex .. Exactly
Premium
join:2001-10-01
Parsonsburg, MD
| reply to Trel
Pink Sheets, a private company providing stock quotes and information, has recently proposed new rules to the SEC to combat exactly this type of scam/spam.
In their article, they ask that you comment using the following email address, rule-comments@sec.gov.
I've followed their advice and forwarded every one of the pump & dump spams I receive to that address, commenting, "Only by making pump & dump stock scams unprofitable and self-defeating will this type of spam activity cease."
Oh . . . and a copy to spam@ftc.gov & enforcement@sec.gov also.
--
Ö¿Ö
The Rules of Spam | Maryland's Newest Anti-Spam Law
Where are we going? And what's with the hand basket? |
|
Trel
Good Evening
Premium
join:2002-10-08
Hillsborough, NJ | BTW the spam@ftv.gov ones bounces back to me.
--
/chown -R us:us /yourbase |
|
newview
Ex .. Ex .. Exactly
Premium
join:2001-10-01
Parsonsburg, MD
| said by Trel  :BTW the spam@ftv.gov ones bounces back to me. Sorry, that should now be SPAM@UCE.GOV.
»https://rn.ftc.gov/pls/dod/wsolcq$.start···ODE=PU01 |
|
theseus
join:2006-03-08
Buffalo, NY | reply to Trel
Hey Trel,
I have a similar issue that also has an open thread:
»[Gmail] Blocking unwanted spam |
|
NormanS
Premium,MVM
join:2001-02-14
San Jose, CA
 ·Pacific Bell - SBC
| reply to Trel
said by Trel :I've been getting these odd spam emails. They're coming from random domains. All of them have all the text as attached images. None of the domains in my examples are responsible for the sending; they are coming from random IP address providers which have no relation to the "sending" domains.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
goalieskates
join:2004-09-12
Knoxville, TN
 ·Knology
·Comcast
| reply to Trel
said by Trel :I've been getting these odd spam emails. They're coming from random domains. All of them have all the text as attached images. Getting the same thing 10 or more times a day from Goldmark Industries. Random domains, random senders, different keywords, but always the same crappy ad in the form of an image. I hope they tank soon. |
|
NormanS
Premium,MVM
join:2001-02-14
San Jose, CA
·Pacific Bell - SBC
| said by goalieskates :Getting the same thing 10 or more times a day from Goldmark Industries. Random domains, random senders, different keywords, but always the same crappy ad in the form of an image. I hope they tank soon. You are likely not getting anything "from them", but from some spammer trying to pump them up. The goal is to inflate the price, then sell before the price falls. "They" would be pretty stupid to do it themselves.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
Bellsy
@sympatico.ca
| reply to Trel
These are exactly the same emails I have been receiving. I did a search and came up with the SEC link and when I sent an email using their email provided on the site, it bounced back as well. I will use the above link posted. Is their no way legally that the SEC can terminate these PUMP & DUMP morons?
Bellsy |
|
Bellsy
@sympatico.ca | Update.....
I also did an IP search on the source of these emails and they are originating in China. I would not be the least bit surprised that they are using a proxy to get these emails out, thereby hiding their true IP and Identity. |
|
NormanS
Premium,MVM
join:2001-02-14
San Jose, CA | BINGO!
Except that the proxies I have seen are anywhere from China, to Korea to Comcast.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
goalieskates
join:2004-09-12
Knoxville, TN
·Knology
·Comcast
| reply to NormanS
said by NormanS :You are likely not getting anything "from them", but from some spammer trying to pump them up. The goal is to inflate the price, then sell before the price falls. "They" would be pretty stupid to do it themselves. Technically correct but irrelevant. The real question is, how to write a rule to block or delete image-only emails? |
|
pleekmo
Triptoe Through The Tulips
Premium
join:2001-09-14
Manchester, CT
clubs:
| said by goalieskates :said by NormanS :The real question is, how to write a rule to block or delete image-only emails? Unfortunately, many of my pump 'n' dump spam has been arriving with a list of words at the bottom (presumably an attempt to bypass Bayesian filters) along with the image. This will make it even harder to create a blocking rule. And, of course, some of my legitimate e-mails have images in them. We'll probably begin to have a need to run e-mails through OCR software shortly. Then I can foresee the next tactic in the war: Obfuscated wording of graphics or even graphics with contain characters created in unusual, but still human-readable forms. --
HCN: Because you deserve a rest!
Free Omelas! |
|
NormanS
Premium,MVM
join:2001-02-14
San Jose, CA
·Pacific Bell - SBC
| reply to goalieskates
said by goalieskates :Technically correct but irrelevant. The real question is, how to write a rule to block or delete image-only emails? And your mail client is? With MS Outlook Express, I know of no way to write a rule to block image only spam. All of the image spam I am seeing is coming to a Yahoo! POP3 server. If it makes it to the Inbox, I click on the "Spam" button. Eventually SpamGuard will learn to tag it with an "X-YahooFilteredBulk" header line, and place it in the Bulk folder.
My local client can filter on that header line, but MS Outlook Express can't. If I was using MSOE, I could configure SpamGuard to tag the subject line with "[BULK]", and MSOE would filter on that.
MSOE can filter on message size, or the presence of an attachment.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
goalieskates
join:2004-09-12
Knoxville, TN
·Knology
·Comcast
| said by NormanS :And your mail client is? Plain old Outlook, not OE.
Subject line random and has nothing to do with the subject matter so that's out. Random words at the bottom as mentioned above, also having nothing to do with the subject matter. Seemingly different senders, but those all look bogus.
It's clever, I suspect we'll see more of it. |
|
NormanS
Premium,MVM
join:2001-02-14
San Jose, CA
·Pacific Bell - SBC
| I have been seeing it for the better part of two years.
I though MS Outlook had some kind of native, Naive Bayesian-like, spam filter? Click to train, move suspect email to a Bulk folder.
In any case, I was under the impression that it did a much better job at spam filtering than MS Outlook Express.
I stopped using MSOE for lack of decent spam filtering. It can sort email easily enough, when the email is known to be all good mail. I started using Pegasus Mail because of its native capacity to filter on all parts of the email message; and they just released a version with a native Naive Bayesian spam filter.
I also stopped using my ISP email, or third party email providers; for the most part. Running my own server with my own domain gives me the capability to run some very anal spam filters on the SMTP transaction.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
Chao284
join:2006-01-08
| reply to Trel
Not sure if this seems likely, but there is also hidden coding that may also automantically enlist you in a spam trap that would harvest your address once the image is done loading, and currently, there is enough reasons that the Pump Dump is of the following,
Untrackable,
Undetectable,
unfilterable,
And other meanings that makes a spam gang more rich then a person who finds gold in a mine, that is my responce. |
|
Corehhi
join:2002-01-28
Bluffton, SC
| reply to Trel
This is common for penny stocks. Companies are paid to pump stocks and you got on their list some how. These companies are well organized and put out a huge amount of emails from all over the world in some case. There is no way to get off their list if your on it. Never let your real e-mail to be know on a stock forum or you'll get hit with these left and right. For that matter I contacted DNA's IR dept. and I was surprised that I started getting with bio-tech stock picks in my home mail about two weeks later. I swear DNA sold my info (used my real name). |
|
NetWatchMan
Premium,VIP
join:2001-03-13
Alpharetta, GA
| reply to Trel
All of these emails are sent using networks of 1000s of compromised systems (zombies)...since there are no spamvertised URLS and since all the email addresses are totally forged there is no (easy) way to tell who is sending them.
The SEC doesn't give a crap because these are penny stocks and they are busy chasing down corporate governnace issues (e.g. stock option back-dating, etc..).
This is absolutely nothing new and this activity as been going on for years...though it does seem to be accellerating.
--
Lawrence Baldwin
myNetWatchman
The Internet Neighborhood Watch |
|
