OT - Spam

[terau neredbojias]

I logged into here using Google Groups, and, kripes!: is there the
spam!! I never saw it using the news reader and service I have. No
wonder this group is dying.

 

[rf]

I logged into here using Google Groups, and, kripes!: is there the
spam!! I never saw it using the news reader and service I have.

And 90% of it comes from google groups.

 

[DLU]

I logged into here using Google Groups, and, kripes!: is there the
spam!! I never saw it using the news reader and service I have. No
wonder this group is dying.

I have been forwarding the spam from this group to:
(e-mail address removed)
Almost every day. Eventually they may take notice.
It looks to me like the amount to this NG has declined.

There is one in NGs that is particularly dangerous as it contains malware:
The link is such:

http://my-best-web.com/13/bathroom-double-vanity
The extension after the 13/ is variable.

This is where it actually goes.
From news.admin.net-abuse.email

I get redirected to a different end location:

supersafe21p.xorg.pl (94.228.209.219)

Takes three redirects to get there. The first in the sequence, which
I've lightly munged, is:

http:// my-best-web.com / url / nnn.php

which is presently hosted on 61.4.82.77, in China. This then redirects
to:

http:// www.safeonezone.net ? uid=212 & pid=3 & ttl=214447e063b

which is hosted on 95.169.186.25 in Russia. This checks the user-agent
to see if it's empty and, if it is, returns a 404 error. If the
user-agent isn't empty, it then sets 7 cookies and redirects to:

http:// supersafe21p.xorg.pl ?
p=p52dcWplal%2FCj8bYbnOCdVik12qZVp%2FZatrauZqqppeLw8ydb5aYiaafpqjYm4rapZxqZmNsmGGZlWCcYMWK1qWYpqvYnpRfo3FfqKGopJ6eU8rPnZVqWqihyaSfVpnWapuUkWJuaGSWlZVnZGdvWqqZnnaHodejYmJkZGVvnGaVYVbaoJWhlGNuYmmcmZxsY1qcl3V7el%2FYlsijaGhj

which is hosted on 94.228.209.219 in The Netherlands. This loads a
javascript file from:

http:// supersafe21p.xorg.pl / 8a3f6b536f75300eee362af806756a1b563008411.js

which then does the "scan" and wants you to download an executable from:

http:// pikorb28pd.xorg.pl / build8_212.php ? cmd=sendFile & counter=1 &
p=p52dcWplal/Cj8bYbnOCdVik12qaVp/ZatrauJ+CoKXcz4mbm5h2lpeJpqTPnNvUV6ShoG9qlWGWZGfLXZmXxVeqppfZ1tZ2Y1qqcV6ooa3NkqGMl5mZmW9e2pbHp22MltOhlGppYGebmZFpYGVsZV6mnZ+eU9jZbmFfa2Jrm2WWYmWModaWoGJpaWaYmJttZGlfl5txf3uHpM3Kbmdlag==

which is only recognised by 5 of the 41 anti-virus programs used by
virustotal.com, :

http://www.virustotal.com/analisis/...3a3e285f9a06db5fc9cb298ba428616341-1270380554


Regards,
David Bolt


Of course, that's just the downloader/installer. After unpacking I can
see a list of 589 executables relating to anti-virus and other
security software which no doubt it will try to disable or terminate.

Other strings in the binary indicate where it might report back to or
download the main scamware application:

cleanupantivirus.com
save-secure.com
securityearth.net
trdatasft.com
update1.winsystemupdate.xorg.pl
update2.winsystemupdates.xorg.pl


So what is happening here are worms that will turn your machine into a
botnet zombie.

These seem to be flooding USENET, they are propagated by a botnet.
I know most of you are not spam fighters, it takes time and your work on
websites and such probably takes most of that time. However I ask all of
you to forward these to:
(e-mail address removed)
It only takes a few seconds and we hope that if google gets enough
complaints they will do something about it. The recent attack on their
system from China has given them a wake up call, so just maybe they
might see the threat to their systems.

--
***************************************
* This is the Spammish Inquisition *
* Not Lumber Cartel Unit 75 [TINLC] *
* I am not SPEWS.ORG *
***************************************

 

[cwdjrxyz]

I logged into here using Google Groups, and, kripes!: is there the
spam!!  I never saw it using the news reader and service I have.  No
wonder this group is dying.

For alt.html on Google Groups, your post of April 21 is the first on
topic post since April 10.The off topic sales posts, mostly from
China, also greatly fell for a while, and Google may have cut them off
for a while. Now some are coming back under new names such as ckedsdt.
Until your post, I was beginning to wonder if Google by accident
blocked on topic posts and allowed off topic posts. Many posts do use
a Google address, likely because it is very easy to sign up with
Google. In the past Yahoo was a favorite. For people who have been
around quite a while the various newsreader services are popular.
However for the younger generation that only wants to visit a group or
two to ask a question, Google does provide an easy entry. Most of the
spam recently has been sales spam, and if you subtract that, the other
old fashioned type of spam posts have not been very frequent. Google
should ban all posts from China on this group and other groups that
are having a large volume of this type of sales spam from China.
Perhaps that would get the attention of the Chinese, and in China the
government likely could put a stop to Chinese companies posting so
many ads for what appear to be mostly cheap goods and fake copies of
famous name goods.

 

[dorayme]

<[email protected]
m>,

Google
should ban all posts from China on this group and other groups that
are having a large volume of this type of sales spam from China.

You are probably right. But Google is having all sorts of trouble
with China already... it might complicate their troubles.

 

[Travis Newbury]

I logged into here using Google Groups, and, kripes!: is there the
spam!!  I never saw it using the news reader and service I have.  No
wonder this group is dying.

No, this group is dying because it has little to offer any more.
Doesn't the subject of the group even say to use a different group? 5
or 6 years ago this place was hopping. Lots of good info, plenty of
arguments, and the occasional slam.

Slowly the "regulars" moved away leaving a few of us here to check
every now and then.

But, if you don't want to see the spam you have to use a reader or
filter the posts using gmail.

 

[dorayme]

<[email protected]
m>,

No, this group is dying because it has little to offer any more.
Doesn't the subject of the group even say to use a different group? 5
or 6 years ago this place was hopping. Lots of good info, plenty of
arguments, and the occasional slam.

Slowly the "regulars" moved away leaving a few of us here to check
every now and then.

But, if you don't want to see the spam you have to use a reader or
filter the posts using gmail.

Remind me, what is this group for... I have forgotten what my old
favourite was about? I take grave exception to the suggestion
that it has nothing to offer! Glad to know you are alive Travis,
I raised a question about this in another group.

You can easily test how active this group is, go on, say
something about Flash or about the desirability of fixed width
sites... <g>

 

[Neredbojias]

...

And 90% of it comes from google groups.

Yeah, but all of it comes *directly* from assholes and I'm not a
Blinkyist in the Google Groups thing. I think it's nice to have an
easy-access way to the ng.

 

[Neredbojias]

I have been forwarding the spam from this group to:
(e-mail address removed)
Almost every day. Eventually they may take notice.
It looks to me like the amount to this NG has declined.
.....

These seem to be flooding USENET, they are propagated by a botnet.
I know most of you are not spam fighters, it takes time and your work
on websites and such probably takes most of that time. However I ask
all of you to forward these to:
(e-mail address removed)
It only takes a few seconds and we hope that if google gets enough
complaints they will do something about it. The recent attack on
their system from China has given them a wake up call, so just maybe
they might see the threat to their systems.

Perhaps a moderator is the answer. If the craps never shows, it will
stop eventually.

 

[Neredbojias]

For alt.html on Google Groups, your post of April 21 is the first on
topic post since April 10.The off topic sales posts, mostly from
China, also greatly fell for a while, and Google may have cut them
off for a while. Now some are coming back under new names such as
ckedsdt.

Yeah, I saw that, too...

Until your post, I was beginning to wonder if Google by accident
blocked on topic posts and allowed off topic posts. Many posts do use
a Google address, likely because it is very easy to sign up with
Google. In the past Yahoo was a favorite. For people who have been
around quite a while the various newsreader services are popular.
However for the younger generation that only wants to visit a group
or two to ask a question, Google does provide an easy entry. Most of
the spam recently has been sales spam, and if you subtract that, the
other old fashioned type of spam posts have not been very frequent.
Google should ban all posts from China on this group and other groups
that are having a large volume of this type of sales spam from China.

Agreed in flying colors!

Perhaps that would get the attention of the Chinese, and in China the
government likely could put a stop to Chinese companies posting so
many ads for what appear to be mostly cheap goods and fake copies of
famous name goods.

Some kind of hands-on approach is necessary, I think. Either that or a
set of really excellent filters.

 

[Neredbojias]

No, this group is dying because it has little to offer any more.

Not to vacillate, but sometimes I agree with that and sometimes I
don't. Why should it be any different now than it was 5 years ago?
Certainly there are just as many experts as well as "experts" here now
as there were before, and just as many of the other types, too. It may
be a matter of "old hat", I dunno, but I definitely have NOT seen any
web-based forum become a real substitute. Interest in html may have
changed, too. Those who want to have learned it and those who don't
care less.

Doesn't the subject of the group even say to use a different group?
5 or 6 years ago this place was hopping. Lots of good info, plenty
of arguments, and the occasional slam.

Slowly the "regulars" moved away leaving a few of us here to check
every now and then.

The regular posters, maybe, but I don't believe there's any lack of
knowledge or expertise currently hindering the viability of this group.
Manners and decorum, however, could be another matter.

But, if you don't want to see the spam you have to use a reader or
filter the posts using gmail.

Uh huh, so if you ask me Google should delete the crap (however they
choose) before it even gets posted. A shoe ad has no place on an html
board and eliminating it is not censorship.

 

[Harlan Messinger]

I logged into here using Google Groups, and, kripes!: is there the
spam!! I never saw it using the news reader and service I have. No
wonder this group is dying.

That depends on how many regulars use Google Groups.

 

[Adrienne Boswell]

Gazing into my crystal ball I observed Travis Newbury

No, this group is dying because it has little to offer any more.
Doesn't the subject of the group even say to use a different group? 5
or 6 years ago this place was hopping. Lots of good info, plenty of
arguments, and the occasional slam.

When ever HTML5 really gets going, I'm sure there will be plenty to talk
about. After all, it IS HTML.

Slowly the "regulars" moved away leaving a few of us here to check
every now and then.

I know, and I miss Brucie and Luigi.

But, if you don't want to see the spam you have to use a reader or
filter the posts using gmail.

I'm using eternal-september.org and they filter VERY well. I was
wondering what was happening because I haven't seen any posts, on my end
at least, for about three days.

 

[DLU]

Yeah, I saw that, too...

I would be nice if google would block the Chinese IPs at the root
servers. Unfortunately the spam is coming from botnets that are widely
distributed world wide. The bot herders place these spams on the net
designed to get people to look at them. The porno groups are flooded
with them with various enticing titles. Many of these spams come from
Malaysia and eastern Europe. Korea was one of the worst but seems to
have cleaned up its act, but Taiwan and Brazil also are major sources.
The problem is with the ISPs in those countries. They will not cut off
customers wiht infected machines. The US Government is also slow to act
on ISPs that have C&C (command and control) servers. These machines
contact the zombies and give them the command to send the messages.

For the Nike spams the address is: (e-mail address removed).
For Gucchi: (e-mail address removed)
--
***************************************
* This is the Spammish Inquisition *
* Not Lumber Cartel Unit 75 [TINLC] *
* I am not SPEWS.ORG *
***************************************

 

[dorayme]

I thought the purpose of this group was to allow Onedius Hatter to spread
his vitriol (and malware). I wonder how his Google law suit is coming along


He seems to have been very quiet lately.

He is very quiet in my newsreader. Like he is visiting a morgue
and cannot be heard from the office.

 

[Jonathan N. Little]

He is very quiet in my newsreader. Like he is visiting a morgue
and cannot be heard from the office.

<E. Fudd>Shhhhhhh! Be vewwy, vewwy quwiet!</E. Fudd>

 

[Neredbojias]

I kill everything posted from Googlegroups. Yes, that means some
miniscule amount of wheat gets discarded, but it is worth getting rid
of nearly all the chaff.

If you post from googlegroups I will have to 1) notice I don't see
your posts 2) decide your posts are worth reading 3) create a rule to
specifically allow your posts through.

This doesn't happen very much.

Well, a lot of people seem to agree with you. Nevertheless, I still
like Googlegroups, and glad it's there, and am not usually bothered by
the spam as my news service filters it very effectively. I *DO* admit
that Google could probably do some filtering itself and cut-out all the
ads and really wayout stuff because the true objection to the interface
is that it abets just the kind of thing we all don't like.

 

[Neredbojias]

Just because I like to sit around in my underwear while posting to
USENET is no reason to question my manners or decorum.

What you wear or don't wear has nothing to do with the manners and
decorum you are able to display when posting to newsgroups. However,
if you are unable to control yourself in certain attire, put on a
skirt, spread your legs, and think "Sock it to me, Daddy."

On the other hand, the people around me at Starbucks have a cause for
complaint, I guess.

Though to be fair, I'm not showing any more of my underwear than the
high school students (male and female) at the next table.

Ergo, your maturity level is that of a high-schooler. Wowie.

 

[Neredbojias]

...

This is a reflection on your newservice provider (and google groups).
Many newservice providers don't to any filtering, others (such as
giganews and others) do a very good job in filtering out the spam. If
you are fortunate to use one of those then you might think alt.html
is a bit quiet but you are unlikley to be complaining of spam.

True, and I'm not saying that GG shouldn't do *something* to alleviate
the problem but going-out-of-existence is a little extreme.