Navigate/Search

Archive for the 'spam' Category

Amazon.com – even dumber than I thought possible

Sunday, February 11th, 2007

So, I got a reply from their customer service. You’re gonna love it:

Thank you for writing to us at Amazon.com.

I do understand your concern to close your account. I am sorry to know that you are receiving fraudulent e-mails. I’ve checked and found that our investigation department is working to find out the resolution.

Before authorizing us to close your account, please read the following information carefully. Further action is required in order to close your account.

I don’t want you to close MY account! I’m not getting email! It’s comment spam! I want you to shut down the comment spammer’s account!

Oy.

Amazon.com – thickheaded about blog spam

Sunday, February 11th, 2007

So, The Mystery of the Haunted Vampire has been getting some new trackback and comment spam, all attempting to spamvertise bogus Amazon.com storefronts. These sites are clearly bullshit, and they look like they’re taking advantage of a security hole of some kind in Amazon’s Associates program, probably lax validation when accounts and storefronts are created. I say lax validation because it probably looks like these bastards have a script set up to automatically generate these storefronts. So I fired off an email to Amazon’s customer service telling them about this… and got back this response:

Thank you for writing to us. We received your message wondering if an e-mail you received is really from Amazon.com. Unfortunately, we didn’t receive a copy of the suspicious e-mail, so I cannot determine its origin.

You morons! It isn’t about email at all, and I clearly stated so in my complaint! It’s trackback spam and comment spam, and you’re hosting the stores! Shut the damn sites down!

Yeesh. Thick.

I’ve responded using their “No, this wasn’t helpful” link – we’ll see what comes of it. If I get the same sort of BS, I’ll use their “leave a phone number and we’ll call you” service and see if I can get a better response…

Two great tastes that taste great together

Tuesday, January 9th, 2007

From the spamtrap today, another episode of “When Nigerian Scammers Forget Which Scam They’re Running”:

From: UNLOTTERY NEWYEAR BONANZA
Subj: FROM MRS, RAGHAD SADDAM HUSSEIN

Wow! A lottery scam *and* a 419 scam, all in one! I feel so loved…

More fun with spam…

Monday, November 20th, 2006

Today’s stupid subject: “whacking Oill for Peniis”

And here I thought that was just AstroGlide…

It’s sad, really…

Thursday, October 26th, 2006

In today’s episode of What Stupid Crap Am I Selling? we have the following subject line:

Impossible growth today!, urgently to you

*sigh* You know that some sort of cultural Rubicon has been crossed when you can’t tell the pump-and-dump stock scams from the penis-enlargement scams.

More fun with spam…

Wednesday, October 25th, 2006

The subject reads: “URGENT REPLY NEEDED FROM AISHA MOHAMMED”

So why don’t you send it to her instead of me, you fscking moron?

In my junk mail folder this morning:

Tuesday, October 24th, 2006

“Hola Winnre”

To which there really can be only one response: “Adios, Losre”

Carmina Burana 2K6

Wednesday, September 13th, 2006

Today, a comment spammer tried to leave their crap for a specific brand of penis pills over on Mystery of the Haunted Vampire. You’ll never guess who’s website he’d compromised to host his spammy nonsense. Never, ever, ever…

Give up?

The website was registered to the Korean Franciscan Brotherhood. Monks & penis pills… Where have I heard something like that before? Oh, yes:

Amor volat undique,
captus est libidine.
Iuvenes, iuvencule
coniunguntur merito.

(Cupid flies everywhere,
seized by desire.
Young men and women
are rightly coupled.)

Ah, the accidental surrealism and unintentional ironies of the Interwebs…

Plone/Zope – spammer havens?

Saturday, August 19th, 2006

[update 22 Sept 2006 1155AM PDT – I’ve been remiss in noting that Plone has a new release out that fixes this problem and they have instructions on how to clean up the spammer-generated content. I do, however, think that the folks at Plone are being disengeous when they describe the scope of this vulnerability as being limited to high-visibility sites and when they downplay this as a security hole. Guys, if a spammer can upload arbitrary scripts to your site, that’s a security hole.]

This is an open note to the folks on the Plone and Zope projects: I don’t know if this is an exploit you’re aware of, but there’s a script or tool loose in the wild that makes it extremely easy for spammers to generate fake user IDs and bogus content for your systems.

As my regular readers will know, I’m involved with The Mystery of the Haunted Vampire, a quirky horror-ish blog. Lately, I’ve been more of an admin than contributor – and a lot of that has been checking the comment and trackback spam caught by the Askimet WordPress plugin.

So far, we’ve had no false positives and only one or two false negatives, which is definitely a hit ratio I can live with. I click on the “Administer Askimet” tab, give the spam a quick once-over, and select “delete all”. Boom, done. Not that big a deal… But a couple of days ago, something caught my eye – a bit o’ trackback spam that linked to a .edu domain instead of the usual .ru, .nu, .pl, .biz or .info domain.

.edu?

So I checked it out using a text-only browser that sends a valid referrer-agent string (like IE or Mozilla) but displays the raw HTML and/or JavaScript behind a page. Turns out that the site is a homework/reading forum for a Comp Sci class, and the URL in the spam was a post to the forum that consisted solely of a JavaScript that immediately redirects you to a typical pill-spammer site (Gee, that’s where the .biz was hiding. Imagine that.). Figuring that a federally-funded institution didn’t want to be supporting illegal online pharmacies, I reported it to their helpdesk, and the sites were taken down in a day or two.

Well, yesterday we got another lovely chunk of pill-pushing spammy goodness – and almost every single link was to a .edu URL. We aren’t talking questionable schools, either – these were almost all subdomains on the sites of Ivy League, public Ivy, and Top 10 schools.

Real schools, all really well-known names, all harboring spammer redirects. Whoops.

When I went to look up the contacts for these sites, I noticed they were all running the exact same software: Plone and/or Zope. Plone & Zope are open-source content management systems (CMS isn’t my thing, but it looks like Zope is the foundation that Plone is built upon.) that provide an extensible, flexible framework for, well, community portals – very similar to the Comp Sci portal I initially saw. And every single site that spammer exploited was using pretty damn close to the exact same combination of tools.

So I guess you can also consider this an open note to all those academic and non-profit teams running open-source community portals like Plone: tighten up your security, and make sure you lock the damn site down if it isn’t live. One Ivy League school linked in that spam had thousands of spammer redirects on one of their sites – and it looked like the main site hadn’t been actively used in a couple of years. How’d you like to have Google results for pyramid schemes, skeezy refinance outfits, work at home ripoffs, illegal narcotics, and penis pills associated with your domain?

Yeah, I didn’t think so.

Uh… you might want to have that checked.

Thursday, August 10th, 2006

Got some spam today with another one of the least compelling subject lines I’ve ever seen. What follows might qualify as NSFW, so I’ve put it ‘below the fold’ as they say.
(more…)

To the diploma mill spammer who loves me:

Monday, July 31st, 2006

I just wanted to let you know that I got your latest come-on this morning. Oh, it was where it belonged: in my quarantine folder, along with purported lottery winnings, Hillbilly Heroin pushers, fake luxury items, pirated software, and a host of societal insecurities digitally enshrined. There was your nugget of wisdom, nestled amongst its kind: an enlargement here, a reduction there, drugs, drugs, drugs – all promises of something for nothing.

But I digress.

Back to you, oh my purveyor of perfidious pedigrees. For lo! this morning, you posed a question I could not in good conscience ignore. To do so would have been a disservice to the world, so profound was your question. For I had an answer to your question that would speak volumes of truth, I had wisdom that demanded to be shared.

Your subject line read, “Dr YOUR NAME, how does that sounds?”

My response comes without addressing your inability to run your software properly – you know, the part that replaces “YOUR NAME” with, well, my name? No, without questioning your ability to run a pre-packaged script that you bought bundled with thousands of email addresses from some other sleazebag who is now laughing at you while they spend your money, I must, must respond to your question.

You asked ‘How does that sounds’? Oh, the irony of it all, the delicious irony of such a question from a salesman of fake educational credentials.

It sounds fucking illiterate, you dickhead. It sounds completely fucking illiterate.

But thanks for asking.