[Message Prev][Message Next][Thread Prev][Thread Next][Message Index][Thread Index]
Re: ADT SPAM I got today
- Subject: Re: ADT SPAM I got today
- From: pazstefw@xxxxxxxxx
- Date: Wed, 12 Aug 2020 05:34:11 -0700 (PDT)
- Newsgroups: alt.security.alarms
- References: <20011014113357.10600.00003637@mb-df.aol.com> <bcc50738-9f0b-43e3-8277-db35653e1b5eo@googlegroups.com> <Iq8IG.72604$eN2.2527@fx47.iad> <rct1pt$etg$1@gioia.aioe.org> <j7qdnVxx3cynsm_DnZ2dnUU7-RfNnZ2d@giganews.com> <rcuc0f$8hc$1@gioia.aioe.org> <4b5a418b-1910-4763-91f1-d002f4e54eafo@googlegroups.com>
I get spam for ADT too, probably not corporate and they are investigating i=
t (via Contact Compliance)=20
Mine is sent via lunatic spammers who throw emails together for multiple th=
ings from miracle cures for nail fungus and tinnitus, to online tarot readi=
ngs and ADT Security systems.
They create new domains for redirect sites, they hack sites to use them, th=
ey abuse redirects available on sites, utilize Google storage, shortlink pr=
oviders like bitly... all manner of methods to have links in emails that ar=
e the bottom of a food chain.=20
Sometimes they get a SendGrid account opened for sending from, or they use =
a hacked MX linked domain, or hotmail or other. Sometimes they hide their h=
osting IP behind passthru services like Cloudflare, or the use Cloudfront. =
They use services that allow them to host on a machine presumably connected=
at a home/office to an ISP (I think that=E2=80=99s what happens with servi=
ces like noip.com or freedynamicdns.net)
Some of their redirects have been developed not to work in online redirect =
tracing applications, and more recently to not work in apps on iOS like =E2=
=80=9CiCURL HTTP=E2=80=9D but when browsed in a web browser they dance thei=
r merry way to to end point site.
The spam emails contain images which they always used to store on imgur.com=
(free image sharing site/app) but they became super responsive and delete =
the reported images. Hence spammer moved elsewhere and it=E2=80=99s a cat a=
nd mouse game. Imgbox.com is a current favorite. ADT examples:
https://images2.imgbox.com/42/27/BP0QZVVT_o.png
https://images2.imgbox.com/90/d7/mRZd7JsX_o.png
https://images2.imgbox.com/a9/d9/IMj1JPcu_o.png
Of course that last one does not link to an actual working unsubscribe rout=
ine.The spam URL was to a new domain (24 hours old) and while the site was =
hosted AND registered through Namecheap.com, they took the site offline but=
did not apparently take action on the domain registration. Namecheap will =
void a registration only if the domain name is added to a blacklist such as=
SURBL. They claim this is because they are not a hosting company and can n=
ot verify abuse; apparently even when the hosting company is Namecheap Host=
ing! Maybe they just like to take the revenue for the site domain name and =
pretend the money is not =E2=80=9Ccrime related=E2=80=9D
Of course, mr spammer uses a turnover of domains fast enough not to get ont=
o SURBL or other blacklist for most mass spam sends.
And finally, of course they mess with email headers and make the plain text=
HTML code hard to report. They=E2=80=99ll include a huge amount of random =
text/links in an unterminated HTML tag. Bury the few lines of their spam be=
fore or after. Sometimes so huge it is hard to copy/paste. They sometimes t=
ake a genuine business email, and just put their content after it (lunatics=
) which surely reduces uptake by their victims. And of course sometimes the=
y adopt base64 encoding to boot.
Largely the same spamming people (bots maybe) and incredibly repetitive con=
tent via different but repeating methods as described above. It=E2=80=99s n=
ot stopping me reporting. Every. Single. Time. The volume is falling, with =
determined effort.
alt.security.alarms Main Index |
alt.security.alarms Thread Index |
alt.security.alarms Home |
Archives Home