Tag: Spam

Posted on

Reporting malicious links to bitly

Recent round of spams propagated using hacked Twitter accounts and bitly URL shortener became the topic of discussion. Just a few days ago Twitter account of Greg Hetson (Bad Religion, Circle Jerks) was hacked and a link using bitly URL shortener to a spam site was posted.

If you encountered any malicious or spam using bit.ly, please report it to bitly immediately.

You can report spam links to support@bitly.com to be blocked. Include the word ‘spam’ in the message and include the link and information about how you received it.

From time to time you’d see that bitly would warn visitors off the malicious URL they about to visit.

bitly-warning

Posted on

Internet Exlplorer?

From the spam folder:

Internet Exlplorer?

Funny that no one here in the office had any travel plan in the immediate future and yet British Airways said we had a ticket booked?

The spam email came with an attachement that can be viewed using “Internet Exlplorer”; it must be a new program.

Posted on

Spammer Alert: lolmessaging

Some readers asked us to look into a particular spammer known as “LOL Messaging” or “lolmessaging”.

Resources:

Registered through Namecheap.com

  • lotsadiscountedski.com

Registered through GoDaddy.com

  • speachlearn1.us
  • videoblock3.us
  • foryourinterest.us
  • todayclickers3.us

Registrant Name:                              domain manager
Registrant Organization:                  XXL Internet Services
Registrant Address1:                         885 Sanford Ave SW
Registrant Address2:                        Ste 16975
Registrant City:                                  Grandville
Registrant State/Province:              Michigan
Registrant Postal Code:                    49418
Registrant Country:                           United States
Registrant Country Code:                 US
Registrant Phone Number:              +1.3039008053
Registrant Facsimile Number:        +1.3039008053
Registrant Email:                               godaddy@bigcoupe.com

whois bigcoupe.com:

Registered through: GoDaddy.com, LLC (http://www.godaddy.com)
Domain Name: BIGCOUPE.COM
Created on: 30-Apr-03
Expires on: 30-Apr-13
Last Updated on: 18-Feb-12

Registrant:
Domains By Proxy, LLC
DomainsByProxy.com
14747 N Northsight Blvd Suite 111, PMB 309
Scottsdale, Arizona 85260
United States

Administrative Contact:
Private, Registration  BIGCOUPE.COM@domainsbyproxy.com
Domains By Proxy, LLC
DomainsByProxy.com
14747 N Northsight Blvd Suite 111, PMB 309
Scottsdale, Arizona 85260
United States
(480) 624-2599      Fax — (480) 624-2598

Technical Contact:
Private, Registration  BIGCOUPE.COM@domainsbyproxy.com
Domains By Proxy, LLC
DomainsByProxy.com
14747 N Northsight Blvd Suite 111, PMB 309
Scottsdale, Arizona 85260
United States
(480) 624-2599      Fax — (480) 624-2598

Domain servers in listed order:
NS51.DOMAINCONTROL.COM
NS52.DOMAINCONTROL.COM

Registered through Name.com

  • lollipopper.us
  • generallead3.us
  • genericlead1.us
  • furniturelead23.us
  • linkedup5.us
  • snoreades.us
  • tabindex1.us

Registrant Name:                          Post Master
Registrant Organization:             XXL Internet Services
Registrant Address1:                    2885 Sanford Ave SW
Registrant Address2:                   #16975
Registrant City:                             Grandville
Registrant State/Province:         MI
Registrant Postal Code:              49418
Registrant Country:                     United States
Registrant Country Code:           US
Registrant Phone Number:        +1.3039008053
Registrant Email:                         lolmessaging@gmail.com

Other information used by “lolmessaging”:

  • Name:                       John Charles
  • Phone number:       +1.7025278620

Other Domain names related by “lolmessaging”:

  • 3dcoalition.com
  • 8vu.net
  • acealternatorstarter.com
  • actnowtosave.com
  • capricorncaribbean.com
  • clyerherne.com
  • creemgulix.com
  • dontisiac.com
  • dontmisthis.com
  • dreamripper.com
  • dropteal.net
  • droyllegoa.com
  • dwiandduiattorneys.net
  • faffyskeif.com
  • falloutandin.com
  • fanashede.com
  • fikenumps.com
  • foregonow.com
  • fowthdorsi.com
  • guaranteedincrease.com
  • heccodaiva.com
  • ideatort.com
  • ikanfrss.com
  • imex-bois.com
  • johnthomascharles.com
  • jrcharles.net
  • kingjamesonlinebible.com
  • makibronk.com
  • manisgived.com
  • manteyren.com
  • mercyjump.com
  • modedeux.net
  • movingtoofast.com
  • muntzspard.com
  • mwradar.com
  • mygoodscore.net
  • nanebtise.com
  • narleypig.com
  • nasalcorrection.com
  • neversad.info
  • nowstopsmoking.net
  • okeeinkos.com
  • opio.us
  • ornesgrimp.com
  • overallfitness.info
  • paculagen.com
  • pavasboeuf.com
  • peel2win.com
  • playerstrinidad.com
  • pricecheckgas.com
  • priolucan.com
  • provefront.com
  • pydnayahi.com
  • quanavell.com
  • randytool.info
  • rebellionandtruth.com
  • retirementtexas.net
  • rightleftturn.com
  • roadragereviews.com
  • role-call.com
  • shirtblock.com
  • sibbysqrt.com
  • sidsmungy.com
  • siouxsheng.com
  • skincarenewyork.net
  • spadsuwe.com
  • spetskenny.com
  • staiablair.com
  • swaggereliteimagemasters.com
  • swowcoing.com
  • syenssoare.com
  • taziaapus.com
  • tennisdojo.com
  • thelaptopguy.com
  • thelaptopspecialist.com
  • themoneymakingsite.com
  • timbegaley.com
  • tobagosunsetpalm.com
  • torontocitychat.com
  • totaljoe.com
  • totymata.com
  • tupipishu.com
  • unbudculp.com
  • unixjank.com
  • vorsthyms.com
  • wendchime.com
  • wepaidforyourgas.com
  • werkitin.net
  • whartchob.com
  • wheellost.com
  • whitelabelaffiliateprogram.com
  • wholesaleflooringnow.com
  • williquis.com
  • woodworkplansus.com
  • wrastckws.com
  • yah3.com
  • zapuskelia.com
  • zromedia.com

Do not ever click anything on the spam email.

Posted on

It’s time of the year again when tons of spam blogs appear.

Holiday Season is approaching fast and there are tons of spam blogs popping up on WordPress.com. If you are using WordPress.com Reader, you might have seen them clogging up your feed. Obviously these spam blogs are “make money quick scheme” by posting affiliate links on their posts. The contents are usually copied and pasted form site such as Amazon.com. Apparently the spammers have found a way to open WordPress.com accounts and blogs in an automated way.

Examples of the spam blogs URL’s:

  • applemacbookproitzm.wordpress.com
  • appleiphone4s32odop.wordpress.com
  • appleiphone3gs1mxjr.wordpress.com
  • appleiphone564gcaqu.wordpress.com
  • appleiphone4s32zvbx.wordpress.com
  • applemacbookprosgrk.wordpress.com
  • appleiphone48gbxola.wordpress.com
  • applemacbookmb4zhlm.wordpress.com
  • appleiphone48gbnqkj.wordpress.com
  • appleiphone416gtswx.wordpress.com
  • applemacbookmc5rbvr.wordpress.com
  • appleiphone4s64jysy.wordpress.com
  • appleiphone4s32qfcy.wordpress.com
  • apple64gbiphoneubwv.wordpress.com
  • appletvmb189llazvqf.wordpress.com
  • appleipodclassiqlum.wordpress.com
  • appleipodnano16vpaf.wordpress.com
  • appleiphone48gbgrij.wordpress.com
  • verizonappleiphggsn.wordpress.com
  • applemacpromd77sijx.wordpress.com
  • appleipodnano16azpv.wordpress.com
  • appleipad2withwvqpm.wordpress.com
  • mushkinenhancedrlnn.wordpress.com
  • applemacbookairfrhb.wordpress.com
  • applemacbookmb4hugo.wordpress.com
  • appleiphone3gs1nsvh.wordpress.com
  • appleipodtouch6onev.wordpress.com
  • appleiphone44sdxtmj.wordpress.com
  • appleiphone48gbvodl.wordpress.com
  • appleiphone516gpwpp.wordpress.com
  • appleiphone3g8glzwo.wordpress.com
  • appleiphone516gfnnu.wordpress.com
  • appleiphone4bladgqo.wordpress.com
  • appleipad2mc987pvnh.wordpress.com
  • appleipad2mc773pqci.wordpress.com
  • appleipodnano16sowm.wordpress.com
  • appleipad2mc764tadk.wordpress.com
  • appleipadmd363ldhox.wordpress.com
  • appleiphone48gbpmyz.wordpress.com
  • appleipad34g32ghcbe.wordpress.com
  • zaggzaggfoliofoqspv.wordpress.com
  • appleipadmd364lruqx.wordpress.com
  • applemacbookproxzvr.wordpress.com
  • appleipodclassibilh.wordpress.com
  • appleipad2mc755dgfb.wordpress.com
  • applenewipad4g3rdqt.wordpress.com
  • appleipadfirstggxtr.wordpress.com
  • appleipad2mc982pwhg.wordpress.com
  • appleiphone532gbgtf.wordpress.com

Notice the pattern of the account name:

  • A brand name, such as “apple”, “zagg”, “mushkin” and “verizon”
  • Followed with product name, such as “ipad”, “iphone”, “ipod”, “macbookpro”, “zaggfolio”, etc.
  • Followed with random string of Alpha-numeric characters

Creating account on WordPress.com requires a person to provide:

  • Valid E-mail address
  • Username
  • Password

In addition to that, WordPress.com requires user to activate the blog through E-mail verification. (Does WordPress.com use something like CAPTCHA?)

Apparently the spammers have found a way to mass-create accounts and blogs on WordPress.com, once again.

During Beijing Olympics in 2008, significant numbers of blogs on WordPress.com were created with the sole purpose of spreading malware. The malware hid behind fake links purported to be videos of Beijing Olympics opening ceremony. It was a problem then, and it would still be a problem now. The example blog addresses provided above primarily used to promote the spammers’ Amazon affiliate links; definitely are violating WordPress.com Terms of Service (TOS).

WordPress.com team members are very responsive to the TOS violations. They immediately suspend the offending accounts as soon as they received the reports from users. It sure takes some times for users to report these spam blogs; it’s worth it. Consider WordPress.com the neighborhood we are living in or doing business in. We want to keep them safe and clean.