Link Swap Spam

Posted on May 20, 2005

In the past few weeks I’ve started getting emails asking to exchange links with various websites. They don’t seem to be using templates, since each email has been different, but what they do have in common is that they have nothing to do with anything on my own site. They’ve clearly just let some program look for keywords, built a list of sites, and put webmaster@ in front of them. That’s why I consider these spam. If someone were to use the same software to identify relevant sites, then check them out before sending a “please link to me!” message, that would just be communication between webmasters.

The one case where the site looked even remotely related was someone’s collection of links to super-heroines. Well, super-heroines, female wrestlers, adult fanfic and heroine fetish pictures, but at least it was relevant, even if I couldn’t in good conscience link back to it from my comic book site. The one I got yesterday was more typical: a real estate site that wants me to link to them because the word generations appears in both their URL and the title of one page on my Flash site.

Come on, how hard would it be to actually look at the sites you’re soliciting? Do a little research, will ya?

Darth Vader, 419 Scammer

Posted on May 18, 2005

Kelson

I had set this spam sample aside without really looking at it back at the end of March. As I checked the folder this morning, the scammer’s supposed name jumped out at me.

VADER DARTH
CO-OPERATIVE BANK PLC
UNIVERSITY BRANCH, GROVE HOUSE
OXFORD ROAD MANCHESTER UK

I AM WRITING TO LET YOU KNOW HOW I FEEL AND ALSO EXPLAIN THINGS TO YOU THROUGH THIS LETTER AND WILL APPRECIATE IF YOU COULD ADVICE ME ON THIS ISSUE. MY NAME IS VADER DARTH. I WAS BORN IN TENNESSE AND RAISED IN EUROPE AND I NOW WORK WITH THE CO-OPERATIVE BANK IN THE MANCHESTER CITY, UNITED KINGDOM. I HAVE A VERY GOOD FRIEND WHOM I MET IN MY UNIVERSITY YEARS BY NAME FAURE EYADEMA, THE SON OF THE LATE PRESIDENT OF TOGO…

It continues on with the standard Nigerian scam pitch (relocated to Togo) about the relative of the deposed/late leader who needs to transfer a large amount of money through some random person’s account.

Yes, people fall for these scams… but come on, who do they think they’re fooling with an alias like “Vader Darth?”

Perhaps it’s a long-overdue response to the now-infamous 419 Eater successfully baiting a scammer as “D’arth Vader” of Dark Side Industries. More likely someone else didn’t recognize the name when they chose to use it.

I suppose it fits in with the 419 scammer from Tatooine who posted to The Darth Side last month.

Philosophers and Prehensile Breasts

Posted on May 16, 2005

Kelson

Two disparate types of spam, united in that the supposed sender just does not make sense.

First there was a Nigerian scam purporting to be from David Hume.

Then there was the blog comment spam (alas, deleted en masse just as I read the name) apparently left by “Jessica Albas Breasts.” I mentioned this to Katie, who responded, “How do they type?” An excellent question, and one which I imagine can be answered with sufficient exploration of the internet.

Man or Machine?

Posted on May 11, 2005

Kelson

In the old days, we used to accept email sent to any local account. This meant that various system accounts would collect outside mail instead of bouncing it. No one was reading, say, rpm@example.com, or apache@example.com, but the mailboxes were there.

Enter the dictionary attacks. An awful lot of those standard accounts are three-letter names—rpm, gdm, bin, adm, etc. Spammers trying to guess addresses made up of three initials landed on these addresses, confirmed them, and added them to their lists. The system accounts began collecting spam.

Eventually we locked things down so that only “real” accounts would accept mail from outside. But here was this steady stream of 100% spam we could use to help train our filters.

The funny thing: these days, nearly all of it is for sex-related drugs or body part enlargements. Sent to software!

(Incidentally, if you can read this sentence, don’t send mail to ramblo@hyperborea.org.)

Dumb spammers

Posted on May 4, 2005

Kelson

Found a couple of comments this morning that consisted of the usual generic phrases:

Please check some relevant pages dedicated to…

You may find it interesting to check the sites about…

The weird thing: No links. No author name, no author URL, no links in the comment itself. Nothing that would clue in content filters to block it…but then nothing that would accomplish anything, either.

A Lotto’ Overkill

Posted on May 3, 2005

Kelson

6 related subject lines in my inbox today, all sent to my work address.

CONGRATULATIONS YOU HAVE WON
CONGRATILATION YOU ARE A WINNER !!!
CONGRATILATION YOU ARE A WINNER !!!
WINNING NOTIFICATION: Congratulations
CONGRATILATION YOU ARE A WINNER !!!
CONGRATILATION YOU ARE A WINNER !!!

Amazing how one can win six lotteries in the same day without entering even one…

The four with the same subject are all identical, claiming to be some lottery in Madrid, but the “Winning Notification” one is truly strange: it claims to be the New Mexico Lottery, based in Geneva, the drawing held in Melbourne, with the prize money in euros. And at the end it refers to itself as the Colorado Lottery.

MT-Blacklist Author Joe-Jobbed

Posted on April 21, 2005

Kelson

As a WordPress user I haven’t had much first-hand experience with MT-Blacklist (a system for combatting comment spam on Movable Type, though the data has been adapted for use on other toolkits), but it was enough to be suspicious when I found this in my inbox:
Continue reading →

K-Squared Ramblings

Sci-fi, comics, humor, photos…it's all fair game.

Category: Spam

Link Swap Spam

Darth Vader, 419 Scammer

Philosophers and Prehensile Breasts

Man or Machine?

Dumb spammers

A Lotto’ Overkill

MT-Blacklist Author Joe-Jobbed