This domain, among several others (camsecret.com, camsecretcrush.com, camsecretcrush2.com, yourprivateshow.com, many, many more), is being spammed via MSN Messenger and Yahoo Instant Messenger in much the same way that the renowned "SlickCams" webcam dating sites were spammed since 2007. (SlickCams is part of a very large number of companies and properties owned and operated by Flying Croc, who have a history that dates back several years of malicious adult-content spamming of one sort or another, but predominantly via MSN Messenger.)
It turns out that FlyingCroc.net has never stopped this practice, and appears to now control a large variety of similar adult webcam dating sites and affiliate programs, with no intention of stopping the ongoing practice of spamming total strangers (and probably minors) with automated MSN chat sessions promoting webcam porn dating sites. The most prominent of their spammed properties since 2008 has been StreaMate.com. I'll outline that setup here, but there are others.
At first it was assumed that this particular spammer was engaging in this malicious activity on behalf of only one webcam affiliate program. It turns out: he / they are doing this on behalf of at least two distinct affiliate programs, but probably more.
Here's how the StreaMate scam works:
- An unsuspecting user of either Yahoo Messenger or MSN Messenger receives notice that an unknown user has added them to their list of Messenger friends / "Buddies"
- They accept the invite
- They initiate a messenger session with the anonymous "person"
- The anonymous person goes through a predictable script
- The messenger chat always mentions a specific link that the victim should click on to see this "person" on their webcam
- The link is always to one of the above-mentioned domains
Here's a sample:
<[redacted] 4:19:15pm> hello
<princesstera200 4:19:38pm> hey :-)
<[redacted] 4:22:11pm> someone told me to IM you
<princesstera200 4:22:18pm> im good how are you?
<[redacted] 4:22:30pm> oh it's a bot
<princesstera200 4:22:40pm> looks like you got my message? whats up with you?
<[redacted] 4:22:50pm> you're a bot yo
...
<princesstera200 4:26:12pm> do you think i should wear a thong?
<[redacted] 4:26:17pm> no
<princesstera200 4:26:30pm> lol great choice well i want to give you a free courtesy pass to view me on my cam?
<[redacted] 4:26:40pm> chii would never wear a thong
<princesstera200 4:26:54pm> i want to give it to you k babe?
<[redacted] 4:27:06pm> k fine
<princesstera200 4:27:18pm> Ok go to http://www.camsecretcrush.com/kiss***** and create a free profile
<[redacted] 4:27:32pm> k thx
<[redacted] 4:27:44pm> bot
Very obviously an automated chat session.
So here's where we end up if we follow that link [click to enlarge]:
Visiting the site we see a page that presents a few things which appear to be real, but actually are not.
The first is a countdown, indicating that this invitation from our MSN bot has a time limit, and therefore some urgency is implied with your immediate registration.
The second is that there is what appears to be a live chat window, which it turns out is a pre-recorded 1 minute video of a girl pretending to engage in conversation with the victim.
If you attempt to type into the fake chat field, the page refreshed with a totally different video of a totally different girl.
Note the inclusion of the blinking words "Live Now" on the top right corner of the video window. Also utterly fake.
It turns out that video is provided in an iframe by the camsecretcrush.com website itself:
http://www.camsecret.com/exports/golive/iframe/?chat=0&input=0&AFNO=1-0-1&
But that iframe is in fact pulling all of its content from a site called camsecret.com
http://www.camsecret.com/exports/golive/iframe/?AFNO=1-0-1&chat=0&input=0&rlc=1&timer=5
Each of these pass the affiliate id of "1-0-1". This is probably irrelevant since the only time I or anyone else have seen these is via spammers, so one could assume that every single affiliate of this program is probably a spammer via MSN, and that this company fully condones MSN or Yahoo Messenger spamming. (Some have also complained that this is also occurring on Skype.)
If you load that camsecret.com iframe url on its own you see a completely random choice of fake videos depicting several women. It lies to you and says it's "Live Now", but in reality these are all pre-made videos which stream to it in real-time from the domain naiadsystems.com:
http://www.naiadsystems.com/flash/generic/20110112/avchatpure.swf
naiadsystems.com uses flyingcroc name servers:
Domain Name: NAIADSYSTEMS.COM Registrar: TLDS, LLC DBA SRSPLUS Whois Server: whois.srsplus.com Referral URL: http://www.srsplus.com Name Server: NS1.FLYINGCROC.NET Name Server: NS2.FLYINGCROC.NET Status: clientTransferProhibited Updated Date: 02-apr-2007 Creation Date: 27-apr-2005 Expiration Date: 27-apr-2012
Surprise surprise. Welcome back, former SlickCam.com spammers.
Its contact information in the WHOIS points to StreaMates, allegedly in Cyprus:
Registrant: Streamates Limited Streamates Limited (hostmaster@streamates.com) Streamates Limited 196 Arch Makarios Avenue, Ariel Corner 1st Floor, Office 102, PO Box 57528 3316 Limassol, 3316 CY 00357-25820280
StreaMate has had affiliates spamming via MSN on their behalf for something like two full years as of this writing.
The chat itself (if it occurs) is also completely fake. We can see this by looking at the JavaScript within the page of these throwaway sites this spammer has registered. They make no attempt to hide the fact that this whole setup is fake.
<script type="text/javascript">
var spoof_cam = '';
var start_minutes = 5;
var start_seconds = 30;
var current_minutes = start_minutes;
var current_seconds = start_seconds;
var splashpage_name = 'Sam';
var random_message_start = 3;
var random_message_end = 6;
var random_message_interval = (random_message_start + Math.floor(Math.random() * (random_message_end - random_message_start))) * 1000;
var random_message_text = 'hurry im waiting for u..';
var ad_categories = '';
</script>
var spoof_cam = '';
var start_minutes = 5;
var start_seconds = 30;
var current_minutes = start_minutes;
var current_seconds = start_seconds;
var splashpage_name = 'Sam';
var random_message_start = 3;
var random_message_end = 6;
var random_message_interval = (random_message_start + Math.floor(Math.random() * (random_message_end - random_message_start))) * 1000;
var random_message_text = 'hurry im waiting for u..';
var ad_categories = '';
</script>
"spoof_cam". "random_message_text". This is so clearly a scam. Not a single real event is taking place here. The spammers know this.
When the 1 minute video is completed, a link appears in the flash video window only, an attempt to further obscure where this spammer wants you to click.
In the example I'm presenting here, the link goes to:
http://www.camsecret.com/signup/?smid=5844090&AFNO=1-0-1
[Notice: no secure "https://", just plain "http://"]
CamSecret is also operated by FlyingCroc:
Registrant: FCI, Inc. FCI, Inc. (hostmaster@flyingcroc.net) FCI, Inc. 2019 3rd Ave Ste 200 Seattle, WA 98121 US 206.374.0374
Note that at the top of that page, it claims that you can "Sign-up safely at Camsecret"
This is of course also a lie. None of these domains offer any SSL or other security. CamSecret.com makes this statement boldly on a page which is very obviously not secure.
Just to be 100% sure: attempting to load:
https://www.camsecret.com/signup/?smid=5844090&AFNO=1-0-1
Results in a "not found" error.
Liars. So far numerous lies from beginning to end and we haven't even joined yet. Exactly how "real" do you these so called "webcam girls" are going to be?
As with all of these spamvertised domains, whois information for one of the numerous spammed domains, webcamcrush.com, was originally protected by Privacy Protection provided by GoDaddy.com. However one intrepid researcher decided to raise this case with the Arizona State Attorney General's office, who apparently managed to convince GoDaddy to identify who had registered this domain. It turns out to be one Yaniv Mindell, from the domain "DefiniteDollars.com":
Registrant: YMIND, Ltd. Amory Building, Victoria Road Basseterre, 3979 Saint Kitts and Nevis Administrative Contact: Mindell, Yaniv yaniv@definitedollars.com YMIND, Ltd. Amory Building, Victoria Road Basseterre, 3979 Saint Kitts and Nevis +1.9544788981
Another shell company. First Cyprus, now Saint Kitts and Nevis.
webcamcrush.com is also suspended as a domain.
mywebcamcrush.com's whois information is still protected via GoDaddy. (Aside: When are registrars going to stop providing this for repeat offenders? This is year #4 of this activity. GoDaddy should know better by now.)
DefiniteDollars.com has all the markings of an underground affiliate program. No FAQ, a terms of service that states that they don't allow spamming, but of course no contact gets any response from this company.
I would like to cast an open invitation to anyone who has been affected by this group's ongoing MSN or Yahoo Messenger spamming, and I'd also like to put out an open invitation to both the Yahoo Messenger and Microsoft Live Messenger Team specifically, since I have been attempting to raise any attention whatsoever with that team since 2007, with absolutely no effect.
I'd also like to openly ask GoDaddy why it is that four years on they still allow this group to register dozens-to-hundreds of domains with their company, an continue to hide their contact information despite numerous abuses of their terms of service.
As with all previous spam activity on behalf of Flying Croc, the risk is very high that minors are being exposed to this content. Whoever harvested these MSN and Yahoo accounts had absolutely no concern for how old the unwitting recipient of these invitations might be. They just send out the invitation to however many thousands of these accounts they can unearth, and begin the automated chat to get them into what is clearly an adults-only website. I would assume that the Arizona State Attorney General's office would be aware of this detail, but if not they certainly should be.
Somebody has to start a class-action suit against the owners and operators of Flying Croc. They've been getting away with this crap for years and people are sick of hearing from them.
SiL / IKS / concerned citizen
23 comments:
I would love to slap these bastards with a lawsuit. Hell they should be sued for allowing retarded people to setup severely limited bots and such obvious fake sites.
Those cam spammers go even further creating add-ons for Firefox or Chrome.
While the guys from Mozilla were quick removing the add-on from the Livejasmin spammer I had a hard time to convince Google (Chrome) to remove it. But they eventually removed it.
Reminds me to check for spam add-ons again right now.
I have been having good luck with making complaints to the Washington State AG, AZ AG, and Florida AG (Consumer Affairs). The key point seem to be to NOT complain about the spamming (as that is considered a federal issue) but to complain about false and deceptive advertising, endangering minors, etc.
The BOTs claim to be young women, but they are not. That is the key point for a false advertising claim.
Hell, a lot of bullshit when it comes down it's the owner of the site and not a random affiliate.
Anonymous: Your comment is not clear. It *is* a large number of affiliates, which indicates that Flying Croc and each of their companies definitely condone this method of "promoting" their sites.
I would not be surprised if the owner(s) of these sites also engage in this activity.
I've been in contact with MoneyTree, the affiliate program for one of Flying Croc's sites - streamate.com - and they have been dodging my questions as to who to report these abuses to, since Money Tree is only one such program. That tells me a lot about their overall stance on this type of spamming. If they cared at all to get it shut down, they would just tell me. I'm in week #7 of asking them and they respond with utterly unhelpful answers. Says something.
SiL
Forget about just the spamming and fraud, how about all that tax money that "uncle sam" is missing out on because of these "shell companies"... potentially millions of USD$
SIL. I am trying to open a dialog with General Manager of DBP. Here is a copy of the email I just sent them.
------
Dear D Preston,
In the past I have found that the Godaddy/DBP abuse depts are not very responsive to complaints regarding SPIM (SPam Instant Messenger) because there is no email header, and because your client(s) use various snowshoe tactics that allow them to use the bogus "rogue affiliate" claim. My research and that of other security people links most of this spam to one Yanniv Mindell (a career spammer), who has been a client of Godaddy and DBP for at least the last four years.
(see http://ikillspammers.blogspot.com/2011/02/flying-croc-promotes-its-webcam-sites.html )
If DBP/Godaddy's abuse dept is willing to be more pro-active in regards to SPIM I will contact them. But if I get the same run around as I have in the past I will have to contact the AZ Attorney General office again. Myself and the other victims of Mr. Mindell's relentless SPIMing would prefer to work directly with Godaddy/DBP as I'm sure that Godaddy/DBP wants to be seen as a good corporate citizen and not a facilitator of organized crime.
Would you be able to liaison with your abuse depts and legal dept to explain to us the best way to present evidence of SPIMMING in order for Godaddy/DBP to be able to act on the evidence in a timely manner?
Well said!
One day -- maybe not soon, but who knows? -- the operators of Flying Croc will pay the price. I look forward to that day. I just wonder what it's going to take for these scumbags to finally take the fall that is most certainly going to come.
SiL
I did a test sign up. The spammer is WNU, AKA Epoch.
Which, btw. might very likely be merchant for the ED Express spammer. at least I have strong evidence for that fact, but won't say in public how I got this evidence.
Hmm. I am actually a cam girl for this company. I had no idea about this spamming stuff you are talking about, I was just told when I signed up that they would take care of all traffic and advertising to my cam. I am sorry that you don't like the way you are being spammed, but I HAVE to say that the site is not COMPLETELY a scam. In fact other than spamming I don't see how it's a scam? When you actually go into the cam sites you DO talk to real girls. I have real conversations with guys all the time it's not automated. There is nothing illegal about it either....if you don't want to come cam then just X out of the bots and spammers. Just throwing in my two cents as a REAL girl who cams through them. I'd rather leave myself as anonymous because I don't know if I can get in trouble for talking about the site lol. But seriously, for the record you are NOT being spammed by any of the actual cam models. We just sit there on cam and guys pop in and out of our chats all the time. Here I will copy and paste from the actual streamate site. "How do I get customers? We provide all of the traffic, advertising and marketing for you. Just make sure your photo and description are set up the way you want them, and members will come to you! Remember to fill out all the details in your profile so that you will show up in searches made by our members."
This comment sounds like it came from an affiliate manager at Flying Croc, which may indicate that they don't like the popularity of this particular posting.
> I am sorry that you don't
> like the way you are being spammed,
I don't like being spammed, period. It really doesn't matter what method is being used. But especially when the entire spam process is based on a series of lies and violates numerous laws, yes I definitely have a big problem with that. So do hundreds of my readers, all of whom have sent me similar complaints about this company going on four years and counting.
> but I HAVE to say that
> the site is not COMPLETELY a scam.
I said that the method of promoting this site (and all other Flying Croc sites) is a scam. The entire process this company uses to get new users into the sites is a series of lies. The invitation to engage in the messenger chat is a lie. The chat itself is an automated, fake chat. The link to get you to sign up features a 100% fake chat video. Tell me what part of this you're not understanding as being a lie or a scam to get new users to subscribe.
> In fact other than
> spamming I don't see how it's a scam? When you actually go
> into the cam sites you DO talk to real girls.
All well and good. And you feel good about the fact that the operators of that site engage in completely scummy practices to trick people into signing up?
> I have real
> conversations with guys all the time it's not automated.
I don't think you read my original posting very carefully. Everything I describe is about how they entice the new subscriber. I said nothing about what happens on the other side of the scummy process.
> There is nothing illegal about it either....if you don't
> want to come cam then just X out of the bots and spammers.
Both of those statements are absolutely not true. Because every day a person will continue to receive new "invitations" from this scumbag operation. There is no way to opt out. So "just X out" is not going to do anything.
Then add to this: they are not targeting anybody based on their age of majority. Several accounts I monitor to track this abuse are actually expressly created to appear as underage users (13 - 17 years of age.) The one that represents a 13 year old has received dozens of these invitations, and no actual human being has interrupted the automated chat session when they've been told that the recipient is underage.
That is a very serious crime. That's exposing minors to adult material. It violates numerous obscenity and child protection laws in various countries. And you're okay with that?
> Just throwing in my two cents as a REAL girl who cams
> through them. I'd rather leave myself as anonymous because I
> don't know if I can get in trouble for talking about the
> site lol.
"lol" indeed. I strongly doubt that you're a real person based on that particular line, but if you are, you are working for complete scumbags. But as I said, I really doubt it.
> But seriously, for the record you are NOT being
> spammed by any of the actual cam models. We just sit there
> on cam and guys pop in and out of our chats all the time.
Describe to me where I said that the models were spamming me.
> Here I will copy and paste from the actual streamate site.
> "How do I get customers? We provide all of the traffic,
> advertising and marketing for you.
Well that tidbit is certainly interesting. They claim to have nothing to do with these automated messenger spam setups. So I guess I can thank you for that.
Stay far away from any of these sites. They're run by people who have no problem promoting pornographic websites to children.
SiL
I have started getting emails between "StreaMate Support" and someone else on my gmail. The support people email me (mark as spam), then *I* write back... This is what it looks like when I open the sent email from my account:
MyGmailAddress via crr5.naiad.sea.flyingcroc.net to smsupport
It appears in my sent items and everything. Have you ever seen this? I keep marking the emails (even the ones "I" send) as spam, but it is freaking me out a little bit.
If you check the email headers, you will likely see a better series of to and from headers that make it clear that - no - you are not sending via flyingcroc servers. Don't worry about it. But you might want to mention it to Gmail.
Flagging your own messages as spam is essentially telling Gmail's servers not to trust your email address. That is also not recommended.
SiL
Hey guys, Well the time is coming soon when they will pay the price. I have almost 1 year of evidence collected also inside sources as well. They will be having giant lawsuits with huge companies i mean HUGE. Thing is they think because they make a mil or 2 a year they are untouchable..lol
Im on top of these guys you can google Y B Media LLC and Flying Croc i posted more posts on how it works, I even have possession of the bots used, With the creators name in file named and hes directly linked to both Y B Media and Flying Croc Inc.
Its about that time and like i said they may not think it, But they are going DOWN. i can have about one million people file complaints within 1 week that were SPAMMED, they just ignored it, But contacting them would be another good source. Any Attorneys interested respond also. But already have many working on it. HOPING THIS WILL BE THE FIRST LAWSUITS AND PROSECUTIONS FOR LARGE Underground SPAM/SPIM Instant Message SPAM RING.
Whoever you are, I'd be interested to see some of your evidence, as I know of several others who would probably like to sue them as well. Comment again with contact information and I won't publish the comment.
Much appreciated, and hopefully some good news.
SiL
A friend of mine got mixed up with one of streamate.com's affiliate studios and she asked me to do some research on the site.
It seems as though between Flying Croc (registered as FCI, INC in Washington) and Accretive Technology Group they operate a large portfolio of these cam sites and claim to have as many as 500+ million visitors per month. Both companies are registered in Washington at the same address with the same contact phone number to the same two people. Ross Perkins is listed at the registered agent for FCI and Shawn Boday is the registered agent for Accretive.
It's hard to find more info on Perkins, but googling Boday's name turns up an old article from Wired about the declining online porn industry, an article from Seattle PI about a legal battle about Avenue Media and Direct Revenue (two adware firms), and an old lawsuit between FCI and Falcon Enterprises also known as Falcon Foto, a porn studio. These guys seem to have been in the porn industry as well as the adware/spam industry for a long time. Even though the Seattle PI article reports that Boday was only a sales consultant to Avenue Media I'm willing to bet his involvement was much greater and Avenue Media is also responsible for much of that spam. Best guesses from what I've read are that Accretive and FCI employ more than 50 people directly and are making around $100 million a year.
I'm not sure if any of that is helpful. I figured I'd share what I found out since your post was helpful to me.
OWL: all of that is *extremely* helpful. I'll pass this along to several people I know to be engaged in an indepth investigation of this scummy company.
SiL
I really need to speak to you regarding this matter but i cannot find a way to contact you.. It's urgent! How can i contact you?? I will check back with your comment.. I just need your help.
Anonymous: why did you post anonymously if you wanted me to contact you? You didn't read the posting message I put before the posting form. Read it. Then try again.
Read, people! :)
SiL
FCI is in talks to sell to a large buyer for $300 million dollars, so that's the last you'll see of the owners.
They're starting a service on DirectTV within a few weeks, so that's where this is all headed.
Apparently, porn ripoff artists get paid. They also like to lecture poorer people about what they are doing with their lives, like typical amoral rich scumbags.
These people are very secretive scum.
manhunt.net is running a banner that takes you to gaycamsexposed.com. In side that page are instructions to sign up to watch "free" gay cams. Confirmation will come from X@livefreefun.com. Guess who livefreefun.com is registered to? Yep, FCI... Flying Croc!
I too was scammed by who I thought was a live camgirl. However I don't think it was a bot due to the detailed description she gave of myself...scary. Ive been getting spam emails and phishing emails from the same girl which is somebody using recorded videos saying they are live. I do have evidence of this and the real girl they're claimibg to b is on another site
As a webmaster, I can say now that they just used to "shave" (steal small amount=skim) off the links we post legally. This is not spamming. They know it is too hard to prove, which is why online embezzlement is big business. I can now tell you that they have a new team that seems to think it is okay to pick certain smaller webmasters and STEAL ALL of their hard earned money. No one seems to care either! So this means, they also are stealing lots off the bigger webmaster/referral accounts. People need to have their friends put in new signups of 10-20 bucks, then screenshot their stats, then do Class Action against these people. Whatever team they have working for them is downright thieves.
Post a Comment