tag:blogger.com,1999:blog-8752534344611958195.post2258709978593659110..comments2023-12-19T06:08:36.860-05:00Comments on I Kill Spammers: On The Trail Of SanCash And [so-called] "Infinity Secure"IKillSpammerzhttp://www.blogger.com/profile/10533465060035519146noreply@blogger.comBlogger44125tag:blogger.com,1999:blog-8752534344611958195.post-25139996447234303842008-09-21T11:43:00.000-05:002008-09-21T11:43:00.000-05:00You have to remember: a mailer is basically a low-...You have to remember: a mailer is basically a low-life opportunist.<BR/><BR/>If you read my <A HREF="http://ikillspammers.blogspot.com/2008/04/real-profit-centers-of-spam-sponsors.html" REL="nofollow">previous posting</A> on the topic, you'll see that the individual sending the message (the spammer or "mailer") is really just a single person, who will send that message on behalf of anyone or any organization. They are not a dedicated resource to one specific type of product or service. They want to profit by doing as little actual work as possible. So, yes, they will spam anything from stocks, to illegal onling pharmacies, to bogus "herbal remedies", to bogus Nigerian scams, to phishing scams, to porn. They don't care. Their entire formula for a day's work is: Hit "send", and wait for money to arrive. It's a retarded way to earn a living and the days of this formula continuing to work are most definitely numbered, especially in light of so many recent arrests.<BR/><BR/>Also: don't tie individual website IP addresses to any individual spammer. Sponsors are the ones who set those up, not the mailer.<BR/><BR/>If you report these websites as providing a bogus or (in this case) illegal enterprise, you might be surprised at how quickly they can be shut down. We have all seen huge strides in this type of response thanks to public outcry over the providers of hosting and domain registration to online criminals.<BR/><BR/>Thanks for commenting.<BR/><BR/>SiL / IKS / concerned citizenIKillSpammerzhttps://www.blogger.com/profile/10533465060035519146noreply@blogger.comtag:blogger.com,1999:blog-8752534344611958195.post-63823130344534673062008-09-20T12:46:00.000-05:002008-09-20T12:46:00.000-05:00Today I got a 'work from home' spam with phone dro...Today I got a 'work from home' spam with phone dropbox at: +1-800-258-6070. The spam contains also an 'unsubscribe' redirector: http://url.nux.net/9cf807<BR/><BR/>This redirects to: http://z.deckhype.com/r.php, which is 122.198.62.4 (SBL67690), a well known Yambo/Herbal King server. So the same criminals also spam for those 'work from home scams'.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8752534344611958195.post-43156253798105858192008-09-06T00:19:00.000-05:002008-09-06T00:19:00.000-05:00Thanks. Very ethical thing you are doing to uncove...Thanks. Very ethical thing you are doing to uncover this criminal activity. Very well done.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8752534344611958195.post-89825130730745273752008-06-14T11:41:00.000-05:002008-06-14T11:41:00.000-05:00I guess I add something to this older thread.Prest...I guess I add something to this older thread.<BR/><BR/><B>Prestige Replicas</B><BR/><BR/>I don't get these anymore. I guess my permanent test-ordering black listed me. But it's still there as I can see googling for it, and dropping "new" URLs to the Prestige Replicator still works.<BR/><BR/>Instead I get from the same spammer "Gucci" spam. You not have by chance a form flooder script for him? He sends so much spam I don't want to let him wait to order there.<BR/><BR/><B>Tor Proxy and JonDo</B><BR/><BR/>The King Replica spammer and Penis Enlargement spammer (same scumbag) seems to be able to detect Tor Proxy nodes via the "Infinity Secure" pages. You can go to the order form and fill it out, but then the server throws an error. If you use a non Tor server it works then. But then only for three times, as he blocks your IP after the third order.<BR/><BR/>Do you know a way to make Tor undetectable? This spammer shouldn't also wait too long for more orders from me.<BR/><BR/>If not, it seems the JonDo (formally JAP) cannot be detected by this spammer. But I cannot get it to work to randomize the IP more often. Do you know by chance how to get JonDo to change the IP more often? Let's say all 3 minutes would be fine.<BR/><BR/>Or any other way to get a different, non detectable (so the spammer can't tell I come from an anonymizer), IP within few minutes sequences?<BR/><BR/>PS: are you interested in emailing with me? I hate Blogs and it consumes time to discuss issues here.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8752534344611958195.post-89998369886436884752008-05-24T14:36:00.000-05:002008-05-24T14:36:00.000-05:00> I got a shoe spam a few hours ago and my> invest...<I>> I got a shoe spam a few hours ago and my<BR/>> investigations led me here.</I><BR/><BR/>Success! :) As of this writing, this blog is now the #3 result for the term "Infinity Secure".<BR/><BR/><I>> The advertised domain<BR/>> was "www.goamsleks.com" (registered to a Beijing<BR/>> address), and the purported sender was Taiwese<BR/>> (didn't record it, unfortunately).</I><BR/><BR/>Since literally every word of that information is guaranteed to be a complete lie, that is no great loss.<BR/><BR/>Also: you meant "Taiwanese" :) [picky picky]<BR/><BR/><I>> On the order<BR/>> form, the contact address was<BR/>> "luxuryshoestore.com", which has the same<BR/>> registrant as the nonsense domain above. Infinity<BR/>> Secure and 17 Bank St also show up, so the people<BR/>> you are discussing are evidently the ones behind<BR/>> it.</I><BR/><BR/>That is correct. This is a property known as "Exquisite Footwear And Bags", a subset (rather obviously) of SanCash's Presite Replica / King Replica sites we've all been spammed by for at least three years now.<BR/><BR/>This is a rather new offering from SanCash, and it appears to be one that was specifically requested by mailers, since other spam sponsor groups (notably Spamit, bulker.biz and affconnect) have been offering "replica footwear" as a spam channel for about a year or so now. SanCash is late in the game with this property, it would appear.<BR/><BR/><I>> It would be interesting to know if shoes actually<BR/>> turn up when ordered.</I><BR/><BR/>Anecdotally at least: they do. But as you could imagine: the "quality" of these items is far from anything you would consider buying at a PayLess shoe store anywhere. They're made using underground labor, for pennies a pair, and sold at (guessing from the website's prices) an average price of $160-$180. It's likely that at least 75-80% of that profit goes into the pockets of SanCash.<BR/><BR/>You'll notice that Infinity Secure" branding again appears on their order form. No security is used, and they continue to lie to all of us that they use "Verified by Visa", and are "Secured by GeoTrust" and "ScanAlert Hacker Safe." Not one word of that site is true. None of those organizations support these rather obviously illegal sites, they use no security of any sort, and your identity is most definitely at risk of being stolen and abused by these individuals.<BR/><BR/>Stay far away from Exquisite Footwear and Bags, or any other SanCash property. You're putting you life and your identity at risk by doing so.<BR/><BR/>SiL / IKS / concerned citizenIKillSpammerzhttps://www.blogger.com/profile/10533465060035519146noreply@blogger.comtag:blogger.com,1999:blog-8752534344611958195.post-75263187143979044082008-05-24T05:48:00.000-05:002008-05-24T05:48:00.000-05:00I got a shoe spam a few hours ago and my investiga...I got a shoe spam a few hours ago and my investigations led me here. The advertised domain was "www.goamsleks.com" (registered to a Beijing address), and the purported sender was Taiwese (didn't record it, unfortunately). On the order form, the contact address was "luxuryshoestore.com", which has the same registrant as the nonsense domain above. Infinity Secure and 17 Bank St also show up, so the people you are discussing are evidently the ones behind it. <BR/><BR/>It would be interesting to know if shoes actually turn up when ordered.Mitchellhttps://www.blogger.com/profile/10768655514143252049noreply@blogger.comtag:blogger.com,1999:blog-8752534344611958195.post-27556272206127382252008-05-19T16:36:00.000-05:002008-05-19T16:36:00.000-05:00> We have customers (big ticket $15k) calling us> ...<I>> We have customers (big ticket $15k) calling us<BR/>> saying things like "We are very upset that you<BR/>> have not contacted us - we are taking our business<BR/>> elsewhere". I have documented proof of this (voice<BR/>> messages, liveperson chat logs, etc.). We are in<BR/>> fact replying to our sales address, but our<BR/>> potential customers are not receiving our emails!<BR/>> AND, we are not listed on any blacklist that I can<BR/>> find!</I><BR/><BR/>And so here we have <I>exactly</I> the kind of abuse that long-term, non-compliant, illegal spammers are capable of. Every time you hear anyone say "Just delete it", think of this specific scenario. How, precisely, should this individual "just delete" these messages? How can anyone say that this isn't costing someone some genuine money? How can a spammer claim that they haven't caused any abuse?<BR/><BR/>Further: spammers like these have essentially acted like the AIDS virus infecting a human host. They've rendered their chief method of communicating their "marketing" message absolutely useless. Their relentless pursuit of deliverability at all costs, especially to recipients who clearly have absolutely no wish to receive their messages, has caused any legitimate messaging to be swallowed up in the process. They have thrown the baby out with the bathwater, and when they see a drop in sales, they merely send more messages. It's the most retarded "strategy" I've ever seen. (And I'm not alone. Most people in marketing companies I hear from are baffled that spammers like these would willingly accept such a pitiful conversion ratio in their email campaigns. But that's a separate conversation.)<BR/><BR/>I see many "anonymous" postings from individuals who are clearly behind these spam runs. They always make the same claims: I am just jealous of their immense wealth. I must have all kinds of free time on my hands. There are bigger issues to fight in the world. I call bullshit on all of these.<BR/><BR/>If you're mailing on behalf of SanCash, promoting VPXL, let me be extremely explicit as to what that actually means in the eyes of the online world: you are scum, you are a criminal, you are responsible for endangering the health of the general public, and you are causing monetary losses. You are assholes, and your days promoting bullshit products like VPXL are most definitely numbered. Maybe it'll be me who causes you the most grief, maybe law enforcement, maybe a fellow mailer, or maybe one of the numerous coward operators of SanCash (among numerous spam-friendly sponsors, Spamit being the obvious #2 in that list.)<BR/><BR/>Spamming is far from "just an annoyance." Telling us all to "just delete" is a bullshit, diversionary statement and is usually the only form of solution respone I ever see from any of these scumbags. How about this, you complete idiots: clean your goddamn lists! You are the problem, not our complaints. You know this. Your failure to learn from this will ultimately be your demise.<BR/><BR/>I'll say it again: Mailers and sponsors of SanCash and VPXL: your days in this "industry" are numbered. Mark my words.<BR/><BR/>SiL / IKS / concerned citizenIKillSpammerzhttps://www.blogger.com/profile/10533465060035519146noreply@blogger.comtag:blogger.com,1999:blog-8752534344611958195.post-65469987942015206872008-05-19T14:10:00.000-05:002008-05-19T14:10:00.000-05:00Based on calculations today, they are causing loss...Based on calculations today, they are causing losses of about $2,300 or so daily. That is what we put in the Phoenix, AZ FBI report made today. They said they might open a case, might not. They will let us know. The problem is that they used our sales@.....com as the reply-to address. We are getting postmaster undeliverable replies, but that's not the problem. We can easily remove those from our inbox (although sometimes we get enough of those that actually crash the server, thousands per hour). The REAL problem is that our sales emails are NOT BEING DELIVERED! We have customers (big ticket $15k) calling us saying things like "We are very upset that you have not contacted us - we are taking our business elsewhere". I have documented proof of this (voice messages, liveperson chat logs, etc.). We are in fact replying to our sales address, but our potential customers are not receiving our emails! AND, we are not listed on any blacklist that I can find!Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8752534344611958195.post-53362638836327132902008-05-16T14:20:00.000-05:002008-05-16T14:20:00.000-05:00> PLEASE HELP, this bastard has taken my small> co...<I>> PLEASE HELP, this bastard has taken my small<BR/>> company's sales email address and used it as the<BR/>> reply-to address. We are losing about $5,000 a day<BR/>> in sales due to this, because our server CANNOT<BR/>> KEEP UP.. there are TENS OF THOUSANDS of bounced<BR/>> messages. PLEASE HELP.. is there an FBI number we<BR/>> can reach?</I><BR/><BR/>Not a number, no, but there is the renowned<BR/>Internet Crime Complaint Center (aka: the IC3):<BR/><BR/><A HREF="http://www.ic3.gov/complaint/" REL="nofollow">http://www.ic3.gov/complaint/</A><BR/><BR/>It sounds a bit far-fetched that it's *actually* causing losses of $5k or more when all you have to do is turn off catch-all mailings on your email server. (Don't allow bounces from nonexistant addresses, for example.) I'm not your sysadmin, but if I were, that's among the first things I would be fixing if your business is that tightly tied to email functionality.<BR/><BR/>There isn't much you can really do otherwise. But if the spam messages are for VPXL, at least you know that SanCash is the responsible company. How helpful that is to you is another question, given that they are now a completely underground group.<BR/><BR/>SiL / IKS / concerned citizenIKillSpammerzhttps://www.blogger.com/profile/10533465060035519146noreply@blogger.comtag:blogger.com,1999:blog-8752534344611958195.post-49198800801446023192008-05-15T23:00:00.000-05:002008-05-15T23:00:00.000-05:00PLEASE HELP, this bastard has taken my small compa...PLEASE HELP, this bastard has taken my small company's sales email address and used it as the reply-to address. We are losing about $5,000 a day in sales due to this, because our server CANNOT KEEP UP.. there are TENS OF THOUSANDS of bounced messages. PLEASE HELP.. is there an FBI number we can reach?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8752534344611958195.post-13104143688764503722008-05-02T13:02:00.000-05:002008-05-02T13:02:00.000-05:00> Do they actually send any products to people who...<I>> Do they actually send any products to people who<BR/>> really ordered something? I do not know anybody<BR/>> who purchased anything from these people...</I><BR/><BR/>Yes, they do actually ship you something. But it's a set of pills, often with no protective packaging of any sort, and which contain (based on analysis performed during the recent <A HREF="http://news.bbc.co.uk/2/hi/uk_news/magazine/7140449.stm" REL="nofollow">BBC story</A> about it) absolutely no active ingredients. They're fake. They do nothing.<BR/><BR/>Part of the reason you "don't know" anybody who's wasted their money on these pills is because if you did, there's a high probability that they feel stupid for ever having spent their hard-earned money on them. How many people do you know who boast about their need for any medication to fix an erectile dysfunction?<BR/><BR/>SiLIKillSpammerzhttps://www.blogger.com/profile/10533465060035519146noreply@blogger.comtag:blogger.com,1999:blog-8752534344611958195.post-22895077621418572752008-05-02T10:32:00.000-05:002008-05-02T10:32:00.000-05:00I like the idea to feed the with false credit card...I like the idea to feed the with false credit card details :). It drives'em mad I guess. Much more work for them. Do they actually send any products to people who really ordered something? I do not know anybody who purchased anything from these people...Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8752534344611958195.post-42493669357687418382008-04-30T07:54:00.000-05:002008-04-30T07:54:00.000-05:00> In my opinions they are phishers. I came across>...<I>> In my opinions they are phishers. I came across<BR/>> your blog searching for some info on infinity<BR/>> secure. Also check maxgainplus.com . Just go thru<BR/>> order form to a place where you pass credit card<BR/>> details. No https, no anything :)...</I><BR/><BR/>They may well be. However I can assure you, based on firm evidence, they do actually attempt to process the credit cards using a third-party process. That's why I continue to feed them fake orders. It has to affect their merchant account at some point (and eats up precious time after a short-term spam run.)<BR/><BR/>That third-party server <I>also</I> is not secure (no https, just a plan, raw, regular url passing all your personal data.)<BR/><BR/>Which reminds me: isn't that also a good idea to tell all your friends never to purchase anything from a spammed url?<BR/><BR/>SiL / IKS / concerned citizenIKillSpammerzhttps://www.blogger.com/profile/10533465060035519146noreply@blogger.comtag:blogger.com,1999:blog-8752534344611958195.post-75787058123785366392008-04-29T16:06:00.000-05:002008-04-29T16:06:00.000-05:00In my opinions they are phishers. I came across yo...In my opinions they are phishers. I came across your blog searching for some info on infinity secure. Also check maxgainplus.com . Just go thru order form to a place where you pass credit card details. No https, no anything :)... I am tracking fraudsters on the net :).Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8752534344611958195.post-49327211212037168952008-04-22T15:20:00.000-05:002008-04-22T15:20:00.000-05:00Thanks, I'll give it a try.Thanks, I'll give it a try.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8752534344611958195.post-22633554680566554132008-04-19T10:19:00.000-05:002008-04-19T10:19:00.000-05:00> SiL, you probably know. But a verification showe...<I>> SiL, you probably know. But a verification showed that the VPXL<BR/>> and King-Replica spammer are the same (Yambo I guess), both<BR/>> use "Infinity-Secure".</I><BR/><BR/>I actually mentioned that in the very post you were commenting on. :) [Scroll up to the rather prominent bulleted list of properties known to belong to SanCash, and which feature "Infinity Secure" branding on their checkout pages.)<BR/><BR/>Also: Give up the labeling of "Yambo." It is there to confuse you. Instead focus on SanCash, or if you want a more publicly visible label: GenBucks. Yambo is nebulous at best, and in my opinion will never actually identify the responsible parties.<BR/><BR/><I>> So it might be possible, if not existing already, to also<BR/>> write a flooder which floods the King-Reolica spammer. :-)</I><BR/><BR/>Already done, months and months ago. I notice that their order / checkout page never seems to load. Your mileage may vary, of course.<BR/><BR/>You can download a recent version <A HREF="http://momupload.com/files/90260/20080419_KingReplicator.zip.html" REL="nofollow">Here</A>. Please note that they often change their inventory up, and that the King Replicator can only be used againt King Replica websites, not Prestige, Exquisite or Diamond Replica sites. (I have a custom one for Prestige which has been rather effective lately.)<BR/><BR/>Enjoy!<BR/><BR/>SiL / IKS / concerned citizenIKillSpammerzhttps://www.blogger.com/profile/10533465060035519146noreply@blogger.comtag:blogger.com,1999:blog-8752534344611958195.post-63806712990282348862008-04-18T16:38:00.000-05:002008-04-18T16:38:00.000-05:00SiL, you probably know. But a verification showed ...SiL, you probably know. But a verification showed that the VPXL and King-Replica spammer are the same (Yambo I guess), both use "Infinity-Secure".<BR/><BR/>So it might be possible, if not existing already, to also write a flooder which floods the King-Reolica spammer. :-)<BR/><BR/>Have a nice weekend.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8752534344611958195.post-66709503130834818532008-04-17T10:09:00.000-05:002008-04-17T10:09:00.000-05:00> That's something new to me, shutting down DNS?>>...<I>> That's something new to me, shutting down DNS?<BR/>><BR/>> > You should check out complainterator.com for that. :)<BR/>><BR/>> Thanks, I read over it at the moment and try to understand what it does.</I><BR/><BR/>Yes. When you can't stop them from spamming you, you instead look into who registered their domain names. Let's take a spankin' new example for VPXL: ogepoge.com<BR/><BR/>It is of course the same crappy website we've all grown to recognize. Express Herbal / VPXL.<BR/><BR/>Let's look at who is alleged to have registered this domain:<BR/><BR/><I>%whois ogepoge.com<BR/>Domain Name: OGEPOGE.COM<BR/>Registrar: XIN NET TECHNOLOGY CORPORATION<BR/>Whois Server: whois.paycenter.com.cn<BR/>Referral URL: http://www.xinnet.com<BR/>Name Server: NS1.FREIGAE.COM<BR/>Name Server: NS2.FREIGAE.COM<BR/>Status: ok<BR/>Updated Date: 17-apr-2008<BR/>Creation Date: 17-apr-2008<BR/>Expiration Date: 17-apr-2009</I><BR/><BR/>Well imagine that: no contact info. And registered via that old standby, XIN NET (alternately known as "paycenter" by members of law enforcement.)<BR/><BR/>But let's look at the name server:<BR/><BR/><I>%whois freigae.com<BR/>Domain Name: FREIGAE.COM<BR/>Registrar: XIN NET TECHNOLOGY CORPORATION<BR/>Whois Server: whois.paycenter.com.cn<BR/>Referral URL: http://www.xinnet.com<BR/>Name Server: NS1.STRAWBERRYDNS.COM<BR/>Name Server: NS2.STRAWBERRYDNS.COM<BR/>Status: clientHold<BR/>Updated Date: 13-apr-2008<BR/>Creation Date: 31-mar-2008<BR/>Expiration Date: 31-mar-2009</I><BR/><BR/>Again: no surprise. XIN NET / paycenter are now responsible for some 75-80% of all registered spamvertised domains.<BR/><BR/>Contact details:<BR/><BR/><I>Registrant:<BR/>Li Ming<BR/>NO.38,YongFeng street,Tianchange City,Anhui Province<BR/>239355<BR/><BR/>Administrative Contact:<BR/>LiMing<BR/>Li Ming<BR/>NO.38,YongFeng street,Tianchange City,Anhui Province<BR/>Tianchange Anhui 239355<BR/>CN<BR/>tel: 550 2400568<BR/>fax: 550 2400568<BR/>yayun22@163.com</I><BR/><BR/>As we would expect: 100% false. No such phone number. No response from that email address. An incomplete and incorrectly formed postal address.<BR/><BR/>If you enter the original spamvertised domain into the complainterator (after you've spent a few moments configuring it,) it will automatically generate a series of formalized complaint email messages to the appropriate contact person at the domain name registrars responsible for both the web domain and the DNS nameserver domains. You can customize these messages if you want to after they're completed. (It will also include a complaint for "strawberrydns.com", a domain which has remained in operation for months now in support of this illegal operation.) It takes seconds, and (with XIN NET being one of the very few exceptions) has been quite effective at raising awareness at domain registrars around the world. One notable convert: Joker.com (aka:<BR/>COMPUTER SERVICES LANGENBACH GMBH DBA JOKER.COM, a bit of a mouthful) resisted nearly 99% of all complaints until their ICANN compliance was threatened in late 2007. They aren't perfect but they do finally take action.<BR/><BR/>Getting the DNS server's domain name revoked has the effect of disabling several thousands of these sites in one blow.<BR/><BR/>Complainterator is an ingenious creation. (I didn't make it. A very smart and diligent colleague of mine - Red Dwarf - did.)<BR/><BR/>XIN NET's ICANN compliance is currently under protest by folks like me. If we all send enough complaints to them for sites like these, they have to take notice. Currently their shut down rate is at less than 3% of all complaints. (Some 300,000 domain names and counting.) Most of these are registered using laughably fake contact information, and stolen credit cards. XIN NET does (virtually) nothing.<BR/><BR/>Hope that helps.<BR/><BR/>SiL / IKS / concerned citizenIKillSpammerzhttps://www.blogger.com/profile/10533465060035519146noreply@blogger.comtag:blogger.com,1999:blog-8752534344611958195.post-86189995803501014202008-04-17T07:44:00.000-05:002008-04-17T07:44:00.000-05:00Glad to see your blog. These scum are and have use...Glad to see your blog. These scum are and have used my domain names in the past to send their scam bullshit emails out to supposed customers. These has the effect of filling my servers and mail boxes with hundreds of thousands of bounced mail. It also lowers the value of our domain names since if someone does contact us for a legit purpose, any email we send them in reply is trapped by their spam filter. I'd love to drag them down the street at a high rate of speed.<BR/>Scott Neuman - Recordweb.com.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8752534344611958195.post-79685534960047562452008-04-15T08:41:00.000-05:002008-04-15T08:41:00.000-05:00I reply to two issues in one post...andrew said......I reply to two issues in one post...<BR/><BR/>andrew said...<BR/><BR/>> Same as some of your other people. my corporate e-mail address (only used to those I know and trust) has been hijacked by these creeps, so now I'm getting mail-delivery-returns by the hundreds, not to mention that it seems like I'm selling fake gucci. Any advice on this greatly, greatly appreciated.<BR/><BR/>As SiL already said, you have to sit it out. It is like someone writes a letter to someone else but puts your address as sender on the envelop.<BR/><BR/>It came across spammer's database most likely because you or one or more of your receptions has an infected computer, where a bot harvests email addresses found at the computer and forwards them to spammers.<BR/><BR/><BR/><BR/>IKillSpammerz said...<BR/><BR/>>> are you on it to make such a script for some of the pill spammers too?<BR/><BR/>> I have been doing so for at least three years now. :) Pill spammers are extremely well aware of me, and my retaliatory utilities. They constantly tweak and modify their forms as a result of them, so at the moment none of the ones I've written are still current, or they've gone the way of actually validating credit cards in realtime.<BR/><BR/>Then they must have access to customer databases.<BR/><BR/>And I can still use the pseudo-valid numbers I let generate, none is ever rejected by any spammer in pre-auth. Though I get the message ever so often "Bank rejected credit card". And that is good and what should have happen, and why those scripts must hammer spammers. Because (if I'm right) spammers forward the numbers to their high risk merchant, and that should cost them money and may be piss off the merchants.<BR/><BR/>> So the focus becomes (instead) getting their domain name servers shut down.<BR/><BR/>oO<BR/><BR/>That's something new to me, shutting down DNS?<BR/><BR/>> You should check out complainterator.com for that. :)<BR/><BR/>Thanks, I read over it at the moment and try to understand what it does.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8752534344611958195.post-78465633358913215432008-04-14T15:31:00.000-05:002008-04-14T15:31:00.000-05:00> Any advice on this greatly, greatly appreciated....<I>> Any advice on this greatly, greatly appreciated.</I><BR/><BR/>Unfortunately there is very little you can do about that particular situation. Once an email has been sent with your address as the "from" or "reply-to", you really just have to wait it out. If it happens more than a handful of times, you may actually have to create a new address. It's ridiculous, and of course the morons behind this operation seem to think that that option is no big deal. They'd claim that you were "whining about it" and should "just delete the messages." We're dealing with the mentally-challenged here, unfortunately.<BR/><BR/>You may wish to share this information, including any bounced messages containing verified VPXL (or other Sancash) urls, with the New Zealand authorities who are investigating Genbucks and Sancash as we speak. You can contact their anti-spam unit by emailing info [ at ] antispam [dot] govt [dot] nz. You never know. It could prove to be useful ammunition in their investigations.<BR/><BR/>SiLIKillSpammerzhttps://www.blogger.com/profile/10533465060035519146noreply@blogger.comtag:blogger.com,1999:blog-8752534344611958195.post-26868556494162206932008-04-14T14:45:00.000-05:002008-04-14T14:45:00.000-05:00Same as some of your other people. my corporate e...Same as some of your other people. my corporate e-mail address (only used to those I know and trust) has been hijacked by these creeps, so now I'm getting mail-delivery-returns by the hundreds, not to mention that it seems like I'm selling fake gucci. Any advice on this greatly, greatly appreciated.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8752534344611958195.post-42826518394045832082008-04-14T13:35:00.000-05:002008-04-14T13:35:00.000-05:00> are you on it to make such a script for some of ...<I>> are you on it to make such a script for some of the pill spammers too?</I><BR/><BR/>I have been doing so for at least three years now. :) Pill spammers are extremely well aware of me, and my retaliatory utilities. They constantly tweak and modify their forms as a result of them, so at the moment none of the ones I've written are still current, or they've gone the way of actually validating credit cards in realtime. So the focus becomes (instead) getting their domain name servers shut down.<BR/><BR/>You should check out complainterator.com for that. :)<BR/><BR/>SiLIKillSpammerzhttps://www.blogger.com/profile/10533465060035519146noreply@blogger.comtag:blogger.com,1999:blog-8752534344611958195.post-75862262442925515602008-04-14T08:44:00.000-05:002008-04-14T08:44:00.000-05:00>> Don't they block your IP? I have no luck, neith...>> Don't they block your IP? I have no luck, neither my from my fixed IP nor anaon prxies. :-(<BR/>><BR/>> Nope. :) Not so far. Maybe they're confused.<BR/><BR/>Seven_Of_Nine: They will adapt (at some point).<BR/><BR/>But it worked on a second attempt here now. :-)<BR/><BR/>> I'm up to 700 per day lately.<BR/><BR/>As I checked I must have "ordered" for $12.000 this morning. I have a Firefox add-on called "Cookie editor" where I can delete cookies in a running session. Would be cool to somehow (though not allow a script to violate the system integrity by doing this) delete cookies while running.<BR/><BR/>Anyway, since at least for the Replica spammer it works well, are you on it to make such a script for some of the pill spammers too? Otherwise I might spend some time and try to adapt one of your scripts for them.<BR/><BR/>Of course (lazy me ;-) I'd prefer you doing it, also because you know and understand already how your script works while I had to read and understand it first.<BR/><BR/>Hmm, may be, like in the old Commodore 64 days, one could write a "Spammer-flooding-construction -kit" at some point. :-)Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8752534344611958195.post-40244912014654275222008-04-13T14:48:00.000-05:002008-04-13T14:48:00.000-05:00> Don't they block your IP? I have no luck, neithe...<I>> Don't they block your IP? I have no luck, neither my from my fixed IP nor anaon prxies. :-(</I><BR/><BR/>Nope. :) Not so far. Maybe they're confused.<BR/><BR/>I'm up to 700 per day lately.<BR/><BR/>SiLIKillSpammerzhttps://www.blogger.com/profile/10533465060035519146noreply@blogger.com