MSN Scam

Post by **Red Squirrel** » Thu Jan 22, 2009 9:59 pm

Not sure if I'm late on this one or not but found little to no information on google.

Someone sent me a message something like "this is how we party!" with a link of username.party-picturez.com.

DO NOT SIGN IN TO THAT SITE! The domain is owned by china and pointing to a china based DNS server. Without even bothering to investigate further, it's 99.999% probable that this is a scam to get people's MSN accounts.

Just in case anyone gets this, advise the person who sent it and ignore it.

Archived topic from Iceteks, old topic ID:5091, old post ID:39082

onykage · Post by **onykage** » Mon Jan 26, 2009 10:47 am

what I want to know is, how are people sending spam to your email address. My gmail address recieves spam from like 7 or 8 different alias's. Nobody knows what all of my aliases are. Only possible way I can think of is the bot can somehow see my address book. I thought possibly someone had hacked my gmail account, so I changed the password, and it kept happening, so I changed it again to something no computer could possibly ever decode, and it still happened, so I was like WTF?.... Then a few weeks ago I got an email from one of my shadow accounts, so just on a whem I logged into that account, and sure enough it had identical spam. Spam addressed too and from that email address.

Ive gotten on the google boards and there are a few people who have noticed this problem and noted it but most people I guess dont see it or its only effecting one server. I discovered that you can in no way contact google to mention or report anything.

What sucks is you cant mark this type of email as spam cus then when you mail yourself something like I do from time to time, it goes to a spam folder.

Archived topic from Iceteks, old topic ID:5091, old post ID:39085

Pyr-O-Rgasm · Post by **Pyr-O-Rgasm** » Mon Jan 26, 2009 5:09 pm

That's... Pretty slick, actually. However, I doubt it's done on purpose.

Regardless, I always found warning people about scams to be rather pointless, because I've never come across a scam that wasn't insanely obvious. People really need to be more aware of what they are doing on the internet.

Archived topic from Iceteks, old topic ID:5091, old post ID:39088

Post by **Red Squirrel** » Tue Jan 27, 2009 12:40 am

That's true actually.

Natural selection is what I say, too bad scams can't kill people though.

Archived topic from Iceteks, old topic ID:5091, old post ID:39089

Post by **Red Squirrel** » Tue Jan 27, 2009 12:41 am

Onykage wrote: what I want to know is, how are people sending spam to your email address. My gmail address recieves spam from like 7 or 8 different alias's. Nobody knows what all of my aliases are. Only possible way I can think of is the bot can somehow see my address book. I thought possibly someone had hacked my gmail account, so I changed the password, and it kept happening, so I changed it again to something no computer could possibly ever decode, and it still happened, so I was like WTF?.... Then a few weeks ago I got an email from one of my shadow accounts, so just on a whem I logged into that account, and sure enough it had identical spam. Spam addressed too and from that email address.

Ive gotten on the google boards and there are a few people who have noticed this problem and noted it but most people I guess dont see it or its only effecting one server. I discovered that you can in no way contact google to mention or report anything.

What sucks is you cant mark this type of email as spam cus then when you mail yourself something like I do from time to time, it goes to a spam folder.

Yeah it's messed.

I've actually seem mail come from @borg.loc email address. That's my LOCAL server. wtf? I think they actually search for this stuff on forums (ex: me posting a log on a help forum that includes the internal domain info).

Archived topic from Iceteks, old topic ID:5091, old post ID:39090

Pyr-O-Rgasm · Post by **Pyr-O-Rgasm** » Tue Jan 27, 2009 1:27 am

Oh yeah, of course they do. That's why people try to type things out like "my scre en nam e here (at) em ail . com"..... Maybe not that exaggerated, but still... Have to trick the bots.

Archived topic from Iceteks, old topic ID:5091, old post ID:39091

onykage · Post by **onykage** » Fri Jan 30, 2009 11:38 am

well, i dunno, thats highly likely. Tho how do they know to send email to a bounce box that I never use or send email from?

I mean I dont hack anymore. But at one time, I used 4 mailboxes to bounce mail around to make it much much harder to actually track the owner. And this bounce box is a local alias I have, that no one else knows or is even published.

Now, I did do some research on it jsut on a whim and I was shocked at the results.

I used to want to build a company called jaxmod, own the domain, the gmail address, the works. I never did anything with it, including publish the address, so the only 2 ways I can think of that a bot would get that specific address would be to randomly hit the gmail server with names and look for non daemons, or somehow get a full list of all gmail accounts.

now to add to this, I recently started getting email from "MAILER DAEMON". I thought that was kinda funny. If you view the email it looks nothing like a daemon response.

Archived topic from Iceteks, old topic ID:5091, old post ID:39094

onykage · Post by **onykage** » Fri Jan 30, 2009 12:11 pm

here is one of those emails.

Code: Select all

<strong>About this mailing: </strong>

You are receiving this e-mail because you subscribed to MSN Featured Offers. Microsoft respects your privacy. If you do not wish to receive this MSN Featured Offers e-mail, please click the "Unsubscribe" link below. This will not unsubscribe 
you from e-mail communications from third-party advertisers that may appear in MSN Feature Offers. This shall not constitute an offer by MSN. MSN shall not be responsible or liable for the advertisers' content nor any of the goods or service
 advertised. Prices and item availability subject to change without notice.



  ©2009 Microsoft | <a href="http://puhxuyaj.cn" target="_blank">Unsubscribe</a> | <a href="http://puhxuyaj.cn" target="_blank">More Newsletters</a> | <a href="http://puhxuyaj.cn" target="_blank">Privacy</a>


  Microsoft Corporation, One Microsoft Way, Redmond, WA 98052
[code]

here is another ..

[code]
<table cellpadding="0" cellspacing="0" border="0" align="center" width="560" >
    <tr>
    	<td style="font: normal 11px Helvetica, Arial, sans-serif; line-height: 13px; color: #b5b5b5;" align="left">
    	<a href="http://mightpopulate.com/" style="text-decoration: none; color: #00aff0; font-weight: bold;">Tell a friend</a>
      <span style="padding: 0 5px;">Â·</span> 
      <a href="http://traditiontheir.com/" style="text-decoration: none; color: #00aff0; font-weight: bold;">Download latest version</a></td>
    	<td style="font: normal 11px Helvetica, Arial, sans-serif; line-height: 13px; color: #b5b5b5;" align="right">
    	<a href="http://motivationthere.com/" style="text-decoration: none; color: #b5b5b5; font-weight: bold;">See this email as a webpage</a></td>
    </tr>
  	</table>

<p style="font: normal 11px Helvetica, Arial, sans-serif; line-height: 13px; color: #b5b5b5;">
      <a href="" style="text-decoration: none; color: #00aff0; font-weight: bold;">Unsubscribe</a> 
      <span style="padding: 0 5px;">Â·</span> <a href="http://advocacyhigh.com/" style="text-decoration: none; color: #00aff0; font-weight: bold;">
      Lost Password</a> <span style="padding: 0 5px;">Â·</span> 
      <a href="http://sailfill.com/" style="text-decoration: none; color: #00aff0; font-weight: bold;">
      Account Settings</a> <span style="padding: 0 5px;">Â·</span> 
      <a href="http://sailfill.com/" style="text-decoration: none; color: #00aff0; font-weight: bold;">Help</a> 
      <span style="padding: 0 5px;">Â·</span> 
      <a href="http://appearwith.com/" style="text-decoration: none; color: #00aff0; font-weight: bold;">Terms of Service</a> 
      <span style="padding: 0 5px;">Â·</span> <a href="http://mightpopulate.com/" style="text-decoration: none; color: #00aff0; font-weight: bold;">Privacy</a>
      </p>
      <p style="font: normal 11px Helvetica, Arial, sans-serif; line-height: 13px; color: #b5b5b5;"><strong>Â© 2003-2009 SASI Limited</strong>. 
      SASi Communications S.a.r.l., 22/24 Green St, Amsterdam L7277.</p>

      <p style="font: normal 11px Helvetica, Arial, sans-serif; line-height: 13px; color: #b5b5b5;">
      SASi, SASiIn, SASiOut, SASicasts, SASi Certified, SASiMe!, SASi Pro, SASiFind, SASi Prime, 
      SASi To Go, associated logos and the Â‘SÂ’-symbol are trademarks of SASi Limited.</p>

[code]

Im not quite finished with it but im working on a script that reads emails, compares any found domain address to a db of blisted sites noted for spam.  Email containing these domains are deleted.  It works via bounce, so you can make it work with your current private/public email box.

Im hopeful to get this finished and working in the next week orso. 

[color=#888888][size=85]Archived topic from Iceteks,  old topic ID:5091, old post ID:39095[/size][/color]