Saturday, July 26, 2008

Top News in Spam = Old News

First, I wanted to say that I am appalled and saddened by the news that Eddie Davidson, the escaped convict who was serving time for spam has killed his wife and three year old child before committing suicide. Many of these spammers and cyber criminals are sick sociopaths who believe they are beyond the law, but its still sad news whenever innocent lives are taken. My prayers are with the family as they grieve.

For yet another day, the Top News in spam is Old News. The "News Headline" or "Video.exe" spammers continue to dominate our in boxes.

More than 90 compromised webservers have been used in this newest attack, which uses more than 90 new email subjects to trick the public into infecting themselves.

Each website contains the files:

topnews.html
00.html
dnd.js
master.js
master2.css

The file 00.html contains an encoded block of Javascript code, which, when uncoded reveals the hostile code downloader.

First the subjects:

"I Won't Raise Taxes," Says Schwarzenegger, "except For The Indians."
50 Cent sues Taco Bell
Apple nosedives on Jobs' death
Arnold Says im Gay Too!
Arnold Schwarzenegger to make movie
Astronauts Pose With The U.S. Snoopy
B52 bomber crashed in Hawaii
Batman is gay. Watch the proof.
Battle Of The Butts, J Lo V Britney Spears
Beijing Olympics cancelled
Bin Laden driver denies al Qaeda links
Black Panthers Sue White Guys For Stealing Copyrighted Gesture
Blair: Im Not Gay, Thats Just My Accent
Brave Suicide Bomber Survives Blast!
Britney and Justin are together again
Britney Clothed Photo Fury
Bush Accidentally Starts The War On Iran
Bush To Reporters: Fuck The Constitution
Bush 'Troubled' by Gay Marriages. Declares San Francisco Part of 'Axis of Evil'
Buy stocks now to make money
Cambodia declares war on foreigners
Cell phone use increases cancer
Clubs refuse to release players for Olympics
Courtney Love Vows To Wear Clothes
Earthquake in Japan kills millions
Ebay Lists Another Cheese Sandwich
Fat Chinese Man Kills And Eats Brother Because He Was Hungry
Ferguson fears Chelsea
Four Horsemen Of The Apocalypse Unveil New Alert System
French Have More Sex In Surveys Than Any Other Country
Gay Marriage Could Be Profitable
Gay Men Perceive Each Other As Homophobic
How to avoid paying credit cards
How To Break Up With Your Girl, Then Get Some Bootie Time!
Hurricane Dolly damages infrastructure
I Liked The Part When The French Got Their Asses Busted - G.W. Bush
Insider tips to these stocks
IT departments lauded for selling data
Join our weekly poker tournaments
Kidney stealing ring busted
Man gets pole stuck in handcuffs
McCain diagnosed with pancreatic cancer
McCain's health suspect
My Scrotum Is Getting Really Huge These Days
New betting tips for new season
New National Anthem Proposed By Bush
Obama bribes voters
Obama diagnosed with brain tumor
Obama engages rappers in election aid
Obama Is Anorexic Over-Exerciser
Obama withdraws support for Israel
Obama's mistress speaks up
Oil prices fall sharply
Osama caught sodomizing lieutenants
Osama Seen Dining At The Paris Ritz
Osama trains goats for tactical bombing
Pamela and Britney are lesbian lovers
Pamela Anderson To Sell Her Clothes; Announcement Causes Nationwide Frenzy
Please Baby, Give Me Another Chance
Possible Spam : Shocking Video Shows Spongebob And Gay Sex!
Prada gives fake bags to charity
Release Of The Nancy Pelosi Sex Dvd Causes Mass Erectile Dysfunction In Us
Richard Nixon Speaks From The Grave!
Right To Own Guns Upheld
Sarah Jessica Parker Arrested For Gross Negligee
School Board Adopts Gay-Ass Uniform Policy
Schwarzenegger reduces minimum wages
Scientists Create Prosthetic Brain
Shocking Video Shows Spongebob And Gay Sex!
South Korea goes to war over dead tourist
Spongebob Denies Reports That Hes Gay
Steve Jobs down with cancer
Steve Jobs to resign from Apple
Stock Markets Close As Global Earth World Planet International Buys All Shares
Studies show Americans love complaining
Studies show Europeans hate Asians
Studies show female bosses love flirting
Stupid millionaire gives huge tips
Stupid woman buys iPhone for 5000
Switzerland To Be Devoured By Black Hole
Terrorist bombs Philippines killing 30
Texans Do The Unthinkable
Theodore Roosevelt Was A Gay Man
Tiger Woods Will Call Next Son Monkey
Tupac Shakur Speaks Out From Beyond The Grave: "Stop Releasing My Stanky Old Songs"
WalMart declares bankruptcy
Woman chokes after swallowing Tiffany diamond
Woman found with bottle in vagina
Your tickets have been confirmed

If you are in control of any of hacked webservers, we would like very much to speak with you regarding the method of compromise. We are hearing that the servers are being compromised through FTP sessions, with a real FTP Password being used. Are these brute forces? have they "sniffed" the FTP password (which we should remember, should never be used, as it is sent across the internet in an unencrypted method!), or have they "keylogged" the FTP passwords from the users machines? We need to know!

We have looked up the "WHOIS" information on all of these domains and sent an email to each webmaster, asking for more details about their attack, and informing them of the bad content on their servers so they can get it cleaned up.

Sadly, many of these domains either do not have WHOIS information, or have expired email addresses, so even when we TRY to contact the webmaster, we are unable to do so without poring over their websites looking for contact information. If the WHOIS data were properly implemented, a simple program could inform all of these webmasters.

My favorite WHOIS data was for the domains beatmung-sachsen.eu, cmeedilizia.eu, and deliriuslaspalmas.com, which gave as the Administrative Contact:


This domain exists, but because the European Registry of Internet Domain Names (EURid) is, in our view, run by incompetent administrators who failed to properly manage the server, you cannot view the domain registration data unless you visit their Web site, www.whois.eu


Like the authors of that WHOIS data, I am not spending my time visiting the page.


http://afg.es/topnews.html
http://albertruiz.net/topnews.html
http://alim.co.il/topnews.html
http://allevatoritrotto.it/topnews.html
http://amafe.org/topnews.html
http://ambulatoriovirtuale.it/topnews.html
http://atelier-de-loulou.fr/topnews.html
http://automoviliaria.es/topnews.html
http://autoreserve.fr/topnews.html
http://bielizna.tgory.pl/topnews.html
http://blueseven.com.br/topnews.html
http://bollettinogiuridicosanitario.it/topnews.html
http://caprilchamonix.com.br/topnews.html
http://carlolongarini.it/topnews.html
http://champimousse.com/topnews.html
http://cheviot.org.nz/topnews.html
http://contrapie.com/topnews.html
http://corradiproject.info/topnews.html
http://dantealighieriasturias.es/topnews.html
http://deliriuslaspalmas.com/topnews.html
http://ecchoppers.co.za/topnews.html
http://elianacaminada.net/topnews.html
http://fonavistas.com/topnews.html
http://fraemma.com/topnews.html
http://fundmyira.com/topnews.html
http://galvatoledo.com/topnews.html
http://grafisch-ontwerpburo.nl/topnews.html
http://gruppouni.com/topnews.html
http://hausfeld-solar.de/topnews.html
http://herbatele.com/topnews.html
http://houseincostaricaforsale.com/topnews.html
http://izliyorum.org/topnews.html
http://jureplaninc-sp.com/topnews.html
http://kwhgs.ca/topnews.html
http://lapiramidecoslada.es/topnews.html
http://last-minute-reisen-4u.de/topnews.html
http://marcadina.fr/topnews.html
http://maremax.it/topnews.html
http://markmaverick.com/topnews.html
http://micela.info/topnews.html
http://motoclubnosvamos.com/topnews.html
http://nebottorrella.com/topnews.html
http://negozistore.it/topnews.html
http://neticon.pl/topnews.html
http://norbert-leifheit.gmxhome.de/topnews.html
http://ocoartefatos.com.br/topnews.html
http://omdconsulting.es/topnews.html
http://parapendiolestreghe.it/topnews.html
http://positive-begegnungen.de/topnews.html
http://projetsoft.net/topnews.html
http://rbc.gmxhome.de/topnews.html
http://segelclub-honau.de/topnews.html
http://snmobilya.com/topnews.html
http://splashcor.com.br/topnews.html
http://stephanmager.gmxhome.de/topnews.html
http://svcanvas.com/topnews.html
http://tautau.web.simplesnet.pt/topnews.html
http://textilhogarnovadecor.com/topnews.html
http://theflorist4u.com/topnews.html
http://thewindsorhotel.it/topnews.html
http://vuelosultimahora.com/topnews.html
http://www.aliarzani.de/topnews.html
http://www.ambermarketing.com/topnews.html
http://www.arnold82.gmxhome.de/topnews.html
http://www.beatmung-sachsen.eu/topnews.html
http://www.campodifiori.it/topnews.html
http://www.clickjava.net/topnews.html
http://www.cmeedilizia.eu/topnews.html
http://www.dammer.info/topnews.html
http://www.embedded-silicon.de/topnews.html
http://www.ferrariclubpesaro.it/topnews.html
http://www.fgwiese.de/topnews.html
http://www.fswash.site.br.com/topnews.html
http://www.fytema.es/topnews.html
http://www.gildas-saliou.com/topnews.html
http://www.go-art-morelli.de/topnews.html
http://www.go-siegmund.de/topnews.html
http://www.guerrero-tuning.com/topnews.html
http://www.gut-barbarastein.de/topnews.html
http://www.japansec.com/topnews.html
http://www.komma10-thueringen.de/topnews.html
http://www.koon-design.de/topnews.html
http://www.lanz-volldiesel.de/topnews.html
http://www.lauscher-staat.de/topnews.html
http://www.losnaranjos.com.es/topnews.html
http://www.medical-service-krause.de/topnews.html
http://www.nakedinbed.co.uk/topnews.html
http://www.nepi.si/topnews.html
http://www.radieschenhein.de/topnews.html
http://www.residenceflora.it/topnews.html
http://www.sabuha.de/topnews.html
http://www.ser-all.com/topnews.html
http://www.siemieniewicz.de/topnews.html
http://www.viajesk.es/topnews.html

No comments:

Post a Comment

Trying a new setting. After turning on comments, I got about 20-30 comments per day that were all link spam. Sorry to require login, but the spam was too much.