From: Catherine Hampton Newsgroups: news.admin.net-abuse.email Subject: SPAM, JOE-JOB: From: Forgeries @spambouncer.com Organization: Virtual Studio and Workshop Message-ID: X-Newsreader: Forte Agent 1.93/32.576 English (American) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Lines: 41 NNTP-Posting-Host: 63.121.127.89 X-Complaints-To: abuse@prodigy.net X-Trace: newssvr15.news.prodigy.com 1091669264 ST000 63.121.127.89 (Wed, 04 Aug 2004 21:27:44 EDT) NNTP-Posting-Date: Wed, 04 Aug 2004 21:27:44 EDT X-UserInfo1: OPYQBZCNA@BCG]I]^ROZOTPARBZZTB\MV@B@LWQHBATBTSUBYFWEAE[YJLYPIWKHTFCMZKVMB^[Z^DOBRVVMOSPFHNSYXVDIE@X\BUC@GTSX@DL^GKFFHQCCE\G[JJBMYDYIJCZM@AY]GNGPJD]YNNW\GSX^GSCKHA[]@CCB\[@LATPD\L@J\\PF]VR[QPJN Date: Thu, 05 Aug 2004 01:27:44 GMT Xref: sn-us news.admin.net-abuse.email:1244688 A massive spam run with forged addresses @spambouncer.com is underway. I've seen a few thousand bounces so far. :/ Please note that the forged addresses are at spambouncer.com, which is an unused domain, not @spambouncer.org, where I hang out. I registered spambouncer.com and spambouncer.net to keep them out of the wrong hands, but have never used them. So you can safely drop all email from any address @spambouncer.com in the trash for the next few days, until the spam run dies down. The spam is coming from open proxies, advertising the following domains: asianhall.com discountedsoft.net hqreplicas.info ondemandoem.org onlinedownloadsoft.net specialoems.com videoshall.com When you do a DNS lookup on these domains, you will get five IP addresses assigned to each. Those IP addresses all belong to compromised hosts running Trojan DNS servers, as far as I can tell. This looks to me like something of Juan Garavaglia's, or perhaps another spammer that does DNS trickery. I don't know whether this is a deliberate Joe Job/DDOS against the SpamBouncer, or just the luck of the draw that the idiot picked a domain of mine to use in his spam. Any additional information any of you may have about these domains is welcome. Email me at the address below. :) -- Catherine Hampton [email address snipped] Home Page * The SpamBouncer * (Please use this address for replies -- the address in my header is a spam trap.)