[Merged] NTL spam

[AdeRickus]

Okay, I am in an unusual situation

I don't use my NTL email address, never have, never will, for whatever reason

Why do I recieve SPAM on that account and have within the TO box several other accounts, specific NTL email accounts that are obviously NOT guesswork emails. My surname cant be on any dictionary files, so its not that. So where are they getting this email address ??,

Senders IP was 56.57.182.159

I use outlook 2003 and therefore dont download ANYTHING with the emails that are sent, just delete,

Anyone know ??

[swoop101]

oh look, more spam from the U.S.

OrgName: U.S. Postal Service
OrgID: UPS-1
Address: 4200 Wake Forest Road
City: Raleigh
StateProv: NC
PostalCode: 27668-7800
Country: US

NetRange: 56.0.0.0 - 56.255.255.255
CIDR: 56.0.0.0/8
NetName: USPS1
NetHandle: NET-56-0-0-0-1
Parent:
NetType: Direct Assignment
NameServer: DNS082.USPS.COM
NameServer: DNS141.USPS.COM
Comment:
RegDate: 1992-11-02
Updated: 2003-09-05

TechHandle: ZU38-ARIN
TechName: U.S. Postal Service
TechPhone: +1-800-877-7435
TechEmail: domainadmin@imail.usps.gov

OrgTechHandle: ZU38-ARIN
OrgTechName: U.S. Postal Service
OrgTechPhone: +1-800-877-7435
OrgTechEmail: domainadmin@imail.usps.gov

# ARIN WHOIS database, last updated 2004-06-26 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

They just have bots that make up any and all addy's and send them (some of them do over 1 billion a day ) so they are bound to get everyone eventually.

[Watchman]

interestingly, the same is happening to me.

I have never used my ntl email address either.

this appears to have started in the last couple of weeks or so.

NTL is a magnet for spammers due to it's lack of Anti Spam software, we will be the same this time next year.

[poolking]

Watch out today, it appears NetSky Z is doing its rounds, just had my anti-virus software quarantine 2 emails with zip files.

With the message:

Important data!

[goldoni]

I get quite a few virus emails mostly to my domain addys, my NTL acount gets them from time to time. But the ones that get me are the emails returned to me (as below No 2) that I have never sent in the first place. they are returned with an attached file that Norton NAV does not pling as a virus. The text file attached reads:

Received: from mta04-svc.ntlworld.com (mta04-svc.ntlworld.com [62.253.162.44]) by rly-xh03.mx.aol.com (v99_r4.3) with ESMTP id MAILRELAYINXH31-49340dc48f01be; Fri, 25 Jun 2004 11:46:57 -0400
Received: from Laptop ([81.106.130.58]) by mta04-svc.ntlworld.com
(InterMail vM.4.01.03.37 201-229-121-137-20020806) with SMTP
id <20040625154554.PPHK24958.mta04-svc.ntlworld.com@Laptop>
for <PANDALTD@aol.com>; Fri, 25 Jun 2004 16:45:54 +0100
From: "Goldonian" <frank@goldonian.org>
To: <PANDALTD@aol.com>
Subject: RE: goldings(dickies)
Date: Fri, 25 Jun 2004 16:46:53 +0100
Message-ID: <NLEFJJBKFPECHPMLBPAKGEAJCFAA.frank@goldonian.org>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_00A7_01C45AD4.04C89F80"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0)
In-Reply-To: <1da.24d7d404.2e0c3751@aol.com>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
Importance: Normal
X-AOL-IP: 62.253.162.44
X-AOL-SCOLL-SCORE: 0:XXX:XX
X-AOL-SCOLL-URL_COUNT: 0

Now the attached dat file I have never tried to open just in case they have found a way to by-pass Norton NAV

No 2
The original message was received at Fri, 25 Jun 2004 11:46:57 -0400 (EDT)
from mta04-svc.ntlworld.com [62.253.162.44]



*** ATTENTION ***

Your e-mail is being returned to you because there was a problem with its
delivery. The address which was undeliverable is listed in the section
labeled: "----- The following addresses had permanent fatal errors -----".
The reason your mail is being returned to you is listed in the section
labeled: "----- Transcript of Session Follows -----".
The line beginning with "<<<" describes the specific reason your e-mail could
not be delivered. The next line contains a second error message which is a
general translation for other e-mail servers.
Please direct further questions regarding this message to your e-mail
administrator.
--AOL Postmaster
----- The following addresses had permanent fatal errors -----
pandaltd@aol.com
----- Transcript of session follows -----
... while talking to air-xh03.mail.aol.com.:
>>> RCPT To:pandaltd@aol.com
<<< 550 pandaltd IS NOT ACCEPTING MAIL FROM THIS SENDER
550 <pandaltd@aol.com>... User unknown

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxx
Can anybody help, I have a Liksys router and also run Norton Internet Security????

[swoop101]

Quote:

Originally Posted by goldoni

snip

I sometimes get those, it is usualy just after I get the same message from that address myself. It is as if the mail is bouncing itself between abused mail servers.
I very much dobt it is anything to do with your machine/setup just delete it and forget about it.

And before anybody says that my machine is compromised - don't because it is not

[AdeRickus]

Oh right, dont accept that, my surname is VERY unusual,

There is only 1 person on the planet with my name,

And they just guessed it,

Er, NO !

[swoop101]

Quote:

Originally Posted by AdeRickus

Oh right, dont accept that, my surname is VERY unusual,

There is only 1 person on the planet with my name,

And they just guessed it,

Er, NO !

They don't guess it, a machine just runs through the alpha numeric system and generates billions of made up name/number combinations and sends them to see if they get a result. I have seen printouts from these systems and they are huge and cover every name/number/character you can think of in all languages.

edit: ha, beat you scastle

[Stuart]

Quote:

Originally Posted by AdeRickus

Oh right, dont accept that, my surname is VERY unusual,

There is only 1 person on the planet with my name,

And they just guessed it,

Er, NO !

They do send emails to random collections of letters. The average spammer also sends out BILLIONS of these combinations each day. It's entirely possible they just guessed your surname. They guessed one of my friend's surname despite the fact it is not english, and has 15 characters.

[chopsmcp]

Quote:

Originally Posted by Watchman

interestingly, the same is happening to me.

I have never used my ntl email address either.

this appears to have started in the last couple of weeks or so.

Porn spam pointing at voila.fr sites, by any chance? I strongly suspect that spammers have got access to lists of valid NTL addies in the last month or so. The reason I think this is that for the last year my most effective anti-spam tactic has been a delete-on-server rule for anything with a similar addy to mine in the to/CC field. (It currently has about 300 adresses on it, which gives you an idea of the amount of spam hitting ntl's mail servers.)

Suddenly mountains of spam have been getting through that with new addies in those fields. Normally I'd just suspect a new "millions" CD had come out - but this has all been coming from the same source, and I'm seeing anecdotal evidence that the addies can't have been harvested. So I suspect an inside job, a la AOL.

[goldoni]

Belive it or not some people do reply to these emails, This chap has had an hotmail account for months but MSN have done nothing to close him down. I wonder how many CF members got the same email but with your family name??

BARRISTER JAMES YAYA ESQ, JAMES CHAMBERS 14, RUE DU BOULVARD LOME TOGO WEST AFRICA Pls,Contacted June 27,/6/ 2004 PRIVATE MESSAGES TO cooke , I am Barrister.James Yaya, a solicitor at law.I am the personal attorney to ENGR.P.O cooke ,Thompson,a national of your country, who is a Contractor and have spent most of his life in my country (Togo) Here in after shall be referred to as my client. On the 21st of April 2000, my client, his wife and their only son were involved in a car accident along bagida express road. All occupants of the vehicle unfortunately lost their lives. Since then I have made several enquiries to your embassy to locate any of my clients extended relatives,this has also prove unsuccessful. After these several unsuccessful attempts, I decided to track his last name over the Internet, to locate any Member of his family hence I contacted you. I have contacted you to assist in repatriating the assets and Capital valued at US$25.5million left behind by my client before they get confiscated or declared unserviceable by the management of the Finance/security company, where these huge deposits were lodged. The said finance/security company, has issued me a notice to provide the next of Kin or have the account confiscated within the next twenty Official working days. Since I have been unsuccessful in locating the relatives for over 2 years now, I seek the consent to present you as the Next of kin to the deceased since you have the same last names, so that the proceeds of this account can be paid to you. Therefore, on receipt of your positive response, we shall then discuss the sharing ratio and modalities for transfer. I have all necessary information and legal documents needed to back you up for claim. All I require from you is your honest cooperation to enable us see this transaction through.I guarantee that this will be executed under a legitimate arrangement that will protect you from any breach of the law. Awaiting to hear from you. Best Regards, BARRISTER JAMES YAYA

barrister_james_yaya@hotmail.com

The con starts with you paying £200.00 to register then the goal posts are moved each time you are about to finalise the deal see the Met web site. Church funds have lost a lot of money along with UK companies.

[poolking]

Goldoni,

Do a search on google and you'll find some people play these scamsters at their own game and string them along, they make some interesting reading.

[threadbare]

Quote:

Originally Posted by Nidge

NTL is a magnet for spammers due to it's lack of Anti Spam software, we will be the same this time next year.

what lack of spam software is that then?

[Stuart]

Quote:

Originally Posted by poolking

Goldoni,

Do a search on google and you'll find some people play these scamsters at their own game and string them along, they make some interesting reading.

Or just go to http://www.cableforum.co.uk/board/sh...081#post193081