Joe Wein’s blog

Various companies in China are trying to scare domain owners in other countries into registering Chinese variants of their domain names by claiming some other party was trying to register these variants. Examples of this scam have been reported widely throughout 2008, involving the domains asiaton.cn, erimut.com, erimart.com, erimart-domains.com.cn, hknsc.hk, hongkongnet.org, hk-net.org.cn, hknetwork.hk.cn and others [...]

[Read more →]

Today I received a Trojan email that bears the same handwriting as the recent fake Google Chrome installer emails. Both emails are in German, offer an attached RAR file with what supposedly is an installer for a beta test version of new software from a well-established software company:

Sehr geehrter Nutzer,
heute möchten wir Sie zu unserem [...]

[Read more →]

Barely had Google announced its new browser Chrome, that malware senders responded by sending out fake emails claiming to provide an installer for the new software. Here is a German message I received:
From: “Steffen Neukirch” <beta-team@google.de>
To: spamtrap-email-address
Sent: Friday, September 05, 2008 09:26
Subject: [PR] Neuter Webbrowser Chrome erhältlich
Sie benötigen einen JavaScript-fähigen Browser, um diese Software herunterzuladen. [...]

[Read more →]

Today I received a couple of near identical emails in Portuguese that differed only by the (forged) sender address:
From: “Fernanda” <fernandinha@globo.com.br>
To: <joewein@pobox.com>
Sent: Thursday, September 04, 2008 06:29
Subject: Por favor veja isso!!!
Você acredita que essas coisas ainda acontecem no Brasil?
Eu não posso acreditar…
Se você quiser, assine e repassse!
Tratamentos Desumanos.wmv (153,0 KB)

Google [...]

[Read more →]

Earlier this summer a friend told me about a way to keep emails out of the Gmail spam filter, which unlike that of Yahoo! Mail can not be disabled. By setting up a filter rule (say, the email contains certain words) and specifying the “Never send it to spam” action for messages that match the [...]

[Read more →]

Today I was contacted by someone about a domain flapstate.com which was still on my spam list from spam received last year. It looks like since then the domain had expired and been deleted, but then registered by a new owner for what appears to be a scam.
The same scam also uses domains

mdanclub.com
wayizer.com
wayate.com
coralnic.com
grigga.com
srcify.com
azureclub.com
flipality.com

and [...]

[Read more →]

A recent malware spam takes a new approach to hijacking your computer.
From: Internal Revenue Service [mailto:jim.lanton@irs.com]
Sent: Thursday, July 03, 2008 10:25 AM
To: User@CompanyName.com
Subject: Re: Company report for CompanyName
To : Firstname Lastname
The report is attached.
You need to complete the fields about CompanyName income.
Jim Lanton
IRS Fraud Department
© 2008 Internal Revenue Service All Rights Reserved.

At [...]

[Read more →]

I recently came across spam that was offering “Google Earth 2008″. In case you don’t know, Google Earth is a free beta product by Google that lets you view satellite images of our planet, probably including a view of your own rooftop.
“Why would someone other than Google promote Google Earth, a product that makes [...]

[Read more →]

A four-part series of blog postings at Artists against 419 discusses in detail the massive abuse of Microsoft’s OfficeLive (MSOL) webhosting service by Advance fee fraud scammers, which I mentioned in a previous blog post here. Currently I come across such MSOL domains at a rate of about two new ones per day.
As the Artists [...]

[Read more →]

Four weeks ago I reported that Yahoo seems to finally have got a handle on the problem of criminals abusing its webhosting service for posting child pornography. Alas, the porn spammer only seem to have taken a vaccation. After those 4 weeks of almost no new child porn sites, they returned. I counted 36 new [...]

[Read more →]