Friday, June 25, 2010

Spams in Robot Flavour

We blocked these senders with a fantastic 550. The source IP addresses are dynamically allocated hence we think they are coming from exploited computers - located mainly in China, Korea and Taiwan.

Senders
* aaaaa@yahoo.com.tw
* z2007tw@yahoo.com.tw

Sample SMTP requests
[220.149.240.9][32496380] rsp: 220 mail.elohkcalb.com
[220.149.240.9][32496380] connected at 6/24/2010 6:31:44 PM
[220.149.240.9][32496380] cmd: EHLO aaaaaa.com
[220.149.240.9][32496380] rsp: 250-mail.elohkcalb.com Hello [220.149.240.9] 250-SIZE 31457280 250-AUTH LOGIN CRAM-MD5 250 OK
[220.149.240.9][32496380] cmd: MAIL FROM:aaaaa@yahoo.com.tw SIZE=2679 [220.149.240.9][32496380] rsp: 550 Sender is not allowed.
[220.149.240.9][32496380] disconnected at 6/24/2010 6:31:45 PM

[114.45.53.25][47409299] rsp: 220 mail.elohkcalb.com
[114.45.53.25][47409299] connected at 6/25/2010 8:34:45 AM
[114.45.53.25][47409299] cmd: HELO 114.45.53.25
[114.45.53.25][47409299] rsp: 250 mail.elohkcalb.com Hello [114.45.53.25]
[114.45.53.25][47409299] cmd: MAIL FROM: z2007tw@yahoo.com.tw
[114.45.53.25][47409299] rsp: 550 Sender is not allowed.
[114.45.53.25][47409299] disconnected at 6/25/2010 8:34:45 AM

Thursday, June 24, 2010

Bulletproof Data Center

To all network, firewall & server administrators,

You might want to block the entire class C from 205.209.161.0 to 205.209.161.255. MSG is famous for supporting scam and spam related abusers and we constantly getting unauthorized SMTP requests from these IPs.

Sample SMTP request
[205.209.161.186][2955580] rsp: 220 mail.elohkcalb.com
[205.209.161.186][2955580] connected at 6/14/2010 7:01:35 PM
[205.209.161.186][2955580] cmd: HELO 205.209.161.186
[205.209.161.186][2955580] rsp: 250 mail.elohkcalb.com Hello [205.209.161.186][205.209.161.186][2955580] cmd: MAIL FROM: 88@163.com
[205.209.161.186][2955580] rsp: 250 OK 88@163.com Sender ok
[205.209.161.186][2955580] cmd: RCPT TO: victim@yahoo.com.tw
[205.209.161.186][2955580] rsp: 550 victim@yahoo.com.tw No such user here[205.209.161.186][2955580] disconnected at 6/14/2010 7:01:41 PM

References
http://www.robtex.com/cnet/205.209.161.html
http://www.google.com.sg/search?hl=en&source=hp&q=managed+solutions+group+spam&aq=f&aqi=&aql=&oq=&gs_rfai

Send us $5K and we will buy the phone.

From
+65 90169696

Content
<ADV> Purchase any LG Cookie phone frm now till 25 Jul @ any mobile store & get to win LED TV & notebook weekly. Fwd to share with friends. Reply UNSUB to unsub

Sent
24-Jun-2010 16:12

Saturday, June 19, 2010

Can we cook the voucher with curry?

From
LOfficiel

Content
SPEND, VOTE for your Fav Fashion Showcase & WIN $2k Palais gift vouchers. Feast your eyes on L'Officiel showcases, now till 30 June- Only at Palais Renaissance!

Sent
19-Jun-2010 12:32

Note
This SMS violated the Singapore Spam Control Act 2007.

Thursday, June 17, 2010

FREE Designer 2GB Leather Flashdrive

From
SubtleSense

Content
FREE Designer 2GB Leather Flashdrive for 1st 88 to redeem a FACE SPA/BODY SPA (UP$188) @ $18 this Great S'pore Sale! Call 62206656 by 30 Jun. T&Cs.

Sent
17-Jun-2010 16:47

Note
This SMS violated the Singapore Spam Control Act 2007.

For Sale: Newton Suites

From
+6581886427

Content
<ADV>For Sale: Newton Suites. Award Winning Condo. 3 Bed 1238sqf. Ask $1850psf. Gd Corp Tenancy @$6.9k. Call Jayrome 91912368. Reply UN to unsub. http://www.spd.sg/

Sent
17-Jun-2010 15:52