As many of you already know, I've been a volunteer spam fighter since February 15th, 1999. I had a passion about helping keep the Internet clean since developing forums for GEnie, eWorld and America Online back in the 1980s. Now my work goes on through Knujon.com, Spamcop.net and SafeNetting.com. We've all agreed that one of the real pains of the online world is someone trying to sell you something -- particularly if the solicitation is false, illegal, or damaging in some way. But through the last several years, ugly "sex enhancement" spam solicitation had diminished. Or so I thought.
This morning when I opened my email I was greeted with these among others :
Subject: Size does matter..Get hard and large in seconds Subject: Get hard in the bedroom without the blue pill Subject: 1 trick do her like a champ in the bedroom Subject: He made me climax in 11 seconds Subject: He used this to make love to me.. It was the best Subject: Watch this vid-and-get it up again Subject: He put his member deep inside me ... sooo deep Subject: He ate this and was hard all night Subject: Size does matter ... Get hard and large in seconds
These all appeared in my mail box over night. They all promote one of two poorly produced PowerPoint presentations with a sound track, explaining what their product will do including endorsements from current users. One or two would have slid by and merely gotten reported to the Spamcop.net. But these sleaze-balls were sending more than one per hour.
As I dug into the path, it soon became clear all these were coming from one source. Ryan Kowalski at Fairlight Scientific in New Jersey, is what the WhoIS said, unless the criminal has forged or spoofed the entry. (Most cybercriminals mask their identities by faking the WhoIS information, so there may not even be a Ryan Kowalski, or Fairlight Scientific!) There was also a second firm involved in some of these spams -- a firm called Edge Bio Actives, or Edgebioactives.com. This entity also owns some twenty other domains used for spam including "Boost Your Drive and MaleHealthFacts.com were created in 2014, at a registrar in France -- and hosted at Gandi.net.
The interesting part is, several of these also use a domain called "geterectondemand.com" (get erect on demand) from a publisher called Altar Publishing -- ALSO owned by Ryan Kowalski, centered in New Jersey, and using the Gandi.net servers in France.
French law states that unsolicited mass commercial advertising as well as any mass or automated inquiries are strictly forbidden. The cybercrime cartels ignore this and use foreign registrars because they know ICANN will do nothing, and they are beyond the reach of U.S. law enforcement.
I had several choices: ignore them all, directly report to Spamcop, who would in-turn report them to the system administrators responsible, or dig in and see who was actually doing the dirty work and report them. I know that these cybercrime developers always hop the link, and redirect it to another IP address to avoid detection. That's why most of the ones I analyzed incorporated a momentary visit to singlehop.com before being redirected to the real spam site! (Guess where Singlehop's MX records reside: Google.com! and GoogleMail.com )
So I follow the links to get to the real spamvertiser and report that entity along with the surface spam. In 90% of the cases, the administrators and systems sending the spam were originated by cybercriminals and ignore the reports and alerts.
If you get spam with the same subjects as above, just ignore or report. What ever you do, don't click on the links -- that's a guarantee you'll get more spam from the same junk criminals. Don't bother listening to the yarn. It goes on and on and on and never says anything.
It is a travesty that so much precious bandwidth is sucked up by such junk. The problem is, most people will just say it's a nuisance, pay no attention. However, anyone who will go to these measures to compromise your computer are up to something far more insidious than selling snake oil. There isn't much profit in snake oil -- but your identity will bring a handsome return in the cybercrime world!
I'm very sorry to admit that there's probably no way to stop them -- other than do not click!
Thanks for reading!
Oh by the way, after some research we find these emails eminating from a group of IP addresses at 220.127.116.11 including emailtechsolutions.com; geterectondemand.com; innnocentwords.com; curemylimpdick.com; and your-health-1st.com among a dozen or so others.
The original copy of this post is located at http://www.graphic-design.com/60-seconds/328_spam_we_can_do_without.html