Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Elaborate DeeZire.net/Redemption-faking spam
#1
I know this isn't a first, but this is by far the most convincing fake DeeZire spam I got so far, and actually had me going until I came to the "free Credit" part - mostly because it was (pretendedly) sent from the correct e-mail address to the correct e-mail address.

Code:
From - Mon Oct 02 03:05:09 2006
X-Account-Key: account5
X-UIDL: UID6040-1145589207
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <nobody:at:xeon0.beamhost.co.uk>
Delivered-To: 2-Renegade:at:DestructionMod.com
X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on
[color=beige]------[/color][insert our full server address]
X-Spam-Level:
X-Spam-Status: No, score=0.6 required=7.0 tests=AWL,NO_REAL_NAME autolearn=no
[color=beige]------[/color]version=3.1.3
Received: (qmail 1493 invoked from network); 2 Oct 2006 01:48:37 +0200
Received: from 24.35.1243.static.theplanet.com (HELO xeon0.beamhost.co.uk) (67.18.53.36)
  by dc.strategy-x.com with SMTP; 2 Oct 2006 01:48:37 +0200
Received: from nobody by xeon0.beamhost.co.uk with local (Exim 4.52)
[color=beige]------[/color]id 1GUB31-0007yi-VJ
[color=beige]------[/color]for Renegade:at:DestructionMod.com; Mon, 02 Oct 2006 00:48:39 +0100
To: Renegade:at:DestructionMod.com
Subject: [DeeZire Online]: Dear Deezire Members Redemption Here!
From: deezire:at:deezire.net
X-Mailer: PHP/4.4.2
Message-Id: <E1GUB31-0007yi-VJ:at:xeon0.beamhost.co.uk>
Date: Mon, 02 Oct 2006 00:48:39 +0100
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - xeon0.beamhost.co.uk
X-AntiAbuse: Original Domain - destructionmod.com
X-AntiAbuse: Originator/Caller UID/GID - [99 32003] / [47 12]
X-AntiAbuse: Sender Address Domain - xeon0.beamhost.co.uk
X-Source:
X-Source-Args: /usr/local/apache/bin/httpd -DSSL
X-Source-Dir: deezire.net:/public_html

From: DeeZire Online



Want to thank you all for being part of the great Deezire family.  

This is a one time email!  I would like to invite you all to a free  Credit Repair discussion board.  The board deals with all aspects of the credit system, it educates consumers about their rights and how to protect themselves against unscrupulous collection Agencies.

So if you want to learn how to improve your Fico scores or have friends that are in financial problems and collection agencies are driving them crazy.  Then by all means tell them to stop by the site, we will be happy to help them re-store their credit.  Remember, this is a free site, much like www.deezire.net

The web address is www.infinitecredit.com

Hope to see you there!


Thanks,



Redemption



- DeeZire Online Staff



=========================================================
You're receiving this email because you're a registered user of . We hope that this email didn't disturbed you and in some manner contributes to improve our services.
I may be misinterpreting the headers, but from the "X-Mailer: PHP/4.4.2" and "X-Source-Dir: deezire.net:/public_html" parts, I gather it might have been an automated abuse of phpnuke's "send a mail to this user" feature, making it, theoretically, an actually legitimate mail from deezireAtdeezire.net...only misrepresenting its original author...

Then again, it is also signed as being specifically from Redemption, so the spammers went one step further and specifically sought out an administrator and either hacked his account to sent the mails, or at least socially engineered the site enough to know who'd be a trusted source for this e-mail - 'cause if it was fully automated, the spam-engine would either just have taken UID 1, rendering it blank, or the first existing user, DeeZire. One way or the other, this mail was specifically targeted at the deezire crowd - or me, personally. Wtf (disbelieving)

Opinions? General amusement? Anything?


Spam!



P.S.: Note whose account picked up the spam Wink
Forum Rules

(01.06.2011, 05:43:25)kenosis Wrote: Oh damn don't be disgraced again!

(25.06.2011, 20:42:59)Nighthawk Wrote: The proverbial bearded omni-bug may be dead, but the containment campaign is still being waged in the desert.
Reply
#2
That's impressive... I guess the spam engine could just iterate profile=x until it came across one where the source matched " alt="Commander" " or the rank image OCR'd into "Administrator", if they were determined. Or it could be just abuse of some Nuke vulnerability.

Edit: Or the spammers could just look at the Ranks page...

Edit2: And after viewing the page source, I would really be interested in knowing wtf are those meta keywords doing there... And running on 6.9 when 7.9 is freely available... tsk tsk tsk

Worth playing: 1 | 2 | 3
Reply
#3
I'm with stupid!


Interesting.....

I cant beleive Redemption is still at DeeZire Site. Wtf (disbelieving) He never liked me.. HAHAHA! I hadnt been there in ages... Shows you how much I am around anymore.. Wtf (checking)

Later..

Read and be gay!
"Being deeply loved by someone gives you strength; loving someone deeply gives you courage." - Lao Tzu -
Reply
#4
i can see why... note, i have nothing against you.
Reply
#5
Bobingabout Wrote:i can see why... note, i have nothing against you.


I'm with stupid!

So..... HAHAHAHA!!

But I'm liked by so many people around the CNC Community.. Isnt that right Ren.! Shift eyes


Read and be gay!
"Being deeply loved by someone gives you strength; loving someone deeply gives you courage." - Lao Tzu -
Reply
#6
ending all your posts with Read and be gay! doesn't help Tongue
Reply
#7
Bobingabout Wrote:ending all your posts with Read and be gay! doesn't help Tongue


HAHAHAHAHA! LOL

If you say so buddy. HAHA! Sorry cant help from laughing at you.. LOL No offesne.. Shift eyes

Read and be gay!
"Being deeply loved by someone gives you strength; loving someone deeply gives you courage." - Lao Tzu -
Reply
#8
Spammers didn't do a thing

CHECK THE WHO IS information for Deezire.Net and Infinitecredit.com

Fernando Oto owns them
Reply
#9
He's fucking right...the spammers didn't use DeeZire.net, the spammers are DeeZire.net! Wtf (disbelieving)

That is just...low. Then again, what do you expect from spammers?

Thank you, guest, for bringing that to our attention.


P.S.: That is, of course, unless Fernando Oto is an employee of the registrar or something.
Forum Rules

(01.06.2011, 05:43:25)kenosis Wrote: Oh damn don't be disgraced again!

(25.06.2011, 20:42:59)Nighthawk Wrote: The proverbial bearded omni-bug may be dead, but the containment campaign is still being waged in the desert.
Reply
#10
Renegade Wrote:He's fucking right...the spammers didn't use DeeZire.net, the spammers are DeeZire.net! Wtf (disbelieving)

That is just...low. Then again, what do you expect from spammers?

Thank you, guest, for bringing that to our attention.


P.S.: That is, of course, unless Fernando Oto is an employee of the registrar or something.

No problem, I hate Spammers just as much as the next guy.

If this guy is sending out mass mails trying to drum up business / users for his credit repair board using another board registered to him, well it speaks volumes about his character.

I hate people like this, I wonder how he'd like it if a bunch of users who got that email went to his infinitecredit board and asked him why he was begging for memebers Mad (insulting)
Reply




Users browsing this thread: 1 Guest(s)