Classic Spam: How to be seen

I received no fewer than ten copies of this same message in the space of two days, each advertising the same website but originating from ten different mail hosts (this was rather shocking back in 2002, but is no great shakes today). Most were offshore hosts, but one was (surprisingly) a machine belonging to the U.S. Navy. Normally, the military keeps their internet hosts buttoned down pretty well, but the spammer evidently found a breach in the armor (this is why all mail host administrators should periodically test their machines' potential to become open relays).

This figure of ten messages doesn't count several other messages advertising websites on the same host using a similar modus operandi (one of these was sent from the same Navy server).

By the time I was able to get around to reporting them, the website (see the link below) had apparently already been shut down. Possibly the spammer made the mistake of raising his visibility by sending so many copies in such a short space of time. He didn't follow the famous advice dispensed by Monty Python on "how not to be seen" (i.e., he stood up).

The bit of soothing biz-speak that I've highlighted is particularly annoying. I didn't know that we had a relationship, particularly since I have no idea who DBGI is.

For whatever reason, the spammer uses Perl scripts to generate the pages indicated by the hyperlinks; it's difficult to tell why with the site having been shut down, but one advantage of Perl scripts is that they are more secure than HTML pages (i.e., they can't be printed out and downloaded using HTTP).

From: <<address-hidden>>
Subject: Lost Money? It's Time to Get it Back
MIME-Version: 1.0
Content-Type: text/html; charset="us-ascii"; format=flowed
Status:
X-SpamCop-Checked: 192.168.1.15 206.46.170.83 193.68.195.163
X-SpamCop-Disposition: Blocked bl.spamcop.net


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>1575-003</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body bgcolor="#FFFFFF" text="#000000">
<table width="441" border="1" bordercolor="#37ACE4" style="border-collapse: collapse" cellpadding="10" cellspacing="0" height="256">
<tr>
<td height="256" valign="top" bordercolor="#FFFFFF" width="439">
<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber2" bgcolor="#37ACE4">
<tr>
<td width="100%"><b><font color="#FF0000" size="5">&nbsp;&gt;</font></b><font color="#666666" size="5">&nbsp;&nbsp;
</font><b><font color="#FFFF00" size="5">
<span style="background-color: #37ACE4">You've lost money on
Wall Street. . .</span></font></b><font color="#666666" size="5"><br>
</font><b><font color="#FF0000" size="5">&nbsp;&nbsp;&nbsp;&nbsp; &gt;</font></b><font color="#666666" size="5"> </font>
<b><font color="#FFFF00" size="5">. . .<i>it's time to get it back!</i></font></b></td>
</tr>
</table>
<p align="center"><b><font color="#FF0000" size="4">Stop losing money in the stock
market!!<br>
</font><font size="4" color="#111111"><br>
Get a </font></b><i><font size="4" color="#FF0000">
<b>FREE</b></font></i><b><font size="4" color="#111111"> unbiased market
report, with
news and crucial ideas on which stocks to own, and when to buy or
sell.</font></b></p>
<p align="center"><b><font color="#666666"><br>
<br>
</font></b><font color="#FF0000" size="6">
<a href="http://216.22.13.10/1575/1575-003L.pl">Sign up today!</a></font></p>
<p align="center">&nbsp;</p>
<p align="justify"><font color="#666666"><i><font color="#000000" size="2">Our relationship
with you is very important.
In the event that you wish to unsubscribe
from future promotional e-mail or special offers from DBGI, send e-mail
to <a href="http://216.22.13.10/1575/1575-003L.p?rem=1">Remove
</a>with your e-mail address in the subject line.
Once your request is received, we will take prompt action to ensure you
do not receive future promotional e-mail from us.</font></i></font></p>
</td>
</tr>
</table>
</body>
</html>


(c) 2003-2006, Richard C. Conner ( )

02819 hits since March 29 2009

Updated: Sat, 06 May 2006