Legend:  new window    outside link    tools page  glossary link   

Classic Spam: From Russia with Advertising
Russian-language “domestic” spam

The bottom line: Although the vast majority of spam mail appears to target English speakers, I have received spam in Russian, Chinese, German, Spanish, and Indonesian as well. In Russia, particularly, spam seems to have become an accepted medium of advertisement for even legitimate businesses.

Spam has gotten to be big business in Russia, and its practitioners seem sometimes to have little fear of the authorities. Some months ago, according to a German spam-watching weblog, the Russian Minister of Communications at the time requested a flagrant spammer named Vardan Kushnir to remove the ministry’s e-mail addresses from Kushnir’s spam lists. The Minister and his employees just got even more of Kushnir’s language-school spam for their trouble. The Minister then apparently responded by employing a bit of spam of his own: tying up Kushnir’s business telephones with tape-recorded demands to stop spamming. Kushnir was later found beaten to death in his apartment, although possibly the motive for the crime did not involve his spam vocation.

In another spampolitik.de article, a Russian ISP executive is quoted in her belief that 85 percent of the mail her firm currently handled was spam (and the figure apparently went as high as 95% on some days). Yet, as we read elsewhere (http://p2pnet.net/story/3750) the current Russian IT and Communications minister (not, apparently, the one who DOS-attacked Mr. Kushnir) announced his decision not to impose regulations against spam, saying he’s, ahem, against net censorship. Sorry, Mr. Minister, spam isn't free speech, it is theft of services.

With the high volume of apparently lucrative spam in Russia, and the government’s neglect of the problem, it isn’t surprising that some of Russia’s “domestic” spam should leak out and hit the international networks, as in the case below.

From address hidden Fri Sep 9 07:42:57 2005
Received: from 211.1.97.64 ([172.18.12.134])
  by vms039.mailsrvcs.net (Sun Java System Messaging
  Server 6.2-2.05 (built Apr 28 2005)) with ESMTP id
  <0IMJ006IXPY32600@vms039.mailsrvcs.net> for
  address hidden; Fri, 09 Sep 2005 05:46:55 -0500 (CDT)
Received: from 211.1.97.64 (211.1.97.64)
  by sv4pub.verizon.net (MailPass SMTP server v1.2.0 -
080905135255JY+PrW)
with SMTP id <3-14087-48-14087-90829-3-1126262807>
for vms039pub.verizon.net;
Fri, 09 Sep 2005 05:46:55 -0500
Date: Fri, 09 Sep 2005 13:44:45 +0300 (EEST)
From: Sophie Alex <address hidden>
Subject: =?Windows-1251?B?7eUg7+Xw4vvpIPDg5w==?=
X-Originating-IP: [216.154.195.49]
X-Originating-IP: [211.1.97.64]
To: address hidden
Message-id: <0IMJ006IYPY32600@vms039.mailsrvcs.net>
MIME-version: 1.0
Content-type: text/html; charset=Windows-1251
Content-transfer-encoding: 8BIT



<html>
<body>
<div align="center">
<table width="80%" border="0" cellspacing="0" cellpadding="10">
<tr>
<td valign="top" bgcolor="#EBEBEB">
<div align="center">
<DIV>
<div align="right"><font size="4" face="Times New Roman, Times, serif"><strong>Ï?åäëàãàåì
óñëóãó ?àññûëêè ãîëîñîâûõ ñîîáùåíèé íà òåëåôîíû ÌÃÒÑ. -</strong></font></div>
</DIV>
<DIV>
<div align="right"><font face="Times New Roman, Times, serif" size="2">Ï?è
ñíÿòèè ò?óáêè, ï?îèñõîäèò ï?îèã?ûâàíèå çàïèñè âàøåé ?åêëàìû. </font></div>
</DIV>
<DIV></DIV>
<DIV>
<div align="right"><font face="Times New Roman, Times, serif" size="2">Ñòîèìîñòü îäèí-çâîíîê, ìèíóòà
çàïèñè.</font></div>
</DIV>
<FONT face=Arial size=2>
<DIV>
<div align="right"><font face="Times New Roman, Times, serif" size="2">
Åñòü âîçìîæíîñòü âûáî?êè òåëåôîííûõ íîìå?îâ ïî ?àéîíàì
(ïî ïå?âûì ò?åì öèô?àì ÀÒÑ)</font></div>
</DIV>
<DIV><font face="Times New Roman, Times, serif"> </font></DIV>
<DIV></DIV>
</FONT></div>
</td>
<td rowspan="5" bgcolor="#FF0000"><font size="5" face="Times New Roman, Times, serif"><strong>â<br>
í<br>
è<br>
ì<br>
à<br>
í<br>
è<br>
å<br>
!</strong></font></td>
</tr>
<tr>
<td bgcolor="#CCCCCC">
<DIV><font size="5" face="Times New Roman, Times, serif"><STRONG>?àññûëêà
Ôàñêèìèëüíûõ ñîîáùåíèé-</STRONG></font> </DIV>
<FONT face=Arial size=2><FONT face=Arial size=2>
<DIV><font face="Times New Roman, Times, serif">Âîçìîæíà âûáî?êà ïî ï?îôèë?
î?ãàíèçàöèè;</font></DIV>
</FONT></FONT>
<DIV><font size="2" face="Times New Roman, Times, serif">Â ë?áîì ãî?îäå
?îññèè; </font></DIV>
<FONT face=Arial size=2><FONT face=Arial size=2>
<DIV><font face="Times New Roman, Times, serif">Âîçìîæíà ?àññûëêà ïî ä?óãèì
ñò?àíàì (ïëàíè?óåòñÿ, îá?àùàéòåñü ê ìåíåäæå?ó).</font></DIV>
<DIV><font face="Times New Roman, Times, serif">Ñêî?îñòü îòï?àâêè ôàêñîâ
îò 10 000 â ñóòêè, ìèíèìàëüíûé çàêàç 1 000 ôàêñîâ.<br>
Öåíà îäèí ?óá/ôàêñ.
</font></DIV>
</FONT></FONT></td>
</tr>
<tr>
<td bgcolor="#999999"><font face="Times New Roman, Times, serif"><strong><font size="5">Email
?àññûëêè- </font><font size="4"><br>
</font></strong>Ìîñêâà <br>
?îññèÿ <br>
Åâ?îïà<br>
Çàïàä</font></td>
</tr>
<tr>
<td bgcolor="#7D7D7D">
<div align="center"><font color="#00FFFF" size="4" face="Times New Roman, Times, serif"><b>(0-95) 109~Ç5~48</b></font></div>
</td>
</tr>
<tr>
<td bgcolor="#666666">
<div align="center"><font face="Times New Roman, Times, serif"><strong><font color="#FFCCCC" size="2">icq
# 319177453</font></strong></font></div>
</td>
</tr>
</table>
<font face="Times New Roman, Times, serif" size="2"><font Arial, Helvetica, sans-serif>
Âå?èì, ÷òî ìû ïîìîæåì ïîâûñèòü Âàøè ï?èáûëè!</font></font></div>
</body>
</html>


Russia is better known elsewhere in the world for its “export” spam, written in English (usually) and promoting mainly pornography (some involving minors) and “warez” (pirated retail software). However, for a number of months now, I’ve been getting a steady stream of more conventional commercial offers in the Russian language, apparently intended for a domestic audience (seems I’ve ended up on some minor-league Russian spammer’s list). These are often for a variety of oddball industrial equipment (including industrial tubing and mosquito killers), or for household products (bathtub refinishers, storm windows and the like), but the recurring theme seems to be offers to make spam runs and other forms of annoying advertising, as in this message.

Although you can often get a gist of the contents of a spam message by scanning the HTML markup, you can’t do so in this case because it has been designed to be rendered in a Cyrillic (e.g., Russian) character set; the MIME content-type header above the HTML instructs the browser to render it in Windows-1251, an 8-bit character set often used to render messages in the Cyrillic alphabet.

This is how the message looked when properly rendered by Apple Mail:

This outfit provides one-stop shopping for those who wish to torment the public with inane advertisement using a variety of communications media: according to the online Russian-English translator at http://www.systranet.com/, the first paragraph offers recorded telephone solicitations, the second one junk faxing, and the third e-mail spamming. The subject line of the message translates as “Not for the first time,” which is certainly appropriate here given the large number of these messages I’ve received.

I’m guessing that the same outfit is in back of most of these messages I get; they have a talent for distributing their messages from computers all over the world (possibly these are zombies or open proxy machines). This one comes from 211.1.97.64, which belongs to a cable TV provider in Tokyo.

The perps also keep a low profile by not using websites. Most of the messages (like this one) are text-only ads; some do however contain the occasional image, which is embedded in the message at a cid: URL rather than being served from a website. This message provides a telephone number and an ICQ number by which you can contact them if you are interested in their services. Hey, they say they’ll be expanding to “the West” pretty soon, and I can vouch for this in my own case.



 home | legal stuff | glossary | blog | search

 Legend:  new window    outside link    tools page  glossary link   


(c) 2003-2007, Richard C. Conner ( )

04295 hits since March 27 2009

Updated: Sat, 18 Aug 2007