Identity Theft : 2004
Spammers routinely forge the From: line in their junk emails,
causing the inevitable flood of bounces, auto-acknowledgements and complaints
to land in some innocent third-party's inbox. Like so many other domain
names, obliquity.com is sometimes used in these forgeries.
April (38 bounces)
The Russian owner of the ICQ number in the spam claimed that
he had not sent the spam and that someone wanted to "screw" him.
Since his stated personal interests included computer security and spam on
the internet, this is entirely feasible. Perhaps we've both been victims
of a forgery.
- Forged address
- "Dimetrius" followed by a number
- Subject
- marijuana seeds
- Body
- I sell marijuana seeds _AND LEAFS_ WORLDWIDE.
You can also by spam mailings
Contact ONLY icq: [deleted]
- Bounces
- 38
June (108 bounces)
- First bounce
- June 2 00:47:29 (GMT)
- Last bounce
- June 18 05:11:23 (GMT)
- Forged address
- Random letters
- Sample subject lines
- convenient for you
fast and simple
Get Relief From Anxiety
lowest prices
medicati on delivered to your doorstep
no need to leave your home
prescripti ons at low prices
this may be of interest-13
want to lose wei ght, try phen termine
what you see is what you pay
your #1 choice
- Bounces
- 108
July (105 bounces)
The first spam run advertised various pharmaceutical products. A search
of the web revealed similar spamming patterns which is how we were able to
trace these identify thefts to domains like
- myvirtualsource.com
- myvirtualsupply.com
- myvirtualtime.com
- myvirtualtoday.com
- myvirtualusa.com
and registrants
- yourexcellenthealth.com
- Sea Faring Inc.
- Global Media Holdings
- First bounce
- July 1 18:39:22 (GMT)
- Last bounce
- July 10 15:51:06 (GMT)
- Forged address
- Random letters and numbers
- Sample subject lines
- Each subject line ended with a random number:
Get it overnight
Overnight_shipping_
Secure ordering, Perscription medication
- Bounces
- 62
The second spam run advertised various computer software. A search
of the web revealed similar spamming patterns which is how we were able to
trace these identify thefts to domains like
- alleysoftware.biz
- coolsofting.biz
- greatsofting.biz
- greatsoftwarenow.biz
- smallsoftware.biz
- softatlowest.biz
- soft-4-all.biz
- thebesttitles.biz
and domain name server (DNS) dll4you.info.
- First bounce
- July 14 15:20:51 (GMT)
- Last bounce
- July 18 20:21:03 (GMT)
- Forged address
- Random letters
- Sample subject lines
- Each subject line ended with a random number:
Cheap Software offer for you
No need to buy expensive soft - look here
Original software 4 cheap
- Bounces
- 43
August (12 bounces)
The first short-lived spam run involved a stock market
"pump and dump" scheme.
- First bounce
- August 8 23:15:09 (GMT)
- Last bounce
- August 9 18:09:59 (GMT)
- Forged address
- Random letters
- Sample subject lines
- How To Trade Like A Pro 5160
- Bounces
- 9
The second spam run advertised various pharmaceutical products and continued
intermittently for the next three months. A search of the web revealed
similar spamming patterns which is how we were able to trace these
identify thefts to domains like
- hj68.com
- peasant8fitzgerald.com
- usecp98.biz
Examining the registrations of these domains led to registrants
and domain name servers (DNS)
- First bounce
- August 30 18:00:53 (GMT)
- Last bounce
- August 31 07:33:41 (GMT)
- Forged address
- Various combinations of first names/initials, last names, random letters
and full stops (periods) and/or underscores
- Sample subject lines
- Best Source for Health Supplements
Don't lose out Phentermine the best diet med out
Hydrocodone - NO Pre#scription Needed
Lo[se weight healthy with Phentermine
Medication Refills
Order Levit[ra Online From Your Home
Receive your Via#gra order in 24 to 48 hours
Save Money
sex is beyond good when u use this
The weekend via(gra
Xanax Here WITH OUT ANY PRSCRIPTION
- Bounces
- 3
September (193 bounces)
The spam run beginning the end of August continued this month.
- First bounce
- September 1 02:22:37 (GMT)
- Last bounce
- September 30 23:02:13 (GMT)
- Forged address
- See August
- Sample subject lines
- See August
- Bounces
- 193
October (91 bounces)
The spam runs from August and September continued this month.
- First bounce
- October 1 02:21:35 (GMT)
- Last bounce
- October 20 13:50:07 (GMT)
- Forged address
- See August
- Sample subject lines
- See August
- Bounces
- 91
November (21 bounces)
The spam runs from August, September and October continued this month.
- First bounce
- November 2 21:16:53 (GMT)
- Last bounce
- November 15 22:02:34 (GMT)
- Forged address
- See August
- Sample subject lines
- See August
- Bounces
- 21
Email Forgery
Spam 'n' Scam
Copyright © 2004 by David Harper and L.M. Stockman