[nycbug-talk] mailing list spam harvesters

Jesse Callaway bonsaime at gmail.com
Thu Jan 14 01:07:36 EST 2010 

Sorry for being so darn off topic, but I guess a good number of people
on this list might admin mailing lists themselves.

Please see below about zeusmail.org being used as a source of de-bot-chaury.

-jesse

---------- Forwarded message ----------
From: Steve Atkins <steve at blighty.com>
Date: Wed, Jan 13, 2010 at 4:13 PM
Subject: Re: [mailop] Zeusmail.org
To: mailop <mailop at mailop.org>



On Jan 13, 2010, at 12:54 PM, Stephen Gran wrote:

> On Wed, Jan 13, 2010 at 08:33:36PM +0000, Andy Davidson said:
>> Hi,
>>
>> I have seen a number of subscriptions from plausible.name at zeusmail.org
>> to a number of mailing lists which I help with, including this one.
>>
>> I have decided to remove the address from this list (and others) after
>> discussion with the mods, because the subscription attempts appear to
>> be an automated robot that is parsing and joining lists via Mailman
>> pages.
>>
>> Graeme also found this discussion, showing other list maintainers have
>> come to the same conclusion.
>>
>> http://lists.indymedia.org/pipermail/listwork/2009-November/1105-iy.html
>>
>> Have other moderators seen the same behaviour ?
>
> We just had 11000 unique addresses in the zeusmail.org domain sign up to
> mailing lists in a 12 hour span.  We removed them all silently.
>
>> Is someone connected to Zeusmail who can explain the behaviour ?
>>
>> Zeusmail.org is of course using a whois privacy service. :-)
>
> They appear to be on lots of people's radar, but what they actually do,
> I don't actually know.

Targeted spam, possibly phishing.

Presumably to email addresses harvested from mailing lists, likely using
either the list address or other posters address in the from line, so as
to avoid filters.

I've no hard evidence for that, yet, as they're still in their harvesting mode,
but it's a pretty well understood approach and nobody legitimate hides
their domain registration and has no web pages. I'd need some pretty
solid evidence to change my mind on that. They're the same folks as
ec-group.biz, who were doing the same thing early last year (signing up
lots of @ec-group.biz email addresses) and who appear to have
a long history in the online fraud business.

Cheers,
 Steve


_______________________________________________
mailop mailing list
mailop at mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

More information about the talk mailing list