[nycbug-talk] mailing list spam harvesters
spork at bway.net
Thu Jan 14 01:47:39 EST 2010
On Thu, 14 Jan 2010, Jesse Callaway wrote:
> Sorry for being so darn off topic, but I guess a good number of people
> on this list might admin mailing lists themselves.
> Please see below about zeusmail.org being used as a source of de-bot-chaury.
Interesting. A demo list I have saw it's first subscribe in years a few
days ago. The address? Jodie.Manzanarez at zeusmail.org
> ---------- Forwarded message ----------
> From: Steve Atkins <steve at blighty.com>
> Date: Wed, Jan 13, 2010 at 4:13 PM
> Subject: Re: [mailop] Zeusmail.org
> To: mailop <mailop at mailop.org>
> On Jan 13, 2010, at 12:54 PM, Stephen Gran wrote:
>> On Wed, Jan 13, 2010 at 08:33:36PM +0000, Andy Davidson said:
>>> I have seen a number of subscriptions from plausible.name at zeusmail.org
>>> to a number of mailing lists which I help with, including this one.
>>> I have decided to remove the address from this list (and others) after
>>> discussion with the mods, because the subscription attempts appear to
>>> be an automated robot that is parsing and joining lists via Mailman
>>> Graeme also found this discussion, showing other list maintainers have
>>> come to the same conclusion.
>>> Have other moderators seen the same behaviour ?
>> We just had 11000 unique addresses in the zeusmail.org domain sign up to
>> mailing lists in a 12 hour span. We removed them all silently.
>>> Is someone connected to Zeusmail who can explain the behaviour ?
>>> Zeusmail.org is of course using a whois privacy service. :-)
>> They appear to be on lots of people's radar, but what they actually do,
>> I don't actually know.
> Targeted spam, possibly phishing.
> Presumably to email addresses harvested from mailing lists, likely using
> either the list address or other posters address in the from line, so as
> to avoid filters.
> I've no hard evidence for that, yet, as they're still in their harvesting mode,
> but it's a pretty well understood approach and nobody legitimate hides
> their domain registration and has no web pages. I'd need some pretty
> solid evidence to change my mind on that. They're the same folks as
> ec-group.biz, who were doing the same thing early last year (signing up
> lots of @ec-group.biz email addresses) and who appear to have
> a long history in the online fraud business.
> mailop mailing list
> mailop at mailop.org
> talk mailing list
> talk at lists.nycbug.org
More information about the talk