[nycbug-talk] mailing list spam harvesters
Charles Sprickman
spork at bway.net
Thu Jan 14 01:47:39 EST 2010
On Thu, 14 Jan 2010, Jesse Callaway wrote:
> Sorry for being so darn off topic, but I guess a good number of people
> on this list might admin mailing lists themselves.
>
> Please see below about zeusmail.org being used as a source of de-bot-chaury.
Interesting. A demo list I have saw it's first subscribe in years a few
days ago. The address? Jodie.Manzanarez at zeusmail.org
Charles
> -jesse
>
> ---------- Forwarded message ----------
> From: Steve Atkins <steve at blighty.com>
> Date: Wed, Jan 13, 2010 at 4:13 PM
> Subject: Re: [mailop] Zeusmail.org
> To: mailop <mailop at mailop.org>
>
>
>
> On Jan 13, 2010, at 12:54 PM, Stephen Gran wrote:
>
>> On Wed, Jan 13, 2010 at 08:33:36PM +0000, Andy Davidson said:
>>> Hi,
>>>
>>> I have seen a number of subscriptions from plausible.name at zeusmail.org
>>> to a number of mailing lists which I help with, including this one.
>>>
>>> I have decided to remove the address from this list (and others) after
>>> discussion with the mods, because the subscription attempts appear to
>>> be an automated robot that is parsing and joining lists via Mailman
>>> pages.
>>>
>>> Graeme also found this discussion, showing other list maintainers have
>>> come to the same conclusion.
>>>
>>> http://lists.indymedia.org/pipermail/listwork/2009-November/1105-iy.html
>>>
>>> Have other moderators seen the same behaviour ?
>>
>> We just had 11000 unique addresses in the zeusmail.org domain sign up to
>> mailing lists in a 12 hour span. We removed them all silently.
>>
>>> Is someone connected to Zeusmail who can explain the behaviour ?
>>>
>>> Zeusmail.org is of course using a whois privacy service. :-)
>>
>> They appear to be on lots of people's radar, but what they actually do,
>> I don't actually know.
>
> Targeted spam, possibly phishing.
>
> Presumably to email addresses harvested from mailing lists, likely using
> either the list address or other posters address in the from line, so as
> to avoid filters.
>
> I've no hard evidence for that, yet, as they're still in their harvesting mode,
> but it's a pretty well understood approach and nobody legitimate hides
> their domain registration and has no web pages. I'd need some pretty
> solid evidence to change my mind on that. They're the same folks as
> ec-group.biz, who were doing the same thing early last year (signing up
> lots of @ec-group.biz email addresses) and who appear to have
> a long history in the online fraud business.
>
> Cheers,
> Steve
>
>
> _______________________________________________
> mailop mailing list
> mailop at mailop.org
> http://chilli.nosignal.org/mailman/listinfo/mailop
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
>
More information about the talk
mailing list