![[info]](http://l-stat.livejournal.com/img/userinfo.gif){kind=small}
Directi is back - cybercrime on the move
Aug. 14th, 2009 | 09:23 am
Once penalized by ICANN, the rogue registrar Directi is back with more filth. This is classic spam propagated by a spammer who signed up in the "Directi" registrar, a rogue registrar.
The mail came from Taiwan, advertising a web site in Poland, owned by the person who registered the NS Servers in Netherlands, which is actually administrated in France.
The Whois info is "protected" by a firm : "Privacy Protect" which was started by and wholly owned by Directi.
If ICANN would rescind and block the IP spread of this perp, problem solved, game over. But they won't.
I have screen captures available.
The URLs have now been removed.
-------------------
SpamCop v 4.5.0.103 Cisco Systems, Inc. All rights reserved.
Here is your TRACKING URL - it may be saved for future reference:
http://www.spamcop.net/sc?id=z321957547
> From: "Charley Creten" <ivydepository@defenceacademy.mod.uk>
> (Uncensored russian children rapes, DON'T MISS IT!)
> Our russian friends found out what can please even most crazy fantasies!
> Look at this naive girl trapped into one of Moscow gang headquarters
> and being raped by 7 guys!
> You can find vid in bonus part of http://xvkontakte.com
> Payment by sms and CC..... [clip]
Report Spam to:
Re: 58.114.35.199 (Administrator of network where email originates)
To: bsg_se_ix@gigamedia.com.tw (Notes)
Re: http://biz-adult.ru/ (Administrator of network hosting website referenced in spam)
To: abuse@gblx.net (Notes)
To: abuse@ovh.net (Notes)
To: abuse@p80.net (Notes)
Re: User Notification (Notes)
-----------
Sender of spam:
HOSHIN-MULTIMEDIA - Hoshin Multimedia Center Inc
Cable/ADSL Broadband ISP in Taiwan.
inetnum: 94.23.88.0 - 94.23.95.255
netname: PL-OVH -- OVH Sp. z o. o. (Forged)
country: Poland
admin-c: OTC2-RIPE - OVH-MNT
role: OVH Technical Contact
address: 59100 Roubaix, France
Sponsoring Registrar: Directi Internet Solutions Pvt. Ltd.
d/b/a PublicDomainRegistry.com (R27-LROR)
Registrant Organization: PrivacyProtect.org
Registrant Street2: Note - All Postal Mails Rejected (Privacyprotect.org)
Registrant Country: Netherlands
-------------------------------------
The link actually did NOT go to a child rape video, but rather began downloading a maleware trojan dot-exe file immediately upon arriving at the site.
TEN BILLION dollars were lost from U.S. business in 2007 due to this kind of spam.
When will the FTC, and FCC ever learn?
The mail came from Taiwan, advertising a web site in Poland, owned by the person who registered the NS Servers in Netherlands, which is actually administrated in France.
The Whois info is "protected" by a firm : "Privacy Protect" which was started by and wholly owned by Directi.
If ICANN would rescind and block the IP spread of this perp, problem solved, game over. But they won't.
I have screen captures available.
The URLs have now been removed.
-------------------
SpamCop v 4.5.0.103 Cisco Systems, Inc. All rights reserved.
Here is your TRACKING URL - it may be saved for future reference:
http://www.spamcop.net/sc?id=z321957547
> From: "Charley Creten" <ivydepository@defenceacademy.mod.uk>
> (Uncensored russian children rapes, DON'T MISS IT!)
> Our russian friends found out what can please even most crazy fantasies!
> Look at this naive girl trapped into one of Moscow gang headquarters
> and being raped by 7 guys!
> You can find vid in bonus part of http://xvkontakte.com
> Payment by sms and CC..... [clip]
Report Spam to:
Re: 58.114.35.199 (Administrator of network where email originates)
To: bsg_se_ix@gigamedia.com.tw (Notes)
Re: http://biz-adult.ru/ (Administrator of network hosting website referenced in spam)
To: abuse@gblx.net (Notes)
To: abuse@ovh.net (Notes)
To: abuse@p80.net (Notes)
Re: User Notification (Notes)
-----------
Sender of spam:
HOSHIN-MULTIMEDIA - Hoshin Multimedia Center Inc
Cable/ADSL Broadband ISP in Taiwan.
inetnum: 94.23.88.0 - 94.23.95.255
netname: PL-OVH -- OVH Sp. z o. o. (Forged)
country: Poland
admin-c: OTC2-RIPE - OVH-MNT
role: OVH Technical Contact
address: 59100 Roubaix, France
Sponsoring Registrar: Directi Internet Solutions Pvt. Ltd.
d/b/a PublicDomainRegistry.com (R27-LROR)
Registrant Organization: PrivacyProtect.org
Registrant Street2: Note - All Postal Mails Rejected (Privacyprotect.org)
Registrant Country: Netherlands
-------------------------------------
The link actually did NOT go to a child rape video, but rather began downloading a maleware trojan dot-exe file immediately upon arriving at the site.
TEN BILLION dollars were lost from U.S. business in 2007 due to this kind of spam.
When will the FTC, and FCC ever learn?
Link | Leave a comment | Add to Memories | Tell a Friend
Yahoo Groups Spam for Profits?
Jul. 27th, 2009 | 09:31 am
mood: angry
I've been tracking Yahoo Groups' crime pages now for about two weeks. Spamvertised phishing and cybercrime pages at Yahoo run an average of several hundred per day. At the bottom of this posting, I've included some evidence screens that show the actual Yahoo crime pages, their targets, and Whois information.
I began to suspect that perhaps Yahoo might actually enjoy having a large constituency of cyber criminals generating group pages -- but I didn't want to believe that. So, I dug in to find out what's going on.
Through a very frustrating day, I tried every phone number I could find for Yahoo in an attempt to contact their security / privacy office. No success. I read all the policies and help files -- anything relating to cybercrime, spamming and violations of TOS. Found nothing. I emailed the security department. They respond with a canned, automated email saying "find the appropriate department" at these links. I tried ALL the links, and contacted ALL the departments. They responded with the same canned, automated email. Basically, reporting abuse at Yahoo is going in a circle. I'm assuming they don't want to be contacted.
How do you report Yahoo Groups spam?
One person answered "Report it to the moderator of the group", duh, ... but of course, the moderator of the spam group is the spammer. Sure, reporting to them will do a lot of good.
Another answer suggested I join the "Moderator" group, and report the spam to them. Like I have nothing better to do than clean up Yahoo's mess. But I thought it might be worth a chance -- so I joined. Except that group has no "post" button. (At least not that I can see) So I posted a "reply" to one of the 'owners' posts. As of this writing there's been no response.
Here's the group.. Another dead end?
It was suggested I use the Yahoo Mail abuse forms -- that's no good, it requires a Yahoo mail account -- and then sends you in the same circle of canned responses as above.
Then someone suggested I go to this Yahoo Form . However, it is a survey with the ability to report but a single abuse. So I reported a bunch. But hey, we're averaging several hundred a day -- Yahoo would have to pay ME to report all those via their single-entry form. It would take hours and hours. So, another dead end.
Now, after several days of investigation, going in circles, I'm suspecting the possible idea that perhaps Yahoo doesn't want to hear about abuse. Could it be possible that Yahoo actually enjoys the benefits of having the cybercrime element building hundreds of groups on Yahoo each day? Gives one pause for thought doesn't it?
Why would Yahoo want to aid and abet the cybercrime industry?
This morning, Monday, I cull 757 individual Yahoo Groups spams from the UGN Spam traps. They were all sent in the past 36 hours -- roughly 2 per minute, some duplicating themselves as many as two dozen times. (I've included the list here.) Sixteen of them were reported to Yahoo's abuse form last Tuesday. They're still here today.
Most of these redirect to "enhancement" phishing sites, gambling "video" malware sites, Canadian Pharmacy sites, (Screen) or knock-off Designer products sites (Capture), and even downloadable "Wares" sites like this screen capture ... all of which would be considered illegal, and violations of Yahoo's TOS regulations. This tends to lead one to suspect that perhaps Yahoo doesn't want to delete them.
If each spammer sent 100,000 spams containing these links, (which is a safe assumption since many of the spambots send in excess of 25-million of each spam) that would yield :
= 757,000,000 spams sent (that's 757-million in a 36 hour period.)
Let's assume that at least one tenth of a percent of the recipients actually click on the link in the spamvertised email: (Stats are actually much greater than this)
= 7,570,000 accesses to Yahoo's "Groups" sites. (7.5 million)
Yahoo adds these 7.5-million accesses (visitors) in a 36-hour period to their existing web stats. This is very convincing data for advertisers to pay Yahoo to advertise. Is this what is happening? Probably -- site metrics are all automated, no human actually considers the "quality" of the visitor nor the quality of the target page in Yahoo.
Now, let's assume all 7,570,000 accesses generate a 3-cent ad-view fee for Yahoo. (This is a typical "views" fee)
That equates to $227,100 in revenue for Yahoo in that 36-hour period. In real terms, they're making roughly $105 per minute.
Now, if only 2% of that audience CLICKS on the link in the ad on the spamvertised page, that's roughly 151,400 actual click-through links. (Note here we see a "Russian Wives" ad in Yahoo, which will certainly encourage lots of clicks! picture)
Clicks can typically bring as much as 50-cents each, but for the sake of this scenario, let's assume that each click brings only a dime -- 10-cents.
= $15,140 more revenue
Roughly a quarter-million dollars in one 36-hour period. $112 per minute, $6,000 per hour makes a pretty sweet profit incentive, I would have to guess.
I'll bet you'd like to be making $1,500 per hour on your site, now, wouldn't you? You can play with the numbers as much as you like. Cut them in half, and it's $3,000 per hour. Cut them in half again and it's $1,500 per hour. No matter how you cut the numbers, on views alone, phishing, enhancement, designer knock-offs and illegal drugs probably makes cybercrime one of Yahoo's best customers, and best profit generator -- or simply -- huge incentives to let cybercrime have it's run of the Yahoo site.
What else does this suggest? Well, we won't even go there. But do you feel as good about Yahoo now, as you did before you read this article? The bad news is, I suspect Google and About and MSN are all about the same. Or worse.
You can see the spam lists here. Below you'll see screen captures as I opened the spamvertised Yahoo sites, to see their targets, and WhoIS info. And, as always, thanks for reading . . .
(images will open in a new browser window)
* Sample of "enlargement" Yahoo Group yahoo_enlargement.png
* Samples of Forgeries Yahoo Group yahoo_forgeries.png
* Samples of Gambling Yahoo Group yahoo_gamble.png (Begins downloading a .exe file???)
* Samples of Pharmacy Yahoo Group yahoo_pharmacy.png
* Samples of Illegal Wares Yahoo Group yahoo_wares_sites.png
I began to suspect that perhaps Yahoo might actually enjoy having a large constituency of cyber criminals generating group pages -- but I didn't want to believe that. So, I dug in to find out what's going on.
Through a very frustrating day, I tried every phone number I could find for Yahoo in an attempt to contact their security / privacy office. No success. I read all the policies and help files -- anything relating to cybercrime, spamming and violations of TOS. Found nothing. I emailed the security department. They respond with a canned, automated email saying "find the appropriate department" at these links. I tried ALL the links, and contacted ALL the departments. They responded with the same canned, automated email. Basically, reporting abuse at Yahoo is going in a circle. I'm assuming they don't want to be contacted.
Yahoo Answers
Next, I went to Yahoo's "Answers" answers.yahoo.com, and posted a question, just to see what would come back. Surely some official would be monitoring that site. Here's my question:How do you report Yahoo Groups spam?
One person answered "Report it to the moderator of the group", duh, ... but of course, the moderator of the spam group is the spammer. Sure, reporting to them will do a lot of good.
Another answer suggested I join the "Moderator" group, and report the spam to them. Like I have nothing better to do than clean up Yahoo's mess. But I thought it might be worth a chance -- so I joined. Except that group has no "post" button. (At least not that I can see) So I posted a "reply" to one of the 'owners' posts. As of this writing there's been no response.
Here's the group.. Another dead end?
It was suggested I use the Yahoo Mail abuse forms -- that's no good, it requires a Yahoo mail account -- and then sends you in the same circle of canned responses as above.
Then someone suggested I go to this Yahoo Form . However, it is a survey with the ability to report but a single abuse. So I reported a bunch. But hey, we're averaging several hundred a day -- Yahoo would have to pay ME to report all those via their single-entry form. It would take hours and hours. So, another dead end.
Now, after several days of investigation, going in circles, I'm suspecting the possible idea that perhaps Yahoo doesn't want to hear about abuse. Could it be possible that Yahoo actually enjoys the benefits of having the cybercrime element building hundreds of groups on Yahoo each day? Gives one pause for thought doesn't it?
Why would Yahoo want to aid and abet the cybercrime industry?
PROFIT MOTIVE?
This morning, Monday, I cull 757 individual Yahoo Groups spams from the UGN Spam traps. They were all sent in the past 36 hours -- roughly 2 per minute, some duplicating themselves as many as two dozen times. (I've included the list here.) Sixteen of them were reported to Yahoo's abuse form last Tuesday. They're still here today.
Most of these redirect to "enhancement" phishing sites, gambling "video" malware sites, Canadian Pharmacy sites, (Screen) or knock-off Designer products sites (Capture), and even downloadable "Wares" sites like this screen capture ... all of which would be considered illegal, and violations of Yahoo's TOS regulations. This tends to lead one to suspect that perhaps Yahoo doesn't want to delete them.
Let's do some math:
If each spammer sent 100,000 spams containing these links, (which is a safe assumption since many of the spambots send in excess of 25-million of each spam) that would yield :
= 757,000,000 spams sent (that's 757-million in a 36 hour period.)
Let's assume that at least one tenth of a percent of the recipients actually click on the link in the spamvertised email: (Stats are actually much greater than this)
= 7,570,000 accesses to Yahoo's "Groups" sites. (7.5 million)
Yahoo adds these 7.5-million accesses (visitors) in a 36-hour period to their existing web stats. This is very convincing data for advertisers to pay Yahoo to advertise. Is this what is happening? Probably -- site metrics are all automated, no human actually considers the "quality" of the visitor nor the quality of the target page in Yahoo.
Now, let's assume all 7,570,000 accesses generate a 3-cent ad-view fee for Yahoo. (This is a typical "views" fee)
That equates to $227,100 in revenue for Yahoo in that 36-hour period. In real terms, they're making roughly $105 per minute.
Now, if only 2% of that audience CLICKS on the link in the ad on the spamvertised page, that's roughly 151,400 actual click-through links. (Note here we see a "Russian Wives" ad in Yahoo, which will certainly encourage lots of clicks! picture)
Clicks can typically bring as much as 50-cents each, but for the sake of this scenario, let's assume that each click brings only a dime -- 10-cents.
= $15,140 more revenue
BOTTOM LINE: YAHOO's possible profit from just today's SPAM? = $ 242,240
Roughly a quarter-million dollars in one 36-hour period. $112 per minute, $6,000 per hour makes a pretty sweet profit incentive, I would have to guess.
I'll bet you'd like to be making $1,500 per hour on your site, now, wouldn't you? You can play with the numbers as much as you like. Cut them in half, and it's $3,000 per hour. Cut them in half again and it's $1,500 per hour. No matter how you cut the numbers, on views alone, phishing, enhancement, designer knock-offs and illegal drugs probably makes cybercrime one of Yahoo's best customers, and best profit generator -- or simply -- huge incentives to let cybercrime have it's run of the Yahoo site.
What else does this suggest? Well, we won't even go there. But do you feel as good about Yahoo now, as you did before you read this article? The bad news is, I suspect Google and About and MSN are all about the same. Or worse.
You can see the spam lists here. Below you'll see screen captures as I opened the spamvertised Yahoo sites, to see their targets, and WhoIS info. And, as always, thanks for reading . . .
Fred
EVIDENCE SCREENS
(images will open in a new browser window)
* Sample of "enlargement" Yahoo Group yahoo_enlargement.png
* Samples of Forgeries Yahoo Group yahoo_forgeries.png
* Samples of Gambling Yahoo Group yahoo_gamble.png (Begins downloading a .exe file???)
* Samples of Pharmacy Yahoo Group yahoo_pharmacy.png
* Samples of Illegal Wares Yahoo Group yahoo_wares_sites.png