- This topic is empty.
-
Posts
-
More spam from a Playtech casino – this operator does sweet FA about it’s spammy operators.
HTML this time, linking to:
http://sierra.1stmart.com:80/
and
http://vegastreasurechest.com/
and
http://www.sierrastarcasino.com/Providing headers and properties of the email goes along way. The post offers no useful information on attempting to fix the problem.
greek39
Online Casino
2210+ games
1 Hour Free Play
$500 FREEClick here [links to arengor.com/micro/1] to play
Return-Path:
Delivered-To: rcook635@unix.easyadmin
Received: (qmail 32183 invoked by uid 89); 30 Dec 2006 11:32:55 -0000
Delivered-To: rcook635@www.mydomain.com
Received: (qmail 32178 invoked by uid 89); 30 Dec 2006 11:32:55 -0000
Delivered-To: admindd@mydomain.com
Received: (qmail 32172 invoked by uid 89); 30 Dec 2006 11:32:55 -0000
Received: from 66-79-17-75.dsl.coastalnow.net (66.79.17.75)
by http://www.rsouter.com with SMTP; 30 Dec 2006 11:32:55 -0000
From: “Visited”
To: admindd@mydomain.com
Subject: Play and Win.
Date: Fri, 29 Dec 2006 18:35:15 +0500
MIME-Version: 1.0
Content-Type: multipart/related;
boundary=”—-=_NextPart_000_0001_01C72B78.152CDCC0″
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
Thread-Index: AccreBUsyokOhokuRQ+yW7ZPDYYA4w==
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869
Message-Id: <7277E41372A3245.54AB3AE647@coastalnow.net>
=_NextPart_000_0001_01C72B78.152CDCC0
Content-Type: text/html;
charset=”us-ascii”
Content-Transfer-Encoding: quoted-printable
Online Casino2210+ games
1 Hour Free Play
$500 FREE
Click here to play
=_NextPart_000_0001_01C72B78.152CDCC0–Return-Path:
Received: from [62.212.219.169] ([62.212.219.169])
by cs246.mojohost.com (8.12.11.20060308/8.12.11) with ESMTP id kBUDITQu024224
for; Sat, 30 Dec 2006 08:18:30 -0500
From: “Excimer”
To: [email]myemailaddress[/email]
Subject: Play and Win.
Date: Sat, 30 Dec 2006 15:18:44 -0200
MIME-Version: 1.0
Content-Type: multipart/related;
boundary=”—-=_NextPart_000_0004_01C72C25.CB8A2970″
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
Thread-Index: AccsJcuKeqkuCknGTNOTEcQ4ejfzOg==
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869
Message-Id: <08350FEA22BDD20.FC1E5776FF@brockwell.com>
X-yoursite-MailScanner-Information: Please contact the ISP for more information
X-yoursite-MailScanner: Found to be clean
X-MailScanner-From: ofpeynvg@brockwell.com
Status:
=_NextPart_000_0004_01C72C25.CB8A2970
Content-Type: text/html;
charset=”us-ascii”
Content-Transfer-Encoding: quoted-printable
Online Casino2210+ games
1 Hour Free Play
$500 FREE
Click here to play
=_NextPart_000_0004_01C72C25.CB8A2970–Thank you FictionNet now I got scum bag. I bagged three this week not bad for a few hours of work. With the New Year approaching I will PM you next week and provide a possible solution. But first I will inform the respective authorities.
greek39
Online Casino
2210+ games
1 Hour Free Play
$500 FREEClick here [links to arengor.com/micro/1] to play
Return-Path:
Delivered-To: rcook635@unix.easyadmin
Received: (qmail 3229 invoked by uid 89); 31 Dec 2006 09:34:01 -0000
Delivered-To: rcook635@www.mydomain
Received: (qmail 3224 invoked by uid 89); 31 Dec 2006 09:34:01 -0000
Delivered-To: admin@mydomain
Received: (qmail 3216 invoked by uid 89); 31 Dec 2006 09:34:00 -0000
Received: from host-81-190-73-39.gdynia.mm.pl (81.190.73.39)
by http://www.rsouter.com with SMTP; 31 Dec 2006 09:34:00 -0000
From: “license.”
To: [email]admin@mydomain[/email]
Subject: Play and Win.
Date: Sun, 31 Dec 2006 10:34:06 -0100
MIME-Version: 1.0
Content-Type: multipart/related;
boundary=”—-=_NextPart_000_0002_01C72CC7.329A1020″
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
Thread-Index: AccsxzKapTEEZIEcQg+UcMYO5tC3Mw==
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869
Message-Id: <53EA0B5061E003A.04003EA146@mm.pl>
=_NextPart_000_0002_01C72CC7.329A1020
Content-Type: text/html;
charset=”us-ascii”
Content-Transfer-Encoding: quoted-printable
Online Casino2210+ games
1 Hour Free Play
$500 FREE
Click here to play
=_NextPart_000_0002_01C72CC7.329A1020–Almost finished FrictionNet in the meantime a few things:
1. Do not open any email you do not trust.
2. I am assuming you are running Windows xp sp2 and having you email forwared from sever to your outlook express version6.0. If so be sure Outlook is configured so you must request email.
3. I am also assuming your are running a very dirty PC. Run a search for Casino and delete anything related to Online Gambling sites. Check you registry and delete all Online Gambling keys.
Select run >>>regedit>>>HKEY_LOCAL_MACHINE>>>SOFTWARE>>> delete all the folders containing the word “casino”>>> then reboot.
Be careful here! on my gaming PC I am showing 50 different reg keys. These keys have no real purpose being there. Just be sure you have a written copy of all your login details for these casinos.
4. Find a free reg cleaner I suggest down loading “ccleaner” v1.33.382. If you have a working copy of HijackThis run a system scam and delete the BHO unless it relates to google. Reboot
5. Use you favourite spyware program be sure it is config properly. Run in deep scan mode twice a day. Before you log in and after you log out.
6. Next scan for viruses be sure all drives are included. Do this once a day and be sure the program is updated.
7. Be sure there is not one program set for auto updates this would include windows. These things should be done manually.
8. When you are finished for the day Unplug any Internet connection you may have. Don’t simply disconnect actually unplug the connection all the time.
9. Contact your server and tell them about the massive amounts of email spam.
I should have this wrapped up by Tuesday I hope. Just waiting for word on the message ID. I believe the message ID could possible be the answer. But will explain on Tuesday in the meantime keep your system clean.
greek39
2. I am assuming you are running Windows xp sp2 and having you email forwared from sever to your outlook express version6.0. If so be sure Outlook is configured so you must request email.
> Running XP with all the latest updates. OE6, yes.
3. I am also assuming your are running a very dirty PC. Run a search for Casino and delete anything related to Online Gambling sites. Check you registry and delete all Online Gambling keys.
> This is quite a new PC – and cleaner than most. Only ever installed a couple of Microgaming casinos on this one.
Select run >>>regedit>>>HKEY_LOCAL_MACHINE>>>SOFTWARE>>> delete all the folders containing the word “casino”>>> then reboot.
5. Use you favourite spyware program be sure it is config properly. Run in deep scan mode twice a day. Before you log in and after you log out.
> Spyware scans carried out regularly – never had a problem on this PC. As I say, it’s quite new.
6. Next scan for viruses be sure all drives are included. Do this once a day and be sure the program is updated.
> Same here.
What I am trying too accomplish are few things:
1. Your PC is pretty clean
2. Get your server provider to box trap these idiots.
3. File a complaint with the authorities. If these thugs reside in countiries were email spam is illegal the would face prosecution.
Just one more question.
Does your PC have access to your server provider?
greek39
“Does your PC have access to your server provider?”
Not entirely sure I understand the question. Could you please clarify?
FWIW, I don’t think this has anything to do with my PC. I run more than one PC and hundreds of different e-mail addresses – some web-based, some POP, etc. – they all get the spam.
Loads of people I know are getting blasted with all the latest batch of spam, mainly the vegasinternationalcasino.com spam – every e-mail address of mine has been harvested and receives spam from these clowns.
FWIW, I don’t make huge efforts to block the spam. I like to know that it’s coming in – I prefer to know that it’s going on and who to avoid. For example, it’s due to discovering Playtech’s “who care if our operators spam” attitude that’s leading me to remove all of their brands shortly.
Just wanted to make sure your PC is clean. The person doing this is havesting email addresses. For everyone you open you will increasingly more. The person has also been doing this for a long time by switching their message ID. By doing this they slip under the radar. Email is a internet based application and has very little to do with the web.
Havesting emails is a bot operation which crawls the internet capturing email transmissions. These bots have certain ID’s assigned to them. What many agencies do is capture the ID then box trap the bot. But some slip threw because the ID is ever changing.
Imagine for a moment you captured 500 million email addresses and you had something to sell. In a instant you send out 500 million spam emails for viagra. Sounds pretty profitable but illegal in most countries.
This could be one fellow who is pushing the Playtech Brand and is well hidden from their view maybe. I have not looked at anything else except the message ID. I want to find out the name of this person and possible establish Playtech or not?
I will explain in greater detail on Tuesday I hope.
greek39
If it’s helps to know this any… I don’t actually open most of these spam e-mails. They’re viewed in Mailwasher without actually downloading from the server. They’re then deleted without being downloaded.
If you are using a Mailwasher then you should be able to bounce the spam. In doing so eventually you become known as a bad target and over time the spam will stop. This is your best defence. Working on the domains now to see if Playtech is actually playing a roll in this. I noticed Playtech has very little privacy governing their software.
greek39
There’s something very funky about that spam… I have never seen a Playtech casino run a 1 hour free promotion, plus that other link “arengor.com/micro/1” looks suspiciously like a link to a Microgaming casino.
… ok, it’s definitely a spammy affiliate. That arengor link goes to vegasinternationalcasino.com and if you click on anything it will try to download Ruby Fortune.
For the site http://www.sierrastarcasino.com/ I find the following servers:
pdns1.ultradns.net:
204.74.108.1
pdns2.ultradns.net:
204.74.109.1
pdns3.ultradns.org:
199.7.68.1
pdns4.ultradns.org:
199.7.69.1
pdns5.ultradns.info:
204.74.114.1
pdns6.ultradns.co.uk:When I cross reference this with my own archives I find:
PDNS1.ULTRADNS.NET 204.74.108.1
PDNS3.ULTRADNS.ORG 199.7.68.1
PDNS2.ULTRADNS.NET 204.74.109.1
PDNS6.ULTRADNS.CO.UK
PDNS4.ULTRADNS.ORG 199.7.69.1
PDNS5.ULTRADNS.INFO 204.74.114.1Would anybody agree this linkage provides proof the spam is coming from these servers for the domain mentioned. Because if it is you will not believe who is doing this.
greek39
