Geographically Targeted Spam
[Share This Page] [Back To The Main SHPAMEE Index] [Next Example]
VERY IMPORTANT INFORMATION, READ THIS FIRST: The example and associated information published on this page are subject to the SHPAMEE Terms Of Use. Please familiarise yourself with these terms before viewing or using any information on this page.
Header:
Received: from smtp-in2.blueyonder.co.uk ([172.23.146.13]) by cluster4 with Microsoft SMTPSVC(5.0.2195.6713);
Mon, 30 Jun 2008 23:44:37 +0100
Received: from eback01.blueyonder.co.uk ([195.188.53.212]) by smtp-in2.blueyonder.co.uk with Microsoft
SMTPSVC(5.0.2195.6713);
Mon, 30 Jun 2008 23:44:37 +0100
Received: from [172.23.170.143] (helo=anti-virus02-10)
by eback01.blueyonder.co.uk with smtp (Exim 4.52)
id 1KDS6v-00030v-HG
for x; Mon, 30 Jun 2008 23:44:37 +0100
Received: from [66.248.157.190] (helo=camio.limestolimeade.com)
by exim10.blueyonder.co.uk with smtp (Exim 4.68)
(envelope-from <x>)
id 1KDS6v-0004sx-1Z
for x; Mon, 30 Jun 2008 23:44:37 +0100
From: "John Cummuta" <x>
To: x
Reply-To:<x>
Subject: [SPAM] Transforming Debt into Wealth with our eBooks
Date: 30 Jun 2008 18:44:36 -0400
Message-Id: x
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII; format=flowed; delsp=yes
X-Envelope-To: x
Return-Path: x
X-OriginalArrivalTime: 30 Jun 2008 22:44:37.0571 (UTC) FILETIME=[E0115930:01C8DB02]
Mon, 30 Jun 2008 23:44:37 +0100
Received: from eback01.blueyonder.co.uk ([195.188.53.212]) by smtp-in2.blueyonder.co.uk with Microsoft
SMTPSVC(5.0.2195.6713);
Mon, 30 Jun 2008 23:44:37 +0100
Received: from [172.23.170.143] (helo=anti-virus02-10)
by eback01.blueyonder.co.uk with smtp (Exim 4.52)
id 1KDS6v-00030v-HG
for x; Mon, 30 Jun 2008 23:44:37 +0100
Received: from [66.248.157.190] (helo=camio.limestolimeade.com)
by exim10.blueyonder.co.uk with smtp (Exim 4.68)
(envelope-from <x>)
id 1KDS6v-0004sx-1Z
for x; Mon, 30 Jun 2008 23:44:37 +0100
From: "John Cummuta" <x>
To: x
Reply-To:<x>
Subject: [SPAM] Transforming Debt into Wealth with our eBooks
Date: 30 Jun 2008 18:44:36 -0400
Message-Id: x
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII; format=flowed; delsp=yes
X-Envelope-To: x
Return-Path: x
X-OriginalArrivalTime: 30 Jun 2008 22:44:37.0571 (UTC) FILETIME=[E0115930:01C8DB02]
Body:
A proven system for financial independence. Learn more!
http://camio.limestolimeade.com/C/xx/xxxx/xxxxxxxx
This email is a commercial advertisement. If you wish to not receive information from us, please let us know and you will be excluded from future distributions immediatley
http://camio.limestolimeade.com/U/xxxx/xxxxxxxx Click Here Now to be removed or write us & be sure to include your email address.
Subscriber Requests: 4408 McLean Rd Haltom City TX 76117
http://camio.limestolimeade.com/C/xx/xxxx/xxxxxxxx
This email is a commercial advertisement. If you wish to not receive information from us, please let us know and you will be excluded from future distributions immediatley
http://camio.limestolimeade.com/U/xxxx/xxxxxxxx Click Here Now to be removed or write us & be sure to include your email address.
Subscriber Requests: 4408 McLean Rd Haltom City TX 76117
Comments:
Related Cyber Criminal Profiles:
No related profiles found.Similar Spam Examples:
Wealth Creation Spam - The Six Figure Yearly ProgramThe Retired Millionaire Money Making Spam
Facebook Fans, Twitter Followers and YourTube Views
Data Entry Job Scam - Earn Money online doing data entry from home
Secret Traffic Arbitrage Tactics Internet Marketing Spam
Related Malware Samples:
No related malware samples found.[Share This Page] [Back To The Main SHPAMEE Index] [Next Example]
This offer is not available in your area.
You will be redirected shortly.
It then redirects through the following series of URLs:
http://login.tracking101.com/xx/xxxxxx/
http://login.tracking101.com/geo_tracking_redirect.html?e=xxxxx
http://login.tracking101.com/z/54552/CD579
http://www.perfspot.com/join.asp?p=80247&t=CD579
This example clearly illustrates that you never get what you see in spam e-mails. The e-mail advertises eBooks, but you end up on a completely unrelated site, like a social networking site. Everyone will receive the "We're sorry.." message because there were no eBooks in the first place, the final destination site is always the primary goal of the spammer. In this specific spam example, the final destination site is determined by your geographic location, for example, people living in the United States will end up on a different site than people living in the United Kingdom. In South Africa the link redirects to Perfspot.com. This comes to show how sophisticated spamming has become. To terminate a spam campaign like this you need to take out the tracking site doing the redirects, otherwise the spam campaign will remain active until all destination sites are terminated.
The spam victim's e-mail address is encoded into the links of the spam e-mail, so a mere click on one of these links enables the spammer to identify your e-mail address as an active e-mail account, so don't even think of clicking on the unsubscribe link, you will only get the opposite of what you expected (just like you got the opposite of what you expected from the first link in the spam e-mail).
Very few people realise that they actually pass through a tracking portal before they reach the destination site. These tracking sites, acting as a middle-man between the spam e-mail and the destination site, can be used to verify your e-mail address, install malware on your PC, collect personal information stored on your PC or place a tracking cookie on your PC (and nothing stops a tracking site from doing all of these things at once).
The goal for the spammer is to get the recipient of the spam e-mail to sign up for an account at Perfspot.com (or whatever site it redirects to). The tracking codes at the end of the destination URL are used to monitor the effectiveness of the spam campaign and to identify the affiliate/agent who should receive commission for the referral.
Lately a lot of spam e-mails are signed off with the address: 4408 McLean Rd Haltom City TX 76117. It is the address of Cozmo SEO Power, Inc. and guess whose name and logo comes up when you visit limestolimeade.com, yes you guessed it, Cozmo SEO Power. Off course the domain limestolimeade.com is also registered in their name.
So an important lesson is to be learned from this example: Never click on links in spam e-mails!