Spring Gift, 1200 at Registration, Reel Vegas Online Casino
[Previous Example] [Share This Page] [Back To The Main SHPAMEE Index] [Next Example]
VERY IMPORTANT INFORMATION, READ THIS FIRST: The example and associated information published on this page are subject to the SHPAMEE Terms Of Use. Please familiarise yourself with these terms before viewing or using any information on this page.
Header:
From - Thu Apr 22 20:38:42 2010
X-Account-Key: account2
X-UIDL: x
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
X-Apparently-To: x
X-YahooFilteredBulk: 218.210.35.203
X-YMailISG:
hMd4RIQWLDu.t70FYbpLYrf_9MbH0uKIS8PgeX1oY9kGGTztvp2cB6wMbI07lcjnbTCUAQNjKBbkoowld9iihez...
pjmv2QXbP8aHquae04xA3d1Lkl_mV8C0kRsQWhbSc9aZqsIKZALoByZLrrj0uGHSbgQ505J7T0z97nCYeMUvZRK...
nGnfJ60InpZVnYI23dIjmf8TCrdOyS_zIsTIKwQSwj8qjuu0HegEQwFAMNP3l032v4z1WEUsmWzwyT4JdAPZvC4...
qcZw7YvOk6EcPQcyBVPiVugcsbQXC4aodWQdUdIsw6Ij3BmaYcH0k5LBaMUMHVFd0AZqUHfqTbvqFQDojgKWT2W...
qPIev6rRcr6ZX2B8K2m.AkiM8olNp761HBR75.eCGMJ4qSQ3WaZpnmT2JZ1ZOVaKYMqdVYrUdhMR2r2kRH1sXcM...
Mo3Sojdn7IsOkmDXQVJ7zFbWdaoeUxVGvsLJENpL0dbK3_WXhKlYZ719sDXTeUKFPbwLIYI8yX78pOjw2AVagLm...
1ot1qp3MP_f1W.3kMZUXXuMcAJZGoDRyerJmrCi52nc4eYRRsMZFdEh9tPOtm3Gt.BzKZ1pjzM8YqhhxxhBQqRU...
X-Originating-IP: [218.210.35.203]
Authentication-Results: mta1091.mail.ukl.yahoo.com from=; domainkeys=neutral (no sig);
from=alpilles-luberon-immobilier.com; dkim=neutral (no sig)
Received: from 127.0.0.1 (HELO 218-210-035-203.catvisp.net.tw) (218.210.35.203)
by mta1091.mail.ukl.yahoo.com with SMTP; Wed, 21 Apr 2010 21:15:07 -0700
Date: Thu, 22 Apr 2010 00:09:53 -0500
Message-ID: <x@isomer.cienciaficcion.com>
From: "Reel Casino©" <GeorgiaCooper@alpilles-luberon-immobilier.com>
To: x
Subject: Spring gift, €1200 at registration
MIME-Version: 1.0
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: 7bit
X-Account-Key: account2
X-UIDL: x
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
X-Apparently-To: x
X-YahooFilteredBulk: 218.210.35.203
X-YMailISG:
hMd4RIQWLDu.t70FYbpLYrf_9MbH0uKIS8PgeX1oY9kGGTztvp2cB6wMbI07lcjnbTCUAQNjKBbkoowld9iihez...
pjmv2QXbP8aHquae04xA3d1Lkl_mV8C0kRsQWhbSc9aZqsIKZALoByZLrrj0uGHSbgQ505J7T0z97nCYeMUvZRK...
nGnfJ60InpZVnYI23dIjmf8TCrdOyS_zIsTIKwQSwj8qjuu0HegEQwFAMNP3l032v4z1WEUsmWzwyT4JdAPZvC4...
qcZw7YvOk6EcPQcyBVPiVugcsbQXC4aodWQdUdIsw6Ij3BmaYcH0k5LBaMUMHVFd0AZqUHfqTbvqFQDojgKWT2W...
qPIev6rRcr6ZX2B8K2m.AkiM8olNp761HBR75.eCGMJ4qSQ3WaZpnmT2JZ1ZOVaKYMqdVYrUdhMR2r2kRH1sXcM...
Mo3Sojdn7IsOkmDXQVJ7zFbWdaoeUxVGvsLJENpL0dbK3_WXhKlYZ719sDXTeUKFPbwLIYI8yX78pOjw2AVagLm...
1ot1qp3MP_f1W.3kMZUXXuMcAJZGoDRyerJmrCi52nc4eYRRsMZFdEh9tPOtm3Gt.BzKZ1pjzM8YqhhxxhBQqRU...
X-Originating-IP: [218.210.35.203]
Authentication-Results: mta1091.mail.ukl.yahoo.com from=; domainkeys=neutral (no sig);
from=alpilles-luberon-immobilier.com; dkim=neutral (no sig)
Received: from 127.0.0.1 (HELO 218-210-035-203.catvisp.net.tw) (218.210.35.203)
by mta1091.mail.ukl.yahoo.com with SMTP; Wed, 21 Apr 2010 21:15:07 -0700
Date: Thu, 22 Apr 2010 00:09:53 -0500
Message-ID: <x@isomer.cienciaficcion.com>
From: "Reel Casino©" <GeorgiaCooper@alpilles-luberon-immobilier.com>
To: x
Subject: Spring gift, €1200 at registration
MIME-Version: 1.0
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: 7bit
Body:
| You do not presume to go to Las Vegas - anything terrible then Las Vegas will arrive to you. Huge choice of games online, on interest and on money. In our casino money will be strewed to you to hands as snow, without a stop. It is luxury which you presume. Receive yours €1200 at registration So do not put off that you can make today. |
Comments:
Related Cyber Criminal Profiles:
No related profiles found.Similar Spam Examples:
Seven Stars Online Casino - Spring gift, 1000 at registrationWorld Casino Online Gambling Spam
BlackJack Ballroom - Your ticket number could be a winner
Anonymous Online Casino Spam
Casino Action Spam - You are among the winners
Related Malware Samples:
No related malware samples found.[Previous Example] [Share This Page] [Back To The Main SHPAMEE Index] [Next Example]
The e-mail contains a link to an advertising page for the Reel Vegas Online Casino. Almost every link on this page points to an executable file called reelvegasen.exe. Jotti's malware scan delivered no results for this specific file. (Click here for the scan results).
Even if the file isn't malware, you still shouldn't trust it. There is absolutely no guarantee that the information you submit through this software will be treated confidentially. Your personal details may be shared with 3rd parties, resulting in more spam, your credit card details may be stolen, resulting in fraudulent transactions being processed on your credit card or even worse, your identity might be stolen. The possibilities for problems are endless.
Closer inspection of the file revealed that it is an installer for the Royal Vegas Online Casino gambling software (provided by FortuneLounge) and not Reel Vegas Online Casino, as advertised on the spammer's web page. So the spammer is most likely an affiliate of FortuneLounge, or more precisely, FortuneAffiliates.
The spamvertised website was registered by a Sun Qiang from China on 2010-04-12 17:05:28 (the spam e-mail apparently originated from Taiwan). Details about other Casino Spam sites, registered by the same spammer, can be found at malwareurl.com. We noticed that each site was registered a couple of seconds after the other one, so this spammer has been a busy boy (or girl).
The WHOIS information of these sites also appears to be invalid, because the Nameservers for these domains are listed as ns1.bestseasilver.com and ns2.bestseasilver.com, a suspended domain registered on 20 March 2010, to Yuri Vernitsky from Russia, but a traceroute revealed 59.53.91.116 (China Telecom) as the IP address for these sites (no reverse DNS entry was found for this IP address). So we guess that explains the funny English in this e-mail.
The Registrar of Sun Qiang's Casino Spam sites, is BEIJING INNOVATIVE LINKAGE TECHNOLOGY LTD, a registrar known for being in breach of ICANN's RAA in the past, but they are also known as one of the registrars who apparently got their act together, after receiving a breach notice from ICANN. So is history repeating itself?
Preview of the spamvertised site: