Groups > EMAIL > Spamcop Spam discussion > Re: Suspicious, possibly malicious spam

Suspicious, possibly malicious spam

Suspicious, possibly malicious spam
	Thu, 17 May 2007 20:27:12 -040
I am not sure if this spam is really from "PC Advisor" but the length of the URLs that are clickable in the body of the email look suspicious. I have munged the links by changing .com to .mung Could someone here check this out to see if there needs to be a warning? If this is malicious it can be quite effective to harm computers. It looks genuine. This spam offers a download to speed up the PC and an UPdate. ===========suspicious spam=========== malicious X-SpamPal-Timeout: Prevent Received: from smtp1.mydot.com [my IP] by mydot.com with ESMTP (SMTPD-8.22) id AA220A38; Thu, 17 May 2007 14:08:34 -0400 Received: from localhost (localhost.localdomain [127.0.0.1]) by smtp1.mydot.com (Postfix) with ESMTP id 130C828558 for <my email>; Thu, 17 May 2007 14:08:27 -0400 (EDT) X-Quarantine-ID: <iyXuKRa4cDcm> X-Virus-Scanned: amavisd-new at mydot.com X-Spam-Flag: YES X-Spam-Score: 12.151 X-Spam-Level: ************ X-Spam-Status: Yes, score=12.151 tagged_above=6 required=7.6 tests=[BAYES_50=0.001, BOTNET_SERVERWORDS=0, DATE_IN_FUTURE_96_XX=1.439, DKIM_POLICY_SIGNSOME=0.001, DK_POLICY_SIGNSOME=0.001, HTML_MESSAGE=0.001, L_P0F_Unix=-0.15, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=4, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_MXRATE_GOOD=-0.1, RCVD_IN_WLACC=-1.5, URIBL_BLACK=2, URIBL_JP_SURBL=1.501, URIBL_WS_SURBL=1.5] X-Amavis-OS-Fingerprint: FreeBSD 4.7-5.2 (or MacOS X 10.2-10.4) (2) (up: 2038 hrs), (distance 12, link: ethernet/modem), [206.190.59.40] Received: from smtp1.mydot.com ([127.0.0.1]) by localhost (smtp1.mydot.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id iyXuKRa4cDcm for <myemaol@dot.com>; Thu, 17 May 2007 14:08:21 -0400 (EDT) Received: from mta224.mail.re4.yahoo.com (mta224.mail.re4.yahoo.com [206.190.59.40]) by smtp1.mydot.com (Postfix) with SMTP id 97F9F28566 for <myemail@dot.com>; Thu, 17 May 2007 14:08:16 -0400 (EDT) X-Yahoo-Forwarded: from other@yahoo.com to my@adot.com X-YahooFilteredBulk: 67.106.80.85 X-Originating-IP: [67.106.80.85] Authentication-Results: mta224.mail.re4.yahoo.com from=dailydealwirealert.com; domainkeys=neutral (no sig) Received: from 67.106.80.85 (EHLO m8.dailydealwirealert.mung) (67.106.80.85) by mta224.mail.re4.yahoo.com with SMTP; Thu, 17 May 2007 11:08:13 -0700 Message-ID: <414.107176957560@m8.dailydealwirealert.mung> From: "PC Advisor" <PCAdvisor@dailydealwirealert.mung> To: "Me" <my@yahoo.mung> Subject: Give your PC a boost in 2 minutes! Date: Sat, 16 Jun 2007 13:08:13 -0500 Reply-To: "PC Advisor" <PCAdvisor@dailydealwirealert.mung> MIME-Version: 1.0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: 7bit <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org-mung/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Untitled Document</title> <style type="text/css"> <!-- .style1 { font-family: Arial, Helvetica, sans-serif; font-size: 10px; } .style2 {font-size: 10px} --> </style> </head> <body> <IMG SRC="http://m8.dailydealwirealert.mung/20374oZJQh2pr58881540r0BF1896jqq08cm Js"><BR> <center> <table width="764" height="566" border="1" align="center" cellpadding="0" cellspacing="0" bordercolor="#6487DC"> <tr> <td height="49" colspan="2" bgcolor="#6487DC"><p align="left"><font size="5"><strong><font color="#FFFFFF" face="Verdana, Arial, Helvetica, sans-serif">Update Notice For Your Computer</font></strong> </font></p></td> </tr> <tr> <td width="272" bordercolor="#003C74"><div align="center"> <table width="103" height="59" border="1" align="right" cellpadding="0" cellspacing="0" bordercolor="#000000"> <tr> <td width="99" height="57"><table width="92" height="47" border="0" align="center" cellpadding="0" cellspacing="0"> <tr> <td bgcolor="#00754D"><div align="center"><font color="#000000"><strong><font size="1" face="Arial, Helvetica, sans-serif">Before</font></strong></font></div>& lt;/td> </tr> <tr> <td height="14" bgcolor="#2B93DA"><div align="center"><font color="#000000"><strong><font size="1" face="Arial, Helvetica, sans-serif">After</font></strong></font></div>&l t;/td> </tr> <tr> <td height="12" bgcolor="#E7D30F"><div align="center"><font color="#000000"><strong><font size="1" face="Arial, Helvetica, sans-serif">Test Error </font></strong></font></div></td> </tr> </table></td> </tr> </table> <p><font size="2" face="Arial, Helvetica, sans-serif"><br /> <br /> </font><br /> <font color="#000000"><strong><font size="2" face="Verdana, Arial, Helvetica, sans-serif"><br /> Harddisk Performance Benchmark</font></strong></font></p> <table width="200" border="1" align="center" cellpadding="0" cellspacing="0" bordercolor="#000000"> <tr> <td width="35" bgcolor="#00754D"> </td> <td width="165" bgcolor="#CCCCCC"><div align="center"><font color="#FFFFFF" size="2" face="Verdana, Arial, Helvetica, sans-serif"><strong>2560 kb/s</strong></font> </div></td> </tr> </table> <br /> <table width="200" border="1" align="center" cellpadding="0" cellspacing="0" bordercolor="#000000"> <tr> <td width="138" bgcolor="#2B93DA"><div align="center"><font color="#FFFFFF" size="2" face="Verdana, Arial, Helvetica, sans-serif"><strong>8192 kb/s</strong></font> </div></td> <td width="62" bgcolor="#CCCCCC"> </td> </tr> </table> <strong><font color="#000000" size="2" face="Verdana, Arial, Helvetica, sans-serif"><br /> Performance Improvement: <font size="3">220%</font><br /> <br /> Menu Speed Benchmark<br /> </font></strong> <table width="200" border="1" align="center" cellpadding="0" cellspacing="0" bordercolor="#000000"> <tr> <td width="28" bgcolor="#00754D"> </td> <td width="172" bgcolor="#CCCCCC"><div align="center"><strong><font color="#FFFFFF" size="2" face="Verdana, Arial, Helvetica, sans-serif">1 Speedup Factor </font></strong></div></td> </tr> </table> <br /> <table width="200" border="1" align="center" cellpadding="0" cellspacing="0" bordercolor="#000000"> <tr> <td width="139" bgcolor="#2B93DA"><div align="center"><strong><font color="#FFFFFF" size="2" face="Verdana, Arial, Helvetica, sans-serif">5 Speedup Factor </font></strong></div></td> <td width="61" bgcolor="#CCCCCC"> </td> </tr> </table> <strong><font size="2" face="Verdana, Arial, Helvetica, sans-serif"><br /> Performance Improvement: <font size="3">400%</font><br /> <br /> Bootup Speed Benchmark<br /> </font></strong> <table width="200" border="1" align="center" cellpadding="0" cellspacing="0" bordercolor="#000000"> <tr> <td width="46" bgcolor="#00754D"> </td> <td width="154" bgcolor="#CCCCCC"><div align="center"><strong><font color="#FFFFFF" size="2" face="Verdana, Arial, Helvetica, sans-serif">19 Speedup Factor </font></strong></div></td> </tr> </table> <br /> <table width="200" border="1" align="center" cellpadding="0" cellspacing="0" bordercolor="#000000"> <tr> <td width="55" bgcolor="#2B93DA"> </td> <td width="139" bgcolor="#CCCCCC"><div align="right"><strong><font color="#FFFFFF" size="2" face="Verdana, Arial, Helvetica, sans-serif">33 Speedup Factor </font></strong></div></td> </tr> </table> <strong><font size="2" face="Verdana, Arial, Helvetica, sans-serif"><br /> Performance Improvement: <font size="3">73%</font> <br /> <br /> </font></strong> <table width="181" height="31" border="1" align="right" cellpadding="0" cellspacing="0" bordercolor="#003C74"> <tr> <td width="177" bgcolor="#F2F2ED"><div align="center"><a href="http://m8.dailydealwirealert.mung/28638fvY258ykcl881540z0lz1EO89608Mc hGY101CDlO"><font color="#000000" face="Verdana, Arial, Helvetica, sans-serif">Check PC Speed</font></a> </div></td> </tr> </table> <p> </p> </div> <font color="#000000" size="1" face="Arial, Helvetica, sans-serif">*Sample results before and after Tune Up. Actual<br /> results may vary from system to system. <br /> </font></td> <td width="486"><p align="left"><font size="5"><strong><font face="Verdana, Arial, Helvetica, sans-serif">Recommended Update</font></strong></font></p> <p align="left"><font color="#000000" size="2" face="Verdana, Arial, Helvetica, sans-serif">The following update is available for your computer. To select an<br /> update you want to install, click <strong>Download Update Now</strong>.</font></p> <p align="left"><font color="#000000" size="3"><strong><font face="Verdana, Arial, Helvetica, sans-serif">612082: PC Performance Update for Windows</font></strong></font></p> <p align="left"><font color="#000000" size="2" face="Verdana, Arial, Helvetica, sans-serif">This is what your PC speed may look like if you install this update. </font></p> <p align="left"><font color="#000000" size="2" face="Verdana, Arial, Helvetica, sans-serif"><strong>This update can:</strong></font></p> <ul> <li> <div align="left"><font color="#000000" size="2" face="Verdana, Arial, Helvetica, sans-serif"><strong>Boost your PC performance</strong> in two minutes <strong>automatically</strong>.</font></div> </li> <li> <div align="left"><font color="#000000" size="2" face="Verdana, Arial, Helvetica, sans-serif"><strong>Prevent slow performance</strong>, Windows freezes and slow boot-up</font>.</div> </li> </ul> <p align="left"><font size="2"><strong><a href="http://m8.dailydealwirealert.mung/28638fvY258ykcl881540z0lz1EO89608Mc hGY101CDlO"><font color="#0033FF" face="Verdana, Arial, Helvetica, sans-serif">Read more about this update.</font></a> </strong></font></p> <table width="284" height="35" border="1" align="right" cellpadding="0" cellspacing="0" bordercolor="#003C74"> <tr> <td width="89"><div align="center"><font size="2" face="Verdana, Arial, Helvetica, sans-serif"><a href="http://m8.dailydealwirealert.mung/28638fvY258ykcl881540z0lz1EO89608Mc hGY101CDlO"><font color="#000000">More Info</font></a> </font></div></td> <td width="189"><div align="center"><font size="2" face="Verdana, Arial, Helvetica, sans-serif"><a href="http://m8.dailydealwirealert.mung/28638fvY258ykcl881540z0lz1EO89608Mc hGY101CDlO"><font color="#000000">Download Update Now</font></a> </font></div></td> </tr> </table> <p> </p></td> </tr> </table> <p><a href="http://m8.dailydealwirealert.mung/28638fvY258ykcl881540z0lz1EO89608Mc hGY101CDlO"><br /> <br /> <img src="http://m8.dailydealwirealert.mung/1431H18960m8VFVi9584n79XPGEW1.gif&qu ot; border="0"></a></p> <p class="style2">ABOUT THIS ADVERTISEMENT<br /> This advertisement above was sent to you by an inKline Global, Inc. affiliate. To unsubscribe from further advertisement regarding this product offer, go to http://www.inklineglobal.mung/cgi-bin/mailing/iguserunsubcribe.cgi</p> <p class="style2">If you have any questions or concerns, please write to us at inKline Global, Inc. 77 Bencoolen Street, #04-01, Singapore 189653. </p> <font face="Arial, Helvetica, sans-serif"> </font> <p> </p> <p class="style1"> </p> </center> <DIV align=center><A href="http://m8.dailydealwirealert.mung/8c25888154u0tbtp0YTMY18X9608Zkm&quo t;><IMG SRC="http://m8.dailydealwirealert.mung/899ux14fj6Te8093.gif" BORDER=0></A></DIV><BR> </BODY> </html> -- -- Willow
Post Reply
Re: Suspicious, possibly malicious spam
	Sat, 19 May 2007 09:24:12 -070
Posted to .spam & .help; f/ups to .help to prevent discussion in .spam Willow wrote: > I am not sure if this spam is really from "PC Advisor" but the length > of the URLs that are clickable in the body of the email look > suspicious. I have munged the links by changing .com to .mung > Could someone here check this out to see if there needs to be a > warning? If this is malicious it can be quite effective to harm > computers. It looks genuine. This spam offers a download to speed > up the PC and an UPdate. > > ===========suspicious spam=========== malicious <snip> It is about the affiliate program. That is a straightup spam [From = source = spamvertiser]. The first redirect is for keeping track of the affiliate scorecard and the second redirect is to take you to the site. The actual site is here: http://www.inklineglobal.com/adsales/silverinet/testing_tuneup.html inklineglobal's affiliate deals for pcbooster are here: http://www.inklineglobal.com/affiliates/pcbooster.html The long URL most likely is just something to help identify you the mail recipient or the affiliate or whatever: http://m8.dailydealwirealert.com/28638fvY258ykcl881540z0lz1EO89608MchGY101CDlO it redirects to http://partners.cpacoreg.com/z/7394/CD8/543 which redirects to inklineglobal The frontpage of partners http://partners.cpacoreg.com has links for affiliates and links for spamvertisers and explains their purpose here http://www.cpacoreg.com/about_us.php This isn't about malicious. This is about keeping track of the remuneration for being a 'successful' affiliate, which affiliates lead purchasing customers to the site and the affiliate gets paid for the s/w the customer buys. So, there is motivation for spammers. Typically affiliate programs make rules about not spamming, so that they can take away the money from the affiliate if they want to. Affiliate programs not only support/encourage spamming while they are pretending to prohibit it, but they also screw over the spamming affiliates whenever they feel like it. These games are one of the many reasons that people shouldn't open their spam to see if something is a good deal or not, because the pledged antispammer would be committed to never buying something from a spam promotion because it is all such a dirty business -- so since the pledged antispammer is committed to never opening a spam curiously or interestedly, then the only job is to report it, which doesn't require opening it. -- Mike Easter kibitzer, not SC admin
Post Reply
Re: Suspicious, possibly malicious spam
	Sat, 19 May 2007 09:24:12 -070
Posted to .spam & .help; f/ups to .help to prevent discussion in .spam Willow wrote: > I am not sure if this spam is really from "PC Advisor" but the length > of the URLs that are clickable in the body of the email look > suspicious. I have munged the links by changing .com to .mung > Could someone here check this out to see if there needs to be a > warning? If this is malicious it can be quite effective to harm > computers. It looks genuine. This spam offers a download to speed > up the PC and an UPdate. > > ===========suspicious spam=========== malicious <snip> It is about the affiliate program. That is a straightup spam [From = source = spamvertiser]. The first redirect is for keeping track of the affiliate scorecard and the second redirect is to take you to the site. The actual site is here: http://www.inklineglobal.com/adsales/silverinet/testing_tuneup.html inklineglobal's affiliate deals for pcbooster are here: http://www.inklineglobal.com/affiliates/pcbooster.html The long URL most likely is just something to help identify you the mail recipient or the affiliate or whatever: http://m8.dailydealwirealert.com/28638fvY258ykcl881540z0lz1EO89608MchGY101CDlO it redirects to http://partners.cpacoreg.com/z/7394/CD8/543 which redirects to inklineglobal The frontpage of partners http://partners.cpacoreg.com has links for affiliates and links for spamvertisers and explains their purpose here http://www.cpacoreg.com/about_us.php This isn't about malicious. This is about keeping track of the remuneration for being a 'successful' affiliate, which affiliates lead purchasing customers to the site and the affiliate gets paid for the s/w the customer buys. So, there is motivation for spammers. Typically affiliate programs make rules about not spamming, so that they can take away the money from the affiliate if they want to. Affiliate programs not only support/encourage spamming while they are pretending to prohibit it, but they also screw over the spamming affiliates whenever they feel like it. These games are one of the many reasons that people shouldn't open their spam to see if something is a good deal or not, because the pledged antispammer would be committed to never buying something from a spam promotion because it is all such a dirty business -- so since the pledged antispammer is committed to never opening a spam curiously or interestedly, then the only job is to report it, which doesn't require opening it. -- Mike Easter kibitzer, not SC admin
Post Reply

about | contact