posted on May 14, 2005 06:21:06 PM new
Last hour, I've been bombarded with GERMAN garbage email...
Anybody else here on COMCAST??
"I'm going to spend a lot of time on Social Security. I enjoy it. I enjoy taking on the issue. I guess, it's the Mother in me."—Guess Who? Washington D.C., April 14, 2005
posted on May 14, 2005 06:28:36 PM new
What kind of spam are they sending. And I hope they didn't get your email address from that cute Rottweiler that Ralphie's been corresponding with in Munich.
A $75.00 solid state device will always blow first to protect a 25 cent fuse ~ Murphy's Law
posted on May 14, 2005 06:48:19 PM new
Here's a new variation -- I don't see no attachment or virus. Looks like some kind of FLOOD??
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Received: from xgvyjmh.com (c-24-129-108-113.hsd1.fl.comcast.net[24.129.108.113](untrusted sender))
by rwcrmxc13.comcast.net (rwcrmxc13) with SMTP
id <20050515013039r1300felaje>; Sun, 15 May 2005 01:30:50 +0000
X-Originating-IP: [24.129.108.113]
From: [email protected]
To: [email protected]
Date: Sun, 15 May 2005 01:27:27 GMT
Subject: The Whore Lived Like a German
Importance: Normal
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
MIME-Version: 1.0
Message-ID: <[email protected]>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"
Full Article:
http://service.spiegel.de/cache/international/0,1518,344374,00.html
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[ edited by tOMWiii on May 14, 2005 06:49 PM ]
posted on May 14, 2005 06:51:02 PM new
That explains it Tom. I figured a Rottie would have more character and honor than to sell an email addy to a spammer. But those Schnauzers are another story. Never did trust 'em. Those beady eyes are a giveaway. I have the same problem with translating German. Ever so often I'll find a nice German stein with writing on it. Trying to translate the phrases with a German-English dictionary doesn't always work.
A $75.00 solid state device will always blow first to protect a 25 cent fuse ~ Murphy's Law
posted on May 14, 2005 07:58:23 PM new
"Subject: The Whore Lived Like a German"
Sounds like Ralphie is involved with a German Shepard here.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Baseball season has started,but they have it all wrong.3 strikes and you're out,4 balls you walk.I can tell you right now a man with 4 balls could not possibly walk
posted on May 14, 2005 08:25:42 PM new
Sorry to hear that yer schnitzel is kaput -- have you considered purchasing one of Ralphie's Swedish products??
"I'm going to spend a lot of time on Social Security. I enjoy it. I enjoy taking on the issue. I guess, it's the Mother in me."—Guess Who? Washington D.C., April 14, 2005
posted on May 15, 2005 03:31:23 AM new
tomwii ... our Akron Ohio area of Freecycle thru yahoo groups got a sudden spate of German Spam too, yesterday, just like you ... we all were wondering where it came from too.
My servers have been hit by a major outbreak of German language spam. It is all racist in nature (I translated some of it on Lycos Translation.) It is being controlled by web-bots on computers infected with the Trojan.Ascetic.A which was discovered on June 11, 2004. It is also Known as W32.Sober.H@mm, Troj/Sober-H [Sophos]. I have been getting over 1000 of these emails daily, and have been controlling them using MailWasher. The spam doesn't actually carry the trojan. It infects computers through a flaw in RealPlayer. I simply add the spam originator temporaily to my blacklist and it selects all of them for simple deletion. I'll delete the blacklisted names after the outbreak is over automatically using MailWasher's features. If you do this yourself don't bounce the spam since the sender is not responsible - simply infected. A flaw in RealPlayer may be partially to blame for this outbreak.
I have collected all the research I can Google in the following transcripts for you to browse easily.
SPAM in German is Still SPAM
There have been many reports that German language SPAM is being received in large quantities. Analysis by the ISC's Johannes Ulrich shows the content of the samples received to be political in nature, and seem to have been generated by DSL/Cable connected systems, a possible indication that a virus or botnet is being used to propagate the SPAM.
Of note, one of the e-mails contained the phrase "Comment by the author of Sober"
There is malware behind this. It is a version of Sober (Trojan.Ascetic.A). Right now, only one virus scanner identifies it as such. The version we're aware of uses the filename 'datacrypt.exe'.
(Doc says ... you can quickly search drive C: for datacrypt.exe to locate this file for a fast check to see if you're infected)
See Norton's website at http://securityresponse.symantec.com/avcenter/venc/data/trojan.ascetic.a.html for details on detection and removal.
(source: http://isc.sans.org/diary.php?date=2004-06-10)
German spam source found, Real services vulnerability
We have had one report of a user receiving traffic on multicast addresses 244.1.0.0 with a negative source port and a destination port of 4. Some firewalls translate the source port to 0. We are interested in any one else seeing similar traffic and packet traces.
The source of German right wing spam making its round on the Internet the last few days has been identified as a variant of the sober worm. It is identified by a file called datacrypt.exe and is launched in the registry HKLM/software/microsoft/windows/currentversion/run/ The infection method is the same as Sober.G. On start up it connects to a time server in Berlin and then begins Trojan.Ascetic.A to send email messages.
Reports are being received relating to vulnerabilities in Realplayer services. You may wish to block the ports listed below that the realplayer services uses on firewalls. That will not completely mitigate this vulnerability as it could be triggered by downloading (via http, ftp ...) a realplayer movie and running it locally. I would recommend until realplayer is patched on any vulnerable system that you disable realplayer as the default application for opening .RA, .RM, .RV or .RMJ. In XP you can do that by browsing to your c: drive and selecting a folder then from the tool bar select folder options and file types. Look for files opened by realplayer and change those to be opened by another application or to not have a default application.
Well Known ports used by realservers.
TCP port 7070 for connecting to pre-G2 RealServers TCP port 554 and 7070 for connecting to G2 RealServers UDP ports 6970 - 7170 (inclusive) for incoming traffic only
(Source: http://isc.sans.org/diary.php)
Spam Zombies to blame for German spam bomb yesterday
- German Spam Floods Inboxes
02:00 AM Jun. 11, 2004 PT
E-mail users around the world got a rude awakening Thursday when a spammer flooded their inboxes with nationalist, borderline-racist propaganda in German.
The messages -- which appeared to blame immigrants, prisoners and welfare recipients for Germany's problems -- hit recipients in California, Finland, Germany and the Netherlands, according to initial reports on antispam mailing lists. Some recipients reported receiving just a few messages, while others reported being overwhelmed by thousands of pieces of the spam.
In comparison to other propaganda that can be found on the Internet, the messages are relatively mild. "Bankruptcy of the health service by foreigners" read the subject line of one message. "What Germany needs is more German children," argued another.
But it wasn't the context of the messages that had some observers troubled. Rather, it was the method by which they were transmitted: through spam zombies.
Zombies are personal computers that have been infected with a virus that allows spammers to control them from a remote location for the purposes of sending out mass quantities of spam. These infected machines allow spammers to send much more e-mail than they could with their own e-mail server. It also makes it harder for authorities to trace the source of the messages.
Technologists said they believe political activists may be finding these qualities more and more attractive as they seek to spread their message beyond local boundaries. For e-mail users, that could mean more propaganda is on the way.
"It's the online equivalent to those guys who scream at you in subways, only now they have spamware to amplify their crazed ramblings," said Steven Champeon, technology chief of consulting firm www.hesketh.com. "I can't wait to start getting mail regarding that pressing town-meeting issue in East Overshoe, Wyoming, that has no bearing on me or my life and about which I can do nothing."
IronPort spam strategist Julian Haight, founder of the company's SpamCop antispam service, confirmed that Thursday's blast had the markings of a zombie-aided mailing. "We're seeing the same message sent from a variety of IP addresses, which tells me that it was sent from a farm of zombies," he said. "Chances are that somebody with a political agenda is contracting with a spammer from start to finish."
Unfortunately for the unwilling recipients of such messages, tracking down the senders can be next to impossible. In addition to being able to hide behind spam zombies, the senders have another thing going for them: They're not leaving a money trail.
"Usually, you expect some punch line about which bank you can send your money to," said Haight. "But there's nothing like that in these messages." The usual tactic of buying a product and waiting to see who collects the money is, therefore, not an option in this case.
In other words, unless technologists modify the underlying architecture of the Internet to prevent zombie attacks, political activists have at their disposal a perfect megaphone, one that can't be turned off.
Said Champeon, "Welcome to the new Internet."
(Source: http://www.wired.com/news/technology/0,1282,63806,00.html)
***************************************************
http://stores.ebay.com/Moody-Mommys-Marvelous-Postcards
[ edited by neglus on May 15, 2005 05:33 AM ]
posted on May 15, 2005 10:36:14 PM new
I don't have comcast, but have been receiving that spam for about a week now. At least I can delete them before they are opened.
.
.
.
Alive in 2005
posted on May 15, 2005 10:49:27 PM new
Be careful on the delete button Stone. One of those Emails has a great recipe for German chocolate cake. You want to open, read, and translate each one before you delete it.
A $75.00 solid state device will always blow first to protect a 25 cent fuse ~ Murphy's Law
posted on May 16, 2005 06:56:01 AM new
I use Comcast too and yep, last week got a few with German titles, never opened them so I was wondering what kind of spam they were sending.
posted on May 16, 2005 07:03:58 PM new
This was on one of our local TV. stations ( LA Area) a couple of hours ago. Only mentioned e-mail in general with no reference to Comcast. Apparently does no harm except if you click on the e-mail, you generate many more.
buyhigh
posted on May 19, 2005 07:07:25 AM new
mine started on May 15 (see samples below:
I am using dialup (earthlink).
I dumped them into my SPAM folder which will delete them after 30 days.
thanks for the discussion & tech info - it has been a big help.
the 4 below all show an address: spiegal.de, but I dont know if that is part of the spam_mail message, or an ad at the begining (like hotmail and other free mail providers do). To find out, I'd have to open the mail, which I do not want to do.
I have also started getting other German e-mail where the msg is in german.
these are annoying, but not yet a flood. I have been getting flooded with obnoxious SPAM from another source for several months. I have practically closed the primary email provider that I had used (with no prior problems) for over 3 yrs.
1] crosstome1965 Spam The Whore Lived Like a German - Full Article: http://service.spiegel.de/cache/international/0,1518,344374,00.html May 18
2] rcardare Spam The Whore Lived Like a German - Full Article: http://service.spiegel.de/cache/international/0,1518,344374,00.html May 16
3]
strawberrydelight561 Spam The Whore Lived Like a German - Full Article: http://service.spiegel.de/cache/international/0,1518,344374,00.html May 15
4]
tymerx Spam The Whore Lived Like a German - Full Article: http://service.spiegel.de/cache/international/0,1518,344374,00.html May 15
posted on May 19, 2005 05:33:08 PM new
i have been getting HUNDREDS a day for 2 days now...from all different email address... all german related - the whore and all the others...all different subject titles and i know quite a few other people getting them as well
posted on May 20, 2005 06:19:05 PM new
The Chinese are overunning my position,,,,Call in for Artillery!!!!!!! 100's of Scout e mails are making there way through the wire!!!! ( they are using some pretty sexy looking babes in this manuver!) I have no idea what they are saying but the BODY language is REALLY Clear! ##%%%**(%$$@@,##$$%^%!!&&&&$$$^%****&^6666%%%%****8,,@@####,^^^^^^<;,,,,,,,><<<<<@@@@2,,OH YEAH!!!!!! Come on you Commie! Yikes!!!!!! They Know there Stuff,,,,
posted on May 20, 2005 06:50:03 PM new
I've received three so far. I'm on AOL. One made it to my inbox, but the other two landed in my spam folder. Looks like AOL may have put a block on these somehow. Sellers on AOL who have legit customers in Germany may want to consider using Yahoo or Hotmail for awhile to conduct business with them. AOL is pretty heavy handed on spam and sometimes their nets catch a few dolphins along with the sharks.
A $75.00 solid state device will always blow first to protect a 25 cent fuse ~ Murphy's Law
posted on May 20, 2005 07:11:33 PM new
Call in for Artillery!!!!!!!
For heavans sake lets not get the artillery out to get the Germans,even those with whores.Krauts as a whole luv Americans.
Those emails are nothing but dreck (smut)spam.
I don't know about the Chinese based spam
problem but the German text spam has been well reported.
I am a first generation American, guess where my parents were born ...yep
-------------------------------------
A liberal is a man too broadminded to take his own side in a quarrel.
Robert Frost
posted on May 20, 2005 07:23:53 PM new
Deur1...Just wondering, can you read and speak German fluently? We could sure use a resident translator here on Vendio. Ever so often, a poster will come up with something that needs to be translated. Even though my wife's family is from Germany, she never learned the language. Makes it difficult when you have a great looking German stein with an inscription to list and you don't know whether to put it in the stein or adult category
A $75.00 solid state device will always blow first to protect a 25 cent fuse ~ Murphy's Law
posted on May 20, 2005 07:31:40 PM new
Just wondering, can you read and speak German fluently?
-------------------------------
Fairly well, I still write my relatives, they speak German and English so they understand if I messup.
They live near Alsae-Lorraine. NO they are not French they are German. Nothing ruffles a German feathers more than being mistaken for French
My parents spoke fluent English,rarely spoke German at home.I was born here as was my siblings.
I am American and proud of it!
------------------------------------------------
A liberal is a man too broadminded to take his own side in a quarrel.
