Oh, this is just rich!

Posted by: MacBozo

Oh, this is just rich! - 06/27/13 12:38 AM

I've been getting these on a daily basis for several weeks and I've simply been marking them as Junk and then deleting them. This evening, I decided to see just where those hot links went:

I don't have the time this evening to do a Who Is or Trace Route on the IP. I'm assuming that it is from an infected machine rather than the original launch point.

EDIT: I did do a Whois and a Traceroute.
Whois ID'd it as a server in St. Petersburg, Russia and the Traceroute confirmed it.

Whois is very informative yielding the hosting service's name, address, building number, and office number. Anyone wanna go egg the place? wink
Posted by: steveg

Re: Oh, this is just rich! - 06/27/13 10:35 AM

SPAM du jur. Been seeing those for a few weeks. Boredom must weigh heavily on the lives of these losers.
Posted by: Reboot

Re: Oh, this is just rich! - 06/27/13 01:24 PM

It's not a virus though. I followed the URL, it takes you to a phony website for Viagra etc. that was just registered 6-14. It's used to harvest credit card information. Google us drugs Ltd.


The picture on the wiki page is the same as your URL. They use the same phony license number like in the wiki. It's in the small print at the bottom of the page except they say it's from Texas.

My search fu is strong. grin
Posted by: Celandine

Re: Oh, this is just rich! - 06/27/13 01:49 PM

whateveah's werkin' for the Nigerians! grin

Thanx for the Heads-Up!

I'll be watching my In-Box 4

defunct Czars offering a reward
in return for My BANK Information to
help him to launder a Dozen Fabrege' Eggs. grin