[Esa-l]The Spammers, and how they operate

[Forrest Aldrich]

For about 2 weeks (or more), we (a wholesale dial access provider) have 
been getting 100's of complaints about a user that has these domains:

virtualwebads.com
cyberwebads.com
onlinewebads.com
(and perhaps others).

He signed up for these on internetregistration.com, who uses opensrs.org as 
a registrar.

The user then began signing up on various ISPs (some of which were our 
customers), and apparently using fraudulent/fake credit card numbers -- 
where he began spamming.

In the spam, are urls that point to these web pages.   What he is doing is 
updating his DNS to point to the dynamically allocated address he 
gets.  AND, further more he's calling from Detroit, where there is no ANI 
available.

I contacted internetregisration.com (via phone) to explain what's 
happening, and I'm not sure they understand how to handle this (I suggested 
they delete the domain names :-) ).

The user moved on to UUNET (onlinewebads.com) where he was doing the same 
thing.  Fine, so I called UUNET to tell them what's going on.

The guy I spoke with told me about another "notorious spammer" that they 
tracked, and with whom he spoke.  The "spammer" offered this guy a job, 
paying 7,000.00 a day (or something absurd like that), and went on to say 
that they strategically identify areas like Detroit that do not have ANI 
available (old phone lines), where they then proceed with their spamming 
business.   Apprently it is big money.  *shrug*

Apparently some spammers are harboring in Hawaii areas, where there is no 
ANI as well.

We were very busy today, doing lookups in our radius database, and 
disconnecting him.  Odd, sometimes we would get no ANI and others we'd get 
a malformed ANI (bogus data, probably).

Thought you might find this of interest.



Forrest