Spam with a toxic link twist

Jun 30, 2007 16:59

Columbia, SC - From today's e-mail was this plain Jane missive with the subject "You've received a greeting card from a friend!":
Good day.

Your friend has sent you a greeting card from postcardsfrom.com.

Send free ecards from postcardsfrom.com with your choice of colors, words and music.

Your ecard will be available with us for the next 30 days. If you wish to keep the ecard longer, you may save it on your computer or take a print.

To view your ecard, choose from any of the following options:

--------
OPTION 1
--------

Click on the following Internet address or
copy & paste it into your browser's address box.

http://69.132.108.x/?e0403eca36dcae987dxxxxxxxxxxx

--------
OPTION 2
--------

Copy & paste the ecard number in the "View Your Card" box at http://69.132.108.x/

Your ecard number is
e0403eca36dcae987d9000be022dxxxxxxxxxx

Best wishes,
Mailer-Daemon,
postcardsfrom.com

*last portion of the URL is an 8. I changed it to an 'x' to avoid anyone accidentally clicking on it and getting a case of the computer clap. If you want to see what it does, replace the 'x' with an '8' and you're in. I also changed the last 11 digits in the identifier so the harvesting web site would not validate my e-mail address for spam purposes.

If you follow the link in option 2 you get a web page with text that reads, "We are currently testing a new browser feature. If you are not able to view this ecard, please click here to view in its original format." The 'click here" links to an executable named ecard.exe.

Okay, so I know that most of you reading this are computer savvy enough to at most, check to see where the link leads and then delete this spam untouched. However we all know someone that would download and run that program so they could see their e-card.

With that in mind I started digging. There is in fact a postcardsfrom.com on the net. But they do not provide an e-cards service. Their IP address does not come anywhere near the numbers in the url. The WhoIs listing for that number comes back to Road Runner.

With that thought in mind, I set out to contact the fine folks at Road Runner so that they might shut this amateur script kiddie down before too much damage is done.

What a joke. I sent three e-mails to Road Runner's abuse address. They were all returned by an automated system demanding more information like the e-mail headers. After the third attempt it finally became clear to me that the system was designed to keep people from contacting the abuse department.

So I went to Road Runner's tech support page and did some on-line chatting with a tech support person named Cassandra. After explaining the entire situation to them, She referred me to their fraud department e-mail address.

I asked if she had anyway of of contacting their security department before the damage became wide spread. Her response was, "Cassandra D: If you have no further issues that we can assist you with, you may end the chat session by clicking on the X or End Session button and a chat transcript will be displayed for you. Once again thank you for choosing Time Warner Cable Road Runner!"

The e-mail to their fraud address just came back for the second time demanding more information. You gotta love it!

This garbage about corporations going out of their way to isolate themselves from their customers and the public at large has gone way too far. Do you think Road Runner bears any liability for any damage that occurs after my chat with Cassandra? That would be an interesting legal challenge.

I post this as a warning to be freely passed along, especially to anyone you know that would cheerfully click that link, download and run that program so they can see their e-card.

I think computer viruses should count as life. I think it says something about human nature that the only form of life we have created so far is purely destructive. We've created life in our own image.
- Stephen Hawking

bad business, spam, scams, bad policy

Previous post Next post
Up