Hello All, In recent days, I have received numerous Spamvertised messages from this domain, "proberry.de" which is hosted by (STRATO-RZG-KA). Here is a copy of the latest such messages, without its header: From: Rupert Sterling <westport@genion.de> To: rezaf@mindspring.com Subject: Sicherheit im Beerenanbau Date: Jan 27, 2013 4:25 AM Die Homepage "ProBerry" ist eine branchenbezogene Informationsseite zu einem Fachthema, fur Beerenobstanbauer in der BRD: http://proberry.de/ Does anyone knows who is behind this domain, "proberry.de" i.e. who owns it, and what this German text says on this message. So far, and despite my repeated complaints to STRATO-RZG-KA's Abuse Department, 'abuse@stratoserver.net' and 'hostmaster@strato.de' and 'hostmaster@strato-rz.de' this domain remain active, and has not been suspended. To be fair, I have copied Andreas Hartnacke, Provisioning/Hostmaster, so that he would be aware of the this matter. I appreciate any assistance that you may offer in this matter. Thank you, Reza Farzan rezaf@mindspring.com
Dear Reza, basically the owner says the emails don't originate from them, they have no use for those messages, they don't know who sent it, they don't even have e-mail accounts in that domain, and they've contacted the police about the matter on the 24th of January. They also direct the recipients to contact police in case they're so inclined. On Mon, Jan 28, 2013 at 2:19 PM, Reza Farzan <rezaf@mindspring.com> wrote:
**
Hello All,****
** **
In recent days, I have received numerous Spamvertised messages from this domain, “proberry.de” which is hosted by (STRATO-RZG-KA).****
** **
Here is a copy of the latest such messages, without its header:****
** **
** **
From: Rupert Sterling <westport@genion.de>****
To: **rezaf@mindspring.com******
Subject: Sicherheit im Beerenanbau****
Date: Jan 27, 2013 4:25 AM****
****
Die Homepage "ProBerry" ist eine branchenbezogene Informationsseite zu *** *
einem Fachthema, fur Beerenobstanbauer in der BRD:****
****
** **
** **
** **
Does anyone knows who is behind this domain, “proberry.de” i.e. who owns it, and what this German text says on this message.****
** **
So far, and despite my repeated complaints to STRATO-RZG-KA’s Abuse Department, '**abuse@stratoserver.net**' and '**hostmaster@strato.de**' and '**hostmaster@strato-rz.de**' this domain remain active, and has not been suspended.****
** **
To be fair, I have copied **Andreas Hartnacke**, Provisioning/Hostmaster, so that he would be aware of the this matter.****
** **
I appreciate any assistance that you may offer in this matter.****
** **
Thank you,****
Reza Farzan *rezaf@mindspring.com *****
-- Mr. Esa Laitinen Tel. +41 76 200 2870 skype/yahoo: reunaesa Blog: http://happiloppuuahistaa.blogspot.com
Simply ignore these mails. They are no classical spam and completely senseless. At http://www.proberry.de/ is a statement of the domain-owner (in german, use google or something else to translate).
On 28/01/2013 5:19 AM, Reza Farzan wrote:
Hello All,
In recent days, I have received numerous Spamvertised messages from this domain, "proberry.de" which is hosted by (STRATO-RZG-KA).
Here is a copy of the latest such messages, without its header:
Hi, reviewing the header source might give you enough information about who actually sent the SPAM. The best thing to do is to forward the complete message, possibly with some sensitive addresses obliterated if necessary, to the owners so that they can collect enough information for the police. Blowing my own horn, my SPAM reporter wxSR - see my signature- might help you resolve some of your questions. Arnold -- Fight Spam - report it with wxSR 0.5 - ready for Vista & Win7 http://www.columbinehoney.net/wxSR.shtml
Arnold wrote:
On 28/01/2013 5:19 AM, Reza Farzan wrote:
Hello All,
In recent days, I have received numerous Spamvertised messages from this domain, "proberry.de" which is hosted by (STRATO-RZG-KA).
Here is a copy of the latest such messages, without its header:
Hi,
reviewing the header source might give you enough information about who actually sent the SPAM.
...and looking at the message in text mode, instead of the "fancy" html rendering, may give you a clue about the real URL you are supposed to visit. ;-) If this is different than the "obvious source", well, then you're barking up at the wrong tree...
The best thing to do is to forward the complete message, possibly with some sensitive addresses obliterated if necessary, to the owners so that they can collect enough information for the police.
Blowing my own horn, my SPAM reporter wxSR - see my signature- might help you resolve some of your questions.
Arnold
-ww
* Wilfried Woeber:
Arnold wrote:
reviewing the header source might give you enough information about who actually sent the SPAM.
It's some sort of botnet with readily apparent coordination across multiple egress IP addresses.
...and looking at the message in text mode, instead of the "fancy" html rendering, may give you a clue about the real URL you are supposed to visit. ;-)
These messages are plain text (even ASCII), and the URL is unobfuscated. They really do not make much sense.
On 28/01/2013 11:34 PM, Florian Weimer wrote:
* Wilfried Woeber:
Arnold wrote:
...and looking at the message in text mode, instead of the "fancy" html rendering, may give you a clue about the real URL you are supposed to visit. ;-) These messages are plain text (even ASCII), and the URL is unobfuscated. They really do not make much sense. That is evidently what it is supposed to look like.They want you to simply reply to the address that appears in plain text.
By inspecting the actual source code of the message one can typically find out much more - most importantly the actual IP address of the infected machine used to send the SPAM. The message must have been sent from a valid account somewhere and the idea of wxSR & other SPAM reporters is to make it easy to identify that address, find out the ISP who is responsible for the address and then forward the message to the ISP for action. Forwarding the complete message to them will allow them to find out which of their machines are infected by the bots and hopefully 'squash the bot' and take that source of SPAM out of circulation - at least for a while Arnold -- Fight Spam - report it with wxSR 0.5 - ready for Vista & Win7 http://www.columbinehoney.net/wxSR.shtml
participants (6)
-
Arnold -
Esa Laitinen -
Florian Weimer -
Lutz Petersen -
Reza Farzan -
Wilfried Woeber