[Dshield] Re: [Dsheild] Clubx.biz spam

Kenneth Coney superc at visuallink.com
Tue Oct 28 22:16:23 GMT 2003


An interesting nuisance popped up today.  Call themselves clubx.biz They 
send out a spam email announcing a recipient can sign up an get hits to 
their website.  Those who don't want to receive the mailings can 
unsubscribe by writing to Access at clubx.biz (don't write to them) and 
unsubscribe.  A password needed to unsubscribe is also supplied.  Many do. 
  The fun is the "unsubscribe me" letter is then redirected and bounced by 
Access-bounces at clubx.biz and forwarded to random email addresses.  This 
generates a flood of back and forth email.  unsubscribe me, why you writing 
to me, aren't you the clubx.biz?, no I ain't., etc.  An additional game 
being played byy clubx.biz is the sending to random email addresses the 
following:

From: {SPOOFED RANDOM EMAIL ADDRESS HERE}
***The information contained in this communication is confidential. It
is intended only for the sole use of the recipient named above and may
be legally privileged. If the reader of this message is not the intended
recipient, you are hereby notified that any dissemination, distribution
or copying of this communication, or any of its contents or attachments,
is expressly prohibited. If you have received this communication in
error, please re-send it to the sender and delete the original message,
and any copy of it, from your computer system. Thank You.***
_______________________________________________
Access mailing list
Access at clubx.biz
http://clubx.biz/mailman/listinfo/access_clubx.biz

I find this cute.  > If you have received this communication in
> error, please re-send it to the sender 
How's that for email clogging?  I (and others) have run it down a little 
bit.  clubx.biz resolves to ev1.net.  Mail to admin at ev1.net generates the 
usual auto reply.  Phone calls to their listed number are not answered by a 
human and there is no provision to leave a message.  Another victim tells 
me he has learned ev1.net rented the server to a company that rented the 
server to someone in Sweden who has supplied a bogus telephone number. 
Someone somewhere has information concerning the identity of who set this 
up.  Any way of running it down past the ev1.net?






More information about the list mailing list