[Dshield] A New/Old Scam or what

Al Reust areust at comcast.net
Fri Mar 5 02:04:15 GMT 2004


Hello All

I got an email today, I do not have a spare box to test with. It arrived at 
my old attbi.com email address which has recently started getting a lot of 
Spam traffic. The sender was not "who" they advertised it failed RFC822 
check (open relay/spam server, go figure). So irrespective of the true URL 
they want someone to run the SCAN for Trojans tool. A Quick check shows
http://www.spywareguide.com/product_show.php?id=515
is a trojan. So besides a general "information collection" it is hard to 
say what was added.

Be Warned! Please, do not just click on the link(s). You are greeted with a 
popup dialog box that wants you to scan now! Just Click "OK" or a button 
that wants you to execute this URL

http://www.spywarenukerdownload.com/index.php?id=ward2sc1n*

<Quote>
Date: Thu, 4 Mar 2004 18:45:52 +0000 (GMT)
X-Comment: Sending client does not conform to RFC822 minimum requirements
X-Comment: Date has been added by Maillennium
Received: from mta4.dimeandfive1.com ([209.213.200.74])
           by sccrmxc12.comcast.net (sccrmxc12) with SMTP
           id <20040304184551s12005cd5pe>; Thu, 4 Mar 2004 18:45:52 +0000
X-Originating-IP: [209.213.200.74]
Received: (qmail 29563 invoked by uid 0); 4 Mar 2004 17:13:00 -0000
MIME-Version: 1.0
From: System Admin <info-2769 at dimeandfive1.com>
Subject: About your Internet connection problems
To: old-email -- at -- attbi.com
Content-Type: text/html; charset="iso-8859-1"

Important Notification About Your PCs Recent Internet Activity:

You may have recently noticed that your computer's connection to the 
Internet has been much slower than usual. If you, or someone else that uses 
your PC, have been downloading Internet files such as music, games, or 
movies, then adware and spyware programs may have been added to your 
computer's hard drive without your direct knowledge.

To check for any adware or spyware applications press on the link below. 
There is no cost for this scan:
http://t.dimeandfive1.com/a/5131/b/1122?

<which equates to this>
http://t.dimeandfive1.com/a/5131/b/1122?http://www.spywarenukerdownload.com/index.php?id=ward2sc1n
  <end>

If after completing the complimentary scan it is brought to your 
attention  that your computer's hard drive is infected with adware, 
spyware, or both, then it may be in your computer's best interest to remove 
the adware and spyware applications.

Press below to begin the scan:
http://t.dimeandfive1.com/a/5131/b/1122?
You are receiving this email as a subsciber to Dime and Five Mail. To 
unsubscribe you can visit this link, or mail us at: WM inc, P.O. Box 483 
Midtown Station, New York, NY 10018
<End Email quote>

<DNS>
Registrant Info:

    Martin Scoggins
    P.O. Box 512
    St James, MO 65559
    US
    Phone: +1.6019478289
    Fax..:
    Email: dannesh2000 at yahoo.com

Administrative Info:

    Martin Scoggins
    P.O. Box 512
    St James, MO 65559
    US
    Phone: +1.6019478289
    Fax..:
    Email: dannesh2000 at yahoo.com

Technical Info:

    Martin Scoggins
    P.O. Box 512
    St James, MO 65559
    US
    Phone: +1.6019478289
    Fax..:
    Email: dannesh2000 at yahoo.com

Billing Info:

    Martin Scoggins
    P.O. Box 512
    St James, MO 65559
    US
    Phone: +1.6019478289
    Fax..:
    Email: dannesh2000 at yahoo.com

Status: registrar-lock

Domain servers in listed order:

     dns01.gpn.register.com
     dns02.gpn.register.com
     dns03.gpn.register.com
     dns04.gpn.register.com
     dns05.gpn.register.com


Register your domain name at http://www.register.com

The previous information has been obtained either directly from the
registrant or a registrar of the domain name other than Network Solutions.
Network Solutions, therefore, does not guarantee its accuracy or completeness.

<END DNS>

So without a quick BlackHole list check .

<DNS for DimeandFive.com at tucows>
Whois info for, dimeandfive.com:

Registrant:
  Ward Media
  28 W.36th Street
  Suite 804
  New York, NY 10018
  US

  Domain name: DIMEANDFIVE.COM

  Administrative Contact:
     Mansdorf, Effie  domainreg at offersdepotmail.com
     28 W.36th Street
     Suite 804
     New York, NY 10018
     US
     212-967-5055
  Technical Contact:
     Mansdorf, Effie  domainreg at offersdepotmail.com
     28 W.36th Street
     Suite 804
     New York, NY 10018
     US
     212-967-5055


  Registration Service Provider:
     Domain Name Services
     +1-702-380-7852



  Registrar of Record: TUCOWS, INC.
  Record last updated on 22-Jan-2004.
  Record expires on 15-Dec-2004.
  Record created on 15-Dec-2003.

  Domain servers in listed order:
     NS-01.DIMEANDFIVE.COM   209.213.200.20
     NS-02.DIMEANDFIVE.COM   209.213.200.21


The Data in the Tucows Registrar WHOIS database is provided to you by 
Tucows for information purposes only, and may be used to assist you in 
obtaining information about or related to a domain name's registration record.

Tucows makes this information available "as is," and does not guarantee its 
accuracy.

By submitting a WHOIS query, you agree that you will use this data only for 
lawful purposes and that, under no circumstances will you use this data to:
a) allow, enable, or otherwise support the transmission by e-mail,
telephone, or facsimile of mass, unsolicited, commercial advertising or
solicitations to entities other than the data recipient's own existing
customers; or (b) enable high volume, automated, electronic processes that 
send queries or data to the systems of any Registry Operator or
ICANN-Accredited registrar, except as reasonably necessary to register
domain names or modify existing registrations.

The compilation, repackaging, dissemination or other use of this Data is 
expressly prohibited without the prior written consent of Tucows.

Tucows reserves the right to terminate your access to the Tucows WHOIS
database in its sole discretion, including without limitation, for 
excessive querying of the WHOIS database or for failure to otherwise abide 
by this policy.

Tucows reserves the right to modify these terms at any time.

By submitting this query, you agree to abide by these terms.

NOTE: THE WHOIS DATABASE IS A CONTACT DATABASE ONLY.  LACK OF A DOMAIN
RECORD DOES NOT SIGNIFY DOMAIN AVAILABILITY.
<END DNS>



More information about the list mailing list