Permanent Links

Poll

What should be the topic for the next Impossibly Stupid poll?

A Town Square Poll Space

Tech Corner

See Also

[ICO]NameLast modifiedSizeDescription

[PARENTDIR]Parent Directory  -  
[TXT]README.html2014-11-29 12:14 3.3K 
[   ]info.json2014-12-09 01:41 40  
[   ]tags=logged2015-03-26 18:30 0  
[   ]tags=meta2015-03-26 18:30 0  

Spam Outings, Round 10

You didn't really think it'd stop, did you? We start off with another series of educational institutions:

Brisbane Boys' College
Kensington Tce
Toowong QLD 4066
AU

spammed us on Monday, 1 February 2010 - 7:25pm, 7:39pm, 7:50pm, 8:02pm, 8:03pm and 8:12pm via IP 203.57.147.3

Prince of Songkla University
Computer Center
Korhong, Hatyai, Songkhla, 90110

spammed us on Monday, 1 February 2010 - 5:28pm; Thursday, 4 February 2010 - 10:08am via IP 202.12.74.44

Polish Academy of Science
Institute of Bioorganic Chemistry
Poznan Supercomputing and Networking Center
ul. Noskowskiego 12/14
61-704 Poznan
Poland

spammed us on Friday, 5 February 2010 - 2:58pm via IP 150.254.161.3

That's right, the botnets even have access to a supercomputing center, and yet they haven't figured out anything better to do with it than spam dumb blogs like mine.

Next up with have an otherwise generic IP block owner:

Cox Communications
1400 Lake Hearn Dr
Atlanta, GA 30319

spammed us on Monday, 1 February 2010 - 5:26pm, 7:25pm, 7:30pm, 7:31pm, 7:39pm and 8:03pm; Thursday, 4 February 2010 - 2:35am; Friday, 5 February 2010 - 6:05pm, 8:00pm, and 8:05pm via IP 98.172.30.138

What is notable about that IP is that it resolves to nat-gw.productionadvantage.com. The Production Advantage, Inc. appears to be a direct marketing company, so if you've ever done business with them, it's a good bet that your data has been compromised. They even helpfully list their clients, so if you've ever given your personal information to any of those organizations, you might want to contact them regarding your pending identity theft.

Another generic IP block owner:

Savvis
1 SAVVIS Parkway
Town and Country, MO 63017

spammed us on Thursday, 4 February 2010 - 11:20am via IP 216.109.73.21

That IP resolves to dc3-pw-nat.ws.ag.com. I will helpfully point out that ag.com belongs to American Greetings. As though it weren't bad enough for your "friends" to give up your identity for a stupid eCard, welcome to their insecure system that gives it up to people that are probably even worse.

And it's always the most fun when someone selling security is insecure:

TREND MICRO INCORPORATED
10101 N. De Anza Blvd,
Cupertino, CA 95014

spammed us on Monday, 1 February 2010 - 8:08pm via IP 216.104.15.138

and in an odd twist, they also came in a half hour earlier from half way around the world, doing a scouting mission on Monday, 1 February 2010 - 7:33pm via IP 150.70.84.26

The slogan on their site is "Securing Your Web World". Since they can't secure their own, I have my doubts. Their traffic pattern is so strange, though, it makes me think that they themselves might be abusing network resources instead of being part of someone else's botnet.