Spam Outings, Round 10
You didn't really think it'd stop, did you? We start off with another series of educational institutions:
Brisbane Boys' College
Toowong QLD 4066
spammed us on Monday, 1 February 2010 - 7:25pm, 7:39pm, 7:50pm, 8:02pm, 8:03pm and 8:12pm via IP 220.127.116.11
Prince of Songkla University
Korhong, Hatyai, Songkhla, 90110
spammed us on Monday, 1 February 2010 - 5:28pm; Thursday, 4 February 2010 - 10:08am via IP 18.104.22.168
Polish Academy of Science
Institute of Bioorganic Chemistry
Poznan Supercomputing and Networking Center
ul. Noskowskiego 12/14
spammed us on Friday, 5 February 2010 - 2:58pm via IP 22.214.171.124
That's right, the botnets even have access to a supercomputing center, and yet they haven't figured out anything better to do with it than spam dumb blogs like mine.
Next up with have an otherwise generic IP block owner:
1400 Lake Hearn Dr
Atlanta, GA 30319
spammed us on Monday, 1 February 2010 - 5:26pm, 7:25pm, 7:30pm, 7:31pm, 7:39pm and 8:03pm; Thursday, 4 February 2010 - 2:35am; Friday, 5 February 2010 - 6:05pm, 8:00pm, and 8:05pm via IP 126.96.36.199
What is notable about that IP is that it resolves to nat-gw.productionadvantage.com. The Production Advantage, Inc. appears to be a direct marketing company, so if you've ever done business with them, it's a good bet that your data has been compromised. They even helpfully list their clients, so if you've ever given your personal information to any of those organizations, you might want to contact them regarding your pending identity theft.
Another generic IP block owner:
1 SAVVIS Parkway
Town and Country, MO 63017
spammed us on Thursday, 4 February 2010 - 11:20am via IP 188.8.131.52
That IP resolves to dc3-pw-nat.ws.ag.com. I will helpfully point out that ag.com belongs to American Greetings. As though it weren't bad enough for your "friends" to give up your identity for a stupid eCard, welcome to their insecure system that gives it up to people that are probably even worse.
And it's always the most fun when someone selling security is insecure:
TREND MICRO INCORPORATED
10101 N. De Anza Blvd,
Cupertino, CA 95014
spammed us on Monday, 1 February 2010 - 8:08pm via IP 184.108.40.206
and in an odd twist, they also came in a half hour earlier from half way around the world, doing a scouting mission on Monday, 1 February 2010 - 7:33pm via IP 220.127.116.11
The slogan on their site is "Securing Your Web World". Since they can't secure their own, I have my doubts. Their traffic pattern is so strange, though, it makes me think that they themselves might be abusing network resources instead of being part of someone else's botnet.