Mailbag Spam or Threat? A New Game.
posted by April 23 at 10:04 AM
onFrom: mianga@xxxxxx.net
Date: April 22, 2008 6:58:34 PM PDT
Subject: she has already gone to hospital!…
To: brendan@thestranger.com
Hello, brendan.
Listen to me carefully, i don’t know what your name is, but i’ll find you and i’ll cripple you, because this is you who tempted her!!!
She has already gone to hospital, you’re next.
mianga
Comments
you should write back to mianga and say
"Dearest Mianga,
I don't know your name, but I am already crippled. Thanks."
Funny... I thought you knew his name was Brendan!
Dear Brendon, I don't know what your name is?
I'm going with Spam.
Oops, Brendan.
SEE? I really don't know your name... er... uhm, he really doesn't know your name.
You should say "You ain't got the balls to put me in the hospital bitch!!"
Always ALWAYS aggitate the person who threatens you.
A quick Google of that phrase shows several other sites with that exact message. You can probably stop looking over your shoulder.
Spam.
Definitely a kook. And I'd definitely write him back. Be sure to use lots of profanity when you do.
Oh, and dare them to use a gun when they attack you ... that always ends well ...
threatening spam is the best.
mmmm Brendan who's name I do not know, send me your bank account number and I, the son of Mianga, an African prince will deposite $100,000,000. But if you don't, I'm comming for you, even though I can't leave Africa unless you give me your bank account information because my father has been killed by the government. Don't tell anyone!
it's from New Jersey (the address is still happily sitting in our RSS readers despite your subsequent effort to block it out) so it's a Threat.
They probably have a huge list of first names and a huge list of domain names to put together into likely email addresses, or just a list of emails to begin with. There are no links in it right? This seems like bait to get you to reply so they know your email is being read. In the email list black market, I'd imagine emails known to be "active" in the last however long are worth more than emails simply lifted from the web.
Please don't email it back. The "From" addresses in spam are forged too, and if it's a real address, as it sometimes is, you'll be forwarding the spam to that person, who is innocent. I know; I'm being joe-jobbed right now by someone (~4000 bounces a day directed to me).
Email doesn't come from email accounts; it comes from email servers. It's not "from" anybody; that's just a courtesy header.
Fnarf is right, and it isn't even the email in the "From" header that you would be replying to, it's the "Reply-to" header. Both can be made up.
@14
OH! So THATS where all this weird spam is coming from... I've been wondering how I all of the sudden got buttloads of spam this week. The horror.
Very much spam. I got 2 of them to a non-existant email address at a domain I own, both from different spoofed yahoo addresses. It wasn't even sent to a first name, unless "dkabpoyas" is a common first name that I've just never come across before.
I found the concept of threatening spam odd enough that I emailed it to some interested friends. Why would I want to see images of "her" in the hospital??? (Mine included this url: http://orfeyrecords.508.com1.ru/images/ )
i like this new game. but do you win by getting spam or by getting a threat?
They're not "from" any yahoo addresses, nonexistent or otherwise. They're from one of the millions of infected PCs in the botnets that are sending out trillions of spams. These PCs are sending direct-to-MX with no client, no "from", no nothing, without the users' knowledge.
Virtually all email traffic is spam now; it's at least 99%, probably 99.999%. Most INTERNET traffic is spam now.
passive spam.
Oh no!! If you read that email you will get genital warts! Oh no I probably have genital warts! It says here I must forward this email to 22 people to get the cure.
Jesus fucking mary! that was close.
I tend to agree that it is probably spam, but I'm surprised that nobody else has mentioned "Confessions of a Gasoline Huffer" as yet. It's the first thing I thought of, though I certainly didn't think huffing gas sounded "tempting" after having read it...
Damn. My I'm sure incredibly witty comment about why "she" has already gone to hospital got eaten by the spam filter. At least it's somewhat working, right?
When you see a nonsense spam like this, the most likely explanation is that its purpose is to train spam filters, in preparation for more insidious spam down the road.
Thanks a ton @17 - you posted the link the spammers wanted you to visit at their virus-laden site....
You're in for it now, Person-Who-May-Be-Named Brendan.
Expect an attack from Ninjas.
Or Pirates.
From: mianga@xxxxxx.net
Date: April 22, 2008 6:58:34 PM PDT
Subject: she has already gone to hospital!…
To: EMAIL ADDRESS
Hello, EMAIL ADDRESS MINUS DOMAIN.
Listen to me carefully, i don’t know what your name is ...
SPAM
you can inspect the full header using various open source tools, and trace it back to the leased IP block from the third relay server it was forged through.
You still won't find the Chinese spam server that sent it, mind you.
http://fraudo.com/2008/04/21/she-has-already-gone-to-hospital/
malicious and not delicious SPAM.
There is such a thing as "open source tools", but you don't need them to see the full headers. Virtually all email programs have the ability to show them, including web-based ones. On Comcast's web mailcenter, you click on "View Source" in the email; in Gmail, you click on "Show original" under the little down-arrow next to "Reply".
What you see there won't be the "leased IP block" or "third relay server" it was "forged through" though. Those phrases don't have any meaning.
You will see, among other things, a line beginning "Received: from" which will tell you where the email came from. Note that this is a SERVER, not an email address. And only the part inside square brackets is reliably true. But it won't do you any good; it's probably not going to be a "Chinese spam server", but your neighbor's granny's computer, emailing to you direct. It is impossible to trace it back any further than that.
Aside from the garbled lingo you got wrong, Will, your info is many years out of date. I've spent more time looking at email headers than you have being awake, so it gives me great pleasure to once again award you the "totally full of shit and doesn't know what he's talking about but wants people to think he's savvy" award to .... WILL IN SEATTLE! Congratulations!
Apologies for the ginked paragraphs above.
This has been driving me CRAZY since I was emailed it yesterday. If you click on the link/attachment, what shows up?
WHY ON EARTH would you click on a link in an email if you didn't know what it was or where it was from? Safe sex, man. Yes, it IS the same thing.
I'm sure someone was stupid enough to open it, and I wanna know what he/she found!
If it's like most payloads, you wouldn't see a thing, but your computer would immediately start contacting the the mothership (one or another infected PC somewhere) every ten seconds for addresses and more payloads, either spam or virus, and start to work. These networks are self-healing too.
It's spam. I've put some details of this on my site, http://fraudo.com/2008/04/21/she-has-already-gone-to-hospital/
Today there's been a lot of interest in this from Canada so I guess it's spreading there atm.
@25 who would be dumb enough to click the link? Really.
Well, he's right -- millions of people do. And millions of people buy the crap that's sold in spam.
Comments Closed
In order to combat spam, we are no longer accepting comments on this post (or any post more than 14 days old).