Slog News & Arts

Line Out

Music & Nightlife

« 'The Safe' is Safe (For Now) | Murdoch Media »

Wednesday, April 23, 2008

Spam or Threat? A New Game.

posted by on April 23 at 10:04 AM

From: mianga@xxxxxx.net
Date: April 22, 2008 6:58:34 PM PDT
Subject: she has already gone to hospital!…
To: brendan@thestranger.com


Hello, brendan.

Listen to me carefully, i don’t know what your name is, but i’ll find you and i’ll cripple you, because this is you who tempted her!!!



She has already gone to hospital, you’re next.



mianga

RSS icon Comments

1

you should write back to mianga and say
"Dearest Mianga,
I don't know your name, but I am already crippled. Thanks."

Posted by king ad hock | April 23, 2008 10:09 AM
2

Funny... I thought you knew his name was Brendan!

Posted by bma | April 23, 2008 10:09 AM
3

Dear Brendon, I don't know what your name is?

I'm going with Spam.

Posted by monkey | April 23, 2008 10:13 AM
4

Oops, Brendan.

SEE? I really don't know your name... er... uhm, he really doesn't know your name.

Posted by monkey | April 23, 2008 10:14 AM
5

You should say "You ain't got the balls to put me in the hospital bitch!!"

Always ALWAYS aggitate the person who threatens you.

Posted by Andrew | April 23, 2008 10:14 AM
6

A quick Google of that phrase shows several other sites with that exact message. You can probably stop looking over your shoulder.

Posted by JC | April 23, 2008 10:15 AM
7

Spam.

Posted by Lobot | April 23, 2008 10:15 AM
8

Definitely a kook. And I'd definitely write him back. Be sure to use lots of profanity when you do.

Posted by Fifty-Two-Eighty | April 23, 2008 10:15 AM
9

Oh, and dare them to use a gun when they attack you ... that always ends well ...

Posted by Will in Seattle | April 23, 2008 10:18 AM
10

threatening spam is the best.

Posted by superyeadon | April 23, 2008 10:22 AM
11

mmmm Brendan who's name I do not know, send me your bank account number and I, the son of Mianga, an African prince will deposite $100,000,000. But if you don't, I'm comming for you, even though I can't leave Africa unless you give me your bank account information because my father has been killed by the government. Don't tell anyone!

Posted by Son of Mianga | April 23, 2008 10:28 AM
12

it's from New Jersey (the address is still happily sitting in our RSS readers despite your subsequent effort to block it out) so it's a Threat.

Posted by JMR | April 23, 2008 10:34 AM
13

They probably have a huge list of first names and a huge list of domain names to put together into likely email addresses, or just a list of emails to begin with. There are no links in it right? This seems like bait to get you to reply so they know your email is being read. In the email list black market, I'd imagine emails known to be "active" in the last however long are worth more than emails simply lifted from the web.

Posted by w7ngman | April 23, 2008 10:37 AM
14

Please don't email it back. The "From" addresses in spam are forged too, and if it's a real address, as it sometimes is, you'll be forwarding the spam to that person, who is innocent. I know; I'm being joe-jobbed right now by someone (~4000 bounces a day directed to me).

Email doesn't come from email accounts; it comes from email servers. It's not "from" anybody; that's just a courtesy header.

Posted by Fnarf | April 23, 2008 10:38 AM
15

Fnarf is right, and it isn't even the email in the "From" header that you would be replying to, it's the "Reply-to" header. Both can be made up.

Posted by w7ngman | April 23, 2008 10:48 AM
16

@14

OH! So THATS where all this weird spam is coming from... I've been wondering how I all of the sudden got buttloads of spam this week. The horror.

Posted by catnextdoor | April 23, 2008 10:49 AM
17

Very much spam. I got 2 of them to a non-existant email address at a domain I own, both from different spoofed yahoo addresses. It wasn't even sent to a first name, unless "dkabpoyas" is a common first name that I've just never come across before.

I found the concept of threatening spam odd enough that I emailed it to some interested friends. Why would I want to see images of "her" in the hospital??? (Mine included this url: http://orfeyrecords.508.com1.ru/images/ )

Posted by bs | April 23, 2008 10:50 AM
18

i like this new game. but do you win by getting spam or by getting a threat?

Posted by infrequent | April 23, 2008 10:56 AM
19

They're not "from" any yahoo addresses, nonexistent or otherwise. They're from one of the millions of infected PCs in the botnets that are sending out trillions of spams. These PCs are sending direct-to-MX with no client, no "from", no nothing, without the users' knowledge.

Virtually all email traffic is spam now; it's at least 99%, probably 99.999%. Most INTERNET traffic is spam now.

Posted by Fnarf | April 23, 2008 10:57 AM
20

passive spam.

Posted by infrequent | April 23, 2008 11:06 AM
21

Oh no!! If you read that email you will get genital warts! Oh no I probably have genital warts! It says here I must forward this email to 22 people to get the cure.

Jesus fucking mary! that was close.

Posted by LaDeeLa | April 23, 2008 11:07 AM
22

I tend to agree that it is probably spam, but I'm surprised that nobody else has mentioned "Confessions of a Gasoline Huffer" as yet. It's the first thing I thought of, though I certainly didn't think huffing gas sounded "tempting" after having read it...

Posted by matthew e | April 23, 2008 11:14 AM
23

Damn. My I'm sure incredibly witty comment about why "she" has already gone to hospital got eaten by the spam filter. At least it's somewhat working, right?

Posted by Abby | April 23, 2008 11:18 AM
24

When you see a nonsense spam like this, the most likely explanation is that its purpose is to train spam filters, in preparation for more insidious spam down the road.

Posted by JMR | April 23, 2008 11:21 AM
25

Thanks a ton @17 - you posted the link the spammers wanted you to visit at their virus-laden site....

Posted by Colton | April 23, 2008 11:32 AM
26

You're in for it now, Person-Who-May-Be-Named Brendan.

Expect an attack from Ninjas.

Or Pirates.

Posted by NapoleonXIV | April 23, 2008 12:08 PM
27

From: mianga@xxxxxx.net
Date: April 22, 2008 6:58:34 PM PDT
Subject: she has already gone to hospital!Ö
To: EMAIL ADDRESS


Hello, EMAIL ADDRESS MINUS DOMAIN.

Listen to me carefully, i donít know what your name is ...

SPAM

Posted by Mahtli69 | April 23, 2008 12:22 PM
28

you can inspect the full header using various open source tools, and trace it back to the leased IP block from the third relay server it was forged through.

You still won't find the Chinese spam server that sent it, mind you.

Posted by Will in Seattle | April 23, 2008 1:57 PM
29
Posted by eggzandspam | April 23, 2008 2:43 PM
30
you can inspect the full header using various open source tools, and trace it back to the leased IP block from the third relay server it was forged through.
You're cute when you try to do tech talk, Will. But that's nonsense, every word of it.
There is such a thing as "open source tools", but you don't need them to see the full headers. Virtually all email programs have the ability to show them, including web-based ones. On Comcast's web mailcenter, you click on "View Source" in the email; in Gmail, you click on "Show original" under the little down-arrow next to "Reply".
What you see there won't be the "leased IP block" or "third relay server" it was "forged through" though. Those phrases don't have any meaning.
You will see, among other things, a line beginning "Received: from" which will tell you where the email came from. Note that this is a SERVER, not an email address. And only the part inside square brackets is reliably true. But it won't do you any good; it's probably not going to be a "Chinese spam server", but your neighbor's granny's computer, emailing to you direct. It is impossible to trace it back any further than that.
Aside from the garbled lingo you got wrong, Will, your info is many years out of date. I've spent more time looking at email headers than you have being awake, so it gives me great pleasure to once again award you the "totally full of shit and doesn't know what he's talking about but wants people to think he's savvy" award to .... WILL IN SEATTLE! Congratulations!
Posted by Fnarf | April 23, 2008 3:40 PM
31

Apologies for the ginked paragraphs above.

Posted by Fnarf | April 23, 2008 3:43 PM
32

This has been driving me CRAZY since I was emailed it yesterday. If you click on the link/attachment, what shows up?

Posted by Mab | April 23, 2008 4:34 PM
33

WHY ON EARTH would you click on a link in an email if you didn't know what it was or where it was from? Safe sex, man. Yes, it IS the same thing.

Posted by Fnarf | April 23, 2008 4:39 PM
34

I'm sure someone was stupid enough to open it, and I wanna know what he/she found!

Posted by Mab | April 23, 2008 5:47 PM
35

If it's like most payloads, you wouldn't see a thing, but your computer would immediately start contacting the the mothership (one or another infected PC somewhere) every ten seconds for addresses and more payloads, either spam or virus, and start to work. These networks are self-healing too.

Posted by Fnarf | April 23, 2008 6:18 PM
36

It's spam. I've put some details of this on my site, http://fraudo.com/2008/04/21/she-has-already-gone-to-hospital/

Today there's been a lot of interest in this from Canada so I guess it's spreading there atm.

Posted by Enrique | April 23, 2008 8:45 PM
37

@25 who would be dumb enough to click the link? Really.

Posted by bs | April 24, 2008 5:49 AM
38

Well, he's right -- millions of people do. And millions of people buy the crap that's sold in spam.

Posted by Fnarf | April 24, 2008 9:23 AM

Comments Closed

In order to combat spam, we are no longer accepting comments on this post (or any post more than 14 days old).