Broken or Nonexistent Links

Did you receive an insanely stupid spam message? Or yet another spam message with (!!) no URL? Post it here so we can continue to laugh at mentally-challenged spammers.

Re: Broken or Nonexistent Links

Postby Red Dwarf » Tue Apr 19, 2011 7:00 pm

AVG coughs up an Alert when trying to load that page -
Exploit Blackhole Exploit Kit error 2004

I even get the alert when loading these forum pages!

[EDIT: I snipped out the coding in my previous posting, because it was triggering an AV Alert in AVG's resident link checking]
User avatar
Red Dwarf
You are kiillllling-a my bizinisss!
 
Posts: 10542
Joined: Tue Jun 27, 2006 2:01 am

Re: Broken or Nonexistent Links

Postby spamislame » Wed Apr 20, 2011 9:52 am

Crazy!

Okay thanks, Red, for sending me the resulting code you found there. This idiot really jumped the gun.

For security reasons I will not paste any code here, since I don't want Google or anyone else to flag InBoxRevenge as being potentially malicious.

He obfuscates a huge amount of text using a div which is hidden to contain raw text, then a huge series of obfuscated JavaScript functions which again ultimately strive to "eval" the resulting processed text.

If you try to view the output, the first thing the JavaScript outputs is a block of HTML:

Code: Select all
<center><h1>404 Not Found</h1></center><hr>

Then a huger block of more straightforward JavaScript which attempts the following:

  • Java exploit
  • Browser plugin detection (Shockwave, MSXml, Flash, Shell helpers, Windows Media Player)
  • Two more Java exploits
  • Adobe Acrobat exploits (2)

Each of these are all known by various malware detection systems. As noted my entire office cannot even see that site, and it turns out the reason I couldn't see any JavaScript in their page source was because this was a further protection of the ESET anti-malware system. (Well done.)

I'm sure he snagged a few PC's with this but it's debatable wither it would be that many given that most of these are covered by at least a year's worth of patches and upgrades.

SiL
User avatar
spamislame
Site Admin
 
Posts: 5058
Joined: Tue May 09, 2006 9:18 am

Re: Broken or Nonexistent Links

Postby Nodus » Wed Jan 23, 2013 1:48 pm

The joe-jobbers are getting sloppy -- let's hope it means they are getting desperate, too. I have received a few like this one:

Subject: Smoking blends and mixes

We offer best quality smoking blends and smoking mixes.
From complete relaxation to the inexhaustible energy.

And that's it. Of course in this case I happen to know the URL they forgot is http://aromavip.net/ ... :roll:
Arf, she said
User avatar
Nodus
Spammer Obliterator
 
Posts: 2286
Joined: Fri Jun 15, 2007 7:05 pm

Re: Broken or Nonexistent Links

Postby spamislame » Thu Jan 24, 2013 4:40 pm

Worse than that, all the links on that site point to pages that don't exist.

A rrrreally pro operation obviously. :)

SiL
User avatar
spamislame
Site Admin
 
Posts: 5058
Joined: Tue May 09, 2006 9:18 am

Re: Broken or Nonexistent Links

Postby Nodus » Thu Jan 24, 2013 6:18 pm

spamislame wrote:Worse than that, all the links on that site point to pages that don't exist.

A rrrreally pro operation obviously. :)

Dammit!

As I said, that was a joe-job mail. I knew the URL they missed because I also got dozens of identical ones which did include the URL. But now the joe-jobbers obviously have once again got what they wanted:

Информация для посетителей сайта:
Данный сайт временно не работает.
Информация для владельцев сайта:
Пожалуйста, свяжитесь со службой технической поддержки support@mchost.ru
С уважением, хостинг Макхост

"Information for visitors:
This site is temporarily unavailable.
Information for owners:
Please contact technical support support@mchost.ru
Sincerely, Makhost hosting"

Well, I sent them some feedback.

This is a new plague... :(
Arf, she said
User avatar
Nodus
Spammer Obliterator
 
Posts: 2286
Joined: Fri Jun 15, 2007 7:05 pm

Previous

Return to Sloppy, Lazy and Stupid Spammers

Who is online

Users browsing this forum: No registered users and 1 guest

cron