Got some spams with apparently a single letter per gif, like a ransom note, with different color backdrounds, capitalization, fonts, etc., *per letter*. Is this new?
http://www.surbl.org/evidence/single-letter-gif-spam.png (rendered, somewhat redacted) (I'm not going to bother posting the message source, as you'll probably all be getting them soon.) One of our OCR programs did not decode it correctly, which presumably is the goal of the ransom-note-style. The message also passed through greylisting, meaning the sending agent retries later like a real MTA. Sent from rene.com.pl, a Polish DSL provider, presumably from a bot. Advertised domain is: usably.net Related domains: palatals.net mayoresses.com (nameserver) wrongdoers.net (nameserver) All registered 14 July 2006 on xinnet.cn, all with the same whois: Domain Name: WRONGDOERS.NET Registrar: XIN NET TECHNOLOGY CORPORATION Whois Server: whois.paycenter.com.cn Referral URL: http://www.paycenter.com.cn Name Server: NS.XINNETDNS.COM Name Server: NS.XINNET.CN Status: ACTIVE EPP Status: ok Updated Date: 01-Nov-2006 Creation Date: 14-Jul-2006 Expiration Date: 14-Jul-2007 Domain Name:wrongdoers.net Registrant: Mike Vester Allensteiner Strasse 24 47237 Administrative Contact: Mike Vester Mike Vester Allensteiner Strasse 24 Duisburg 47237 Germany tel: 49 7161 3079405 fax: 49 7161 3079405 [EMAIL PROTECTED] Technical Contact: Mike Vester Mike Vester Allensteiner Strasse 24 Duisburg 47237 Germany tel: 49 7161 3079405 fax: 49 7161 3079405 [EMAIL PROTECTED] Billing Contact: Mike Vester Mike Vester Allensteiner Strasse 24 Duisburg 47237 Germany tel: 49 7161 3079405 fax: 49 7161 3079405 [EMAIL PROTECTED] Registration Date: 2006-07-14 Update Date: 2006-11-02 Expiration Date: 2007-07-14 Primary DNS: ns.xinnetdns.com 210.51.170.66 Secondary DNS: ns.xinnet.cn 210.51.171.209 Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
