The Dean Website. AKA The Exploded Micro-Family
Random header image... Refresh for more!

“Happiness will never come to those who fail to appreciate what they already have.” clarkfamily2010.info viral spam, bait spam, email authentication from spambots?

Today’s weird spam.
Single paragraph from an apparently innocuous (well if anything by .info could be considered innocuous) address out of clarkfamily2010.info
Google brings up nothing useful.

Whois:
Domain ID:D45652325-LRMS
Domain Name:CLARKFAMILY2010.INFO
Created On:01-Mar-2012 14:29:19 UTC
Last Updated On:14-Mar-2012 07:35:39 UTC
Expiration Date:01-Mar-2013 14:29:19 UTC
Sponsoring Registrar:GoDaddy.com LLC (R171-LRMS)
Status:CLIENT DELETE PROHIBITED
Status:CLIENT RENEW PROHIBITED
Status:CLIENT TRANSFER PROHIBITED
Status:CLIENT UPDATE PROHIBITED
Status:TRANSFER PROHIBITED
Registrant ID:CR107088801
Registrant Name:Registration Private
Registrant Organization:Domains By Proxy, LLC
Registrant Street1:DomainsByProxy.com

Brand new domain name! hmmm.
Basically they are hiding themselves. I think this is some sneaky email validation thing for a Nigerian scam style follow up. Once they know you exist they will never let up. This could be a strange spear fishing attempt, but it is quite general for that, however it is a lure to answer back and therefore become a target.

Ignore and blacklist them if you can, Google correctly spotted it as Spam.

Continuing to probe, checking out www.clarkfamily2010.info we arrive here:
inetnum: 111.90.128.0 – 111.90.159.255
netname: PIRADIUS-NET
descr: PIRADIUS NET
country: MY
admin-c: PA124-AP
tech-c: PA124-AP
status: ALLOCATED PORTABLE
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
remarks: This object can only be updated by APNIC hostmasters.
remarks: To update this object, please contact APNIC
remarks: hostmasters and include your organisation’s account
remarks: name in the subject line.
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
changed: hm-changed (at) apnic (dot) net 20090617
mnt-by: APNIC-HM
mnt-lower: MAINT-MY-PIRADIUS
source: APNIC

with full details of the provider in Kuala Lumpur. If it was not suspicious before, surely it must be so now??
Doing a google check on Piradius proves that this is spear fishing almost certainly..

2 comments

1 Lynda { 03.15.12 at 8:34 am }

I got the same email. Thanks for posting what you’ve found out. Great temptation to reply asking what they’re on about, but luckily I didn’t…and won’t !!

2 Patrick { 03.15.12 at 3:29 pm }

No problems.. If I had time I would maybe try following them up through a throwaway email to see what gets sent back. As this was a brand new scam – no hits returned – I felt it was worth putting this up. The power of Google and WordPress showed up here as I got instant feedback that this email was being googled for – in other words it really is spam…