“Happiness will never come to those who fail to appreciate what they already have.” clarkfamily2010.info viral spam, bait spam, email authentication from spambots?
Today’s weird spam.
Single paragraph from an apparently innocuous (well if anything by .info could be considered innocuous) address out of clarkfamily2010.info
Google brings up nothing useful.
Created On:01-Mar-2012 14:29:19 UTC
Last Updated On:14-Mar-2012 07:35:39 UTC
Expiration Date:01-Mar-2013 14:29:19 UTC
Sponsoring Registrar:GoDaddy.com LLC (R171-LRMS)
Status:CLIENT DELETE PROHIBITED
Status:CLIENT RENEW PROHIBITED
Status:CLIENT TRANSFER PROHIBITED
Status:CLIENT UPDATE PROHIBITED
Registrant Name:Registration Private
Registrant Organization:Domains By Proxy, LLC
Brand new domain name! hmmm.
Basically they are hiding themselves. I think this is some sneaky email validation thing for a Nigerian scam style follow up. Once they know you exist they will never let up. This could be a strange spear fishing attempt, but it is quite general for that, however it is a lure to answer back and therefore become a target.
Ignore and blacklist them if you can, Google correctly spotted it as Spam.
Continuing to probe, checking out www.clarkfamily2010.info we arrive here:
inetnum: 220.127.116.11 – 18.104.22.168
descr: PIRADIUS NET
status: ALLOCATED PORTABLE
remarks: This object can only be updated by APNIC hostmasters.
remarks: To update this object, please contact APNIC
remarks: hostmasters and include your organisation’s account
remarks: name in the subject line.
changed: hm-changed (at) apnic (dot) net 20090617
with full details of the provider in Kuala Lumpur. If it was not suspicious before, surely it must be so now??
Doing a google check on Piradius proves that this is spear fishing almost certainly..