Scope (?):  All Topics
YanBz
admin
Hot or Not?
12

Beware of spam emails addressed from our support address

submitted on June 29, 2010 by YanBz in "Buxr Website / Contests"
I have been in the past couple days receiving emails that come addressed from "support at buxr dot com" that I know we didn't send. They are spam and should be avoided. The emails look like this:


subject: Please confirm your message

This message was created automatically by mail delivery software (TMDA).

To release your message for delivery, please click on the following link and confirm message

buxr.com/confirm/launch?.gx=1&.rand=ck8q9en84ere5&.intl=us

This confirmation verifies that your message is legitimate and not junk-mail. You should only have to confirm your address once.

If you do not respond to this confirmation request within 14 days, your message will not be delivered.

Regards,
buxr.com Account Services


The link inside this message actually leads to a different website ( domain platestahl.com ) , not buxr, even though it looks like it is a buxr link. The "from" field is forged to buxr.com address, but "return path" and "message id" point to a different domain - rjagroup.com which gives away the spammy nature of this message.

Beware, if you received an email like this, we didn't send it. Somebody is using our name to spam you. If you get it, flag it as spam and do not click on the link inside.
 

Favorite
  Comments
  • 68298
    outcastplo313
    professor
    1
    Posted by outcastplo313 on June 29, 2010
    [reply] 3 0
    Wow scary what people try to do these days.. Eeek
  • 68306
    YanBz
    admin
    Posted by YanBz on June 29, 2010
    [reply] 4 0
    Here is another version of this spam email:


    subject: Your buxr.com account information has changed

    New secret questions were added to your buxr.com account.

    To ensure that your account information remains accurate and secure we notify you whenever this information changes.

    This change request was made on Tue, 29 Jun 2010 12:46:54 +0800

    If the changes described above are accurate, no further action is needed. If anything doesn't look right, follow the link below to
    make changes:

    edit.buxr.com/forgot?stage=fe100&src=&intl=us&done=&partner=reg

    Regards,
    buxr.com Account Services
    -------------------------
    Please do not reply to this message. Mail sent to this address cannot be answered.


    The domain for the link inside the message is standhostesi.org, the domain for the "return path" is reasonablypriced.com. It appears buxr name is being used by a group of spammers
  • 68307
    midget
    professor
    5 3 2
    10 6 2
    Posted by midget on June 29, 2010
    [reply] 1 0
    I never click links in emails like this. If I get one I'll just delete it. Thanks for the heads up on this Yan.
  • 68319
    pablos17
    deity
    2 4 6
    10 8 2
    Posted by pablos17 on June 29, 2010
    [reply] 1 0
    Stupid spammers. Evil
  • 68324
    DebsFreebies
    professor
    2
    10 5 1
    Posted by DebsFreebies on June 29, 2010
    [reply] 2 0
    Of all the sites to target, why Buxr? I know it's great and all but ??
      68336
    • pablos17
      deity
      2 4 6
      10 8 2
      Posted by pablos17 on June 29, 2010 [reply] 0 0
      Targeting Buxr users doesn't seem logical to me either. Most of use here are pretty computer savvy, plus we communicate well with one another.
  • 68327
    ZeN
    guest
    Posted by ZeN on June 29, 2010
    [reply] 1 0
    Hi ! The public e-mail address of my website have been spammed today with the same message, I think it's a massive "attack".

    By the way, YanBz, could you tell us how their link "buxr.com/confirm/launch?.gx=1&.rand=ck8q9en84ere5&.intl=us" is redirected to platestahl.com please ?
    I don't get it...
  • 68331
    ZeN
    guest
    Posted by ZeN on June 29, 2010
    [reply] 1 0
    Uh, got it, I assume that my mail manager removed the real link and that "buxr.com/confirm/launch?.gx etc" is just the text displayed for this link, am I right ?
      68338
    • YanBz
      admin
      Posted by YanBz on June 29, 2010 [reply] 0 0
      This email message comes as HTML document. "buxr.com/confirm/launch" is just a link label, the URL behind it is altered and points to a different domain. It wasn't however your mail manager/software that removed the link. The URL was purposely set to a different domain by whoever wrote and sent this email.
    • 68340
    • ZeN
      guest
      Posted by ZeN on June 29, 2010
      [reply] 1 0
      Ok, thank for your feedback.
      Yes it is due to my mail manager (in fact it is more a CRM software): when it received this spam it removed the link but not the link label, and when I asked it to show me the message it automatically transformed the label into a link;

      As a result, I was seeing a spam with a link to my own website and was wondering if these spammers were stupid or if I was missing something really sophisticated Mr Green

      Thanks again
    • 68346
    • YanBz
      admin
      Posted by YanBz on June 29, 2010 [reply] 0 0
      How could the link be pointing to your own website if the label has "buxr" in it? Just curious...

      The spam emails that you received, were they exact copies of what I copied here or did they have some differences (like different domains used, different wording, etc)?
  • 68351
    ZeN
    guest
    Posted by ZeN on June 29, 2010 [reply] 0 0
    Sorry, I was not clear : I received the same spam but dedicated to my website.
    In my previous posts I just took "buxr.com" as an example, the e-mail I received was refering to my own website.

    (in fact, as I told you I was wondering what was the point of this spam, so I asked my friend Google where I could find an explanation; that's how I landed on your nice website which I didn't knew) Wink
  • 68391
    mooncow728
    professor
    1 1
    12 6 1
    Posted by mooncow728 on June 29, 2010 [reply] 0 0
    My e-mail address spams anyone that I have in my address book. I haven't quite understood why. All it does is sends a message titled SURPRISE! and then has a link to look at kids photos which actually downloads a trojan. I don't understand why people do things like this. Confused
      68459
    • HouTex
      admin
      Posted by HouTex on June 29, 2010
      [reply] 3 0
      Tricking people into clicking on the link in the email is key. The trojan download leaves a seemingly harmless hidden program that can possibly control your computer later. It may remain dormant for a while until it receives a command that triggers it. So it could become a tool or "bot" in some other scheme, like a denial of service attack on a specific site. This has been done, for example, to Microsoft's web site to try to crash it. So the point of targeting any group would be to obtain control of large numbers of unprotected computers. If your address is sending out these kinds of messages to people in your address book, you've already gotten such a file yourself, and your system is being used to add more computers to use as bots. You should scan your computer for malware.

      The main point is to make the receiver think the message comes from someone they trust, so they would be more likely to click on the link. Buxrites are too smart for that!
    • 68463
    • mooncow728
      professor
      1 1
      12 6 1
      Posted by mooncow728 on June 29, 2010 [reply] 0 0
      See that's what I thought too. But I've ran numerous scans with different programs and have found nothing. It's always the exact same file sent. A while back I changed my password and it fixed the problem but it started again. I just have all my e-mail addresses memorized now, and change my password often. The only addresses in my book are company addresses that do not accept replies. I'm too set in my ways to change my address. Big Grin
    • 68478
    • Solstice
      professor
      1 6 2
      11 4 1
      Posted by Solstice on June 29, 2010
      [reply] 2 0
      Try downloading and running Tarun's Anti-Malware toolkit.

      I've never used it since my computers are already well locked down and protected, so I can't speak for it myself, but Tarun is a trustworthy source on these matters. It certainly can't hurt.

      http://www.buxr.com/topic/anti-malware-toolkit_582

      Other than that, what security suite are you running, as that might be part of your issue?
    • 68485
    • mooncow728
      professor
      1 1
      12 6 1
      Posted by mooncow728 on June 30, 2010 [reply] 0 0
      Well I've run Kaspersky and Norton and Spybot and AVG and Windows Malicious Software Removal Tool. I'll check that out when I'm awake a little more. I'm too tired to make sense of it. Thanks!
    • 68534
    • mooncow728
      professor
      1 1
      12 6 1
      Posted by mooncow728 on June 30, 2010 [reply] 0 0
      Well thanks for the tip Solstice. That was a pretty nice compilation of programs but it still found nothing. I think somehow someone is actually logging into my e-mail address or something. I have no idea but it is rather annoying.
    • 68554
    • tammy987
      professor
      5 1 1
      Posted by tammy987 on June 30, 2010 [reply] 0 0
      Eeek OMG! I've been having trouble with my computer for about a month now. I was not receiving e-mails or getting them almost a week late. I ran everything I had to try and find what was going on, called my service provider, changed passwords. Couldn't find out what was going on until they made one stupid little mistake. With some help, I traced it back. Not sure what I'm going to do, yet. My solution was an expensive one. I bought a new computer! Evil
    • 68556
    • mooncow728
      professor
      1 1
      12 6 1
      Posted by mooncow728 on June 30, 2010 [reply] 0 0
      I bought a new computer in April and had the same problems with the old comp and now the new comp. Not sure what the deal is.
  • 68524
    lootango
    professor
    11 9 1
    Posted by lootango on June 30, 2010 [reply] 0 0
    Thanks for the head's up. That's so bizarre!
  • 68584
    Tarun
    novice
    Posted by Tarun on June 30, 2010
    [reply] 2 0
    Best thing to do is submit it to Spamcop.
      68587
    • HouTex
      admin
      Posted by HouTex on June 30, 2010 [reply] 0 0
      Excellent suggestion! Thanks, Tarun.
      http://www.spamcop.net/
      SpamCop is the premier service for reporting spam. SpamCop determines the origin of unwanted email and reports it to the relevant Internet service providers. By reporting spam, you have a positive impact on the problem. Reporting unsolicited email also helps feed spam filtering systems, including, but not limited to, SpamCop's own service.

Leave a Comment (members Sign in to comment)

Name

E-Mail (will not be published)

2 x 3 = ?

Emoticons

'Mr Green''Neutral''Twisted''Arrow''Eek''Smile''Confused''Cool''Evil''Big Grin''Idea''Red Face'

(more)


 

Browse by tags