July 2008

What rubbish have we received today? Below is a partial list of the "spamvertised" domains sent to our accounts.

Note that this is a listing of spam received by us, not sent by us. We do not send unsolicited bulk email but spammers routinely forge our domain name in the From: line of their junk.

The pharmacy/replica spammers appear to have joined forces, with nearly identical emails, domain registrations and spamming patterns.

Organisation	Domain Name	Date
Black Network Inc., Canadian Healthcare, Canadian Pharmacy, Chang Limited, Cheap OEM Software, Cheap Software & OEM Downloadable CDs, Downloadable Software, ED Choice, ED Choise, ED Express, ED Pill Store, EliteHerbal Inc., Etty Productions Limited, European Pharmacy, Express Herbal Inc., Express Herbals, Exquisite Footware & Bags, Exquisite Replica, Forex Hosting, Hae Dong Limited, Health Worldwide Inc., Herbal Doctors Inc., HerbalKing, HerbalMart, King Replica, Kyung Kim LLC, Liquid Ventures Inc., LNHSolutions, MailienPharmacy Online, ManSter Penis Enlargement Formula, MaxGain+, MaxHerbal Inc., MegaDik, Mohamed Ahmed Inc., MyCanadianPharmacy, Oemcd.net, Official Medicine, Official Medicines, Optin Media Inc., Pharmacy Express, PharmSite, PowerEnlarge, Prestige Footwear, Preto Productions, Pump It Productions, Soft Eden, Speshilov Inc., Stiomal.net, Tolmen Star Enterprises Ltd., United Pharmacy, VPXL, WonderCum Inc., Xingu Inc., xtrasize-plus.com, XtraSize+	aaaasthaataa.cn, eiuhticen.com, shinejump.com	1 July
	enlargegrade.com, feelmix.com, manyideal.com	2 July
	idealrenew.com, lubecolii.com, medsenlarge.com, purchaseprescriptiondrug.com, totalpfizerlilly.com	3 July
	blinggreat.com, closecanada.com, closepills.com, doubleexpect.com , enlargestore.com, frienddesire.com, granddrugs.com, massivemassive.com, medsopen.com, powerlow.com	4 July
	inchfind.com, medonlinetechx.com	5 July
	saleadd.com	6 July
	helptray.com, renewpill.com	8 July
	talltotal.com	9 July
	placemust.com	10 July
	cloudhappiness.com, equalaspiration.com, especiallylegacy.com, generositywall.com, numeralher.com, shallharmony.com, teethkey.com, wallcook.com	11 July
	hallstay.com, wentteam.com	12 July
	stemstem.com	13 July
	pacepeal.com	14 July
	renewcase.com, rideclose.com	16 July
	millgreat.com	18 July
	samebuild.com	19 July
	paidfeel.com	20 July
	dimedip.com, waitmix.com	22 July
	markrate.com	27 July
	tallhigh.com	28 July
	flapreal.com, helppine.com	29 July
	enoughcan.com, yesbade.com	31 July
Canadian Health&Care Mall, VIP Pharmacy	kneradgerdo.com, nibbletvast.net	7 July
Canadian Health&Care Mall, VIP Pharmacy	ggfy.mroil.com.cn → behlfijkag.woimandlop.net, gtx.mroil.com.cn → behlfijkag.woimandlop.net	8 July
Christian Troy, Iron Clad Media	roughriderranch.com	31 July
DebtFree, Diamond Replicas, Diamond Swiss, Diamond Watches, Direct Pharmacy, E2 Finance, Euro Vegas, Euro VIP Casino, Fly Watches, Fortune Las Vegas, Freedom4U, Freedom From Debt Forever!, Gambling Online Casino, Golden Gate Casino, Jackpot Casino, Magic Jackpot Casino, Mortgage-Infinity, Online Casino, The Palace Group, Prestige Replicas, Royal Casino, Royal Club Casino, Royal-Euro Casino, ScratchCards.com, Spin Palace Casino, Vegas Casino, Vegas VIP Casino, World Casino, World Jackpot Casino, World Pharm, World Pharmacy	capedyinlax.com	6 July
	jsooke.com	7 July
	cluckfog.com	11 July
	chadskor.com	13 July
	glimsallcommon.com, kmtolojqe.cn → limenbadsharp.com	14 July
	medalgutdeep.com, millenahcruel.com	15 July
	kruuue.com	16 July
	nbnnen.com	18 July
	haulmstycap.com, pudgybahvie.com, stiedmedicalrue.com	19 July
	ekkeis.com	21 July
	feuarroccor.com, ideasseahot.com	22 July
	spreeaboava.com	25 July
	cpnijaaqfq.cn → mealytupnth.com	29 July
"Link Farms"	parmik.20m.com	10 July
	colexplo.dreamstation.com, likeareal.ibelgique.com	12 July
	mergina.247ihost.com	15 July
"Phishers"	Domain Name	Date
posing as Barclays Bank	anygonvot.be	1 July
posing as NatWest Bank	dpg.me.uk	2 July
posing as PayPal	data-update.com	2 July
Malware	Domain/Executable	Date
	(hacked) casaplacci.it/main.html → `view.exe`, (hacked) noniforlife.de/main.html → `view.exe`, (hacked) sky-win.co.kr/main.html → `view.exe`, (hacked) sweetcharitygifts.org/main.html → `view.exe`	14 July
	(hacked) piotrstefaniak.pl/main.html → `view.exe`	15 July
	bestexe9d6.com → `video-nude-anjelina.avi.exe`	16 July
	(hacked) oncelofset.com.tr/news.html → `watch.exe`	17 July
	(hacked) eldisfrazbilbao.com/hot.html → `watch.exe`, (hacked) ristorante-remise.de/hot.html → `watch.exe`	19 July
	(hacked) agrar-office.hu/start.html → `watch.exe`, (hacked) akvnjbp.com/start.html → `watch.exe`, (hacked) pierluigimazzoleni.com/start.html → `watch.exe`, (hacked) stardiving.it/start.html → `watch.exe`	20 July
	(hacked) amafe.org/begin.html → `watch.exe`, (hacked) leonardodavi.com/viewmovie.html → `codecinst.exe`	21 July
	(hacked) millefiori.com.br/viewmovie.html → `codecinst.exe`, (hacked) neticon.pl/viewmovie.html → `codecinst.exe`	22 July
	(hacked) exoss2.com → `watchmovie.mpg.exe`	24 July
	(hacked) elpatiodejesusmaria.com/fresh.html → `get_flash_update.exe`, (hacked) gremirecuperacio.org/fresh.html → ?	28 July
	(hacked) baeckerei-sedlmaier.de/gowatch.html → `get_flash_update.exe`, (hacked) emanuelafusa.com/showvideo.html → `get_flash_update.exe`	31 July
Unknown/Unresolved	Domain	Date
	tldmls.com/aggblcjbmaaahiokg	1 July
	mdubseyc.cn, stemextra.com	10 July
		11 July
	wenthot.com	11 July
	fineflick.com, paytame.com	16 July
	eurocasinoha.com, eurocasinohb.com, eurocasinojy.com	30 July
Addresses Receiving Spam		Total
Nonexistant and Catch-all		7
Various Compromised Mailing Lists		56
Personal		3
Obliquity.com Domain Registration		29
Obliquity.com Contact Form		4