Syndicate
User login
Recent comments
- Ongoing problem with Islamic Banking and Finance Institute
3 days 12 hours ago - Thank you for supporting my point
2 weeks 3 days ago - Not all criticisms are "mindless"
2 weeks 3 days ago - Ongoing problem with The Production Advantage
3 weeks 3 days ago - Ongoing problem with Brisbane Boys' College
3 weeks 3 days ago - Ongoing problem with National Chung Cheng University
4 weeks 3 days ago - Ongoing problem with University of Nottingham
5 weeks 3 days ago - Ongoing problem with Microsoft
5 weeks 3 days ago - Ongoing problem with LEGALfact
6 weeks 3 days ago - Ongoing problem with Hudson Valley School
6 weeks 3 days ago
Spam Outings, Round 10
7 February 2010 - 10:05pm — droleary
You didn't really think it'd stop, did you? We start off with another series of educational institutions:
Brisbane Boys' College
Kensington Tce
Toowong QLD 4066
AU
spammed us on Monday, 1 February 2010 - 7:25pm, 7:39pm, 7:50pm, 8:02pm, 8:03pm and 8:12pm via IP 203.57.147.3
Prince of Songkla University
Computer Center
Korhong, Hatyai, Songkhla, 90110
spammed us on Monday, 1 February 2010 - 5:28pm; Thursday, 4 February 2010 - 10:08am via IP 202.12.74.44
Polish Academy of Science
Institute of Bioorganic Chemistry
Poznan Supercomputing and Networking Center
ul. Noskowskiego 12/14
61-704 Poznan
Poland
spammed us on Friday, 5 February 2010 - 2:58pm via IP 150.254.161.3
That's right, the botnets even have access to a supercomputing center, and yet they haven't figured out anything better to do with it than spam dumb blogs like mine.
Next up with have an otherwise generic IP block owner:
Cox Communications
1400 Lake Hearn Dr
Atlanta, GA 30319
spammed us on Monday, 1 February 2010 - 5:26pm, 7:25pm, 7:30pm, 7:31pm, 7:39pm and 8:03pm; Thursday, 4 February 2010 - 2:35am; Friday, 5 February 2010 - 6:05pm, 8:00pm, and 8:05pm via IP 98.172.30.138
What is notable about that IP is that it resolves to nat-gw.productionadvantage.com. The Production Advantage, Inc. appears to be a direct marketing company, so if you've ever done business with them, it's a good bet that your data has been compromised. They even helpfully list their clients, so if you've ever given your personal information to any of those organizations, you might want to contact them regarding your pending identity theft.
Another generic IP block owner:
Savvis
1 SAVVIS Parkway
Town and Country, MO 63017
spammed us on Thursday, 4 February 2010 - 11:20am via IP 216.109.73.21
That IP resolves to dc3-pw-nat.ws.ag.com. I will helpfully point out that ag.com belongs to American Greetings. As though it weren't bad enough for your "friends" to give up your identity for a stupid eCard, welcome to their insecure system that gives it up to people that are probably even worse.
And it's always the most fun when someone selling security is insecure:
TREND MICRO INCORPORATED
10101 N. De Anza Blvd,
Cupertino, CA 95014
spammed us on Monday, 1 February 2010 - 8:08pm via IP 216.104.15.138
and in an odd twist, they also came in a half hour earlier from half way around the world, doing a scouting mission on Monday, 1 February 2010 - 7:33pm via IP 150.70.84.26
The slogan on their site is "Securing Your Web World". Since they can't secure their own, I have my doubts. Their traffic pattern is so strange, though, it makes me think that they themselves might be abusing network resources instead of being part of someone else's botnet.
Copyright © 2009-2010 Doc O'Leary. All rights reserved.
Comments
Ongoing problem with The Production Advantage
New spam coming from 98.172.30.138:
Sunday, 7 February 2010 - 1:37pm
Sunday, 7 February 2010 - 2:57pm
Monday, 8 February 2010 - 8:41am
Ongoing problem with Brisbane Boys' College
New spam coming from 203.57.147.3:
Monday, 8 February 2010 - 1:11pm
Thursday, 11 February 2010 - 6:52pm