Spyware Warrior

[anartist]

Internet Evidence Removal Services <BLC_Data@extenti.com>
This email smelled phishy so I saved it in my scam folder and looked up extenti on whois and got the following:

Current Registrar: REGISTER.COM, INC.
IP Address: 64.86.69.186 (ARIN & RIPE IP search)
IP Location: VE(VENEZUELA)-DISTRITO FEDERAL-CARACAS

and because I was trying out a new tracking widget
http://aruljohn.com/track.pl
I ran the IP address.
IP address 64.86.69.186
Hostname toolauthor.com
ISP Teleglobe Inc.
Country Canada Canada

the following TOTALLY BLANK site was at the end of the road
http://www.toolauthor.com/

What do you make of that?

Edited by admin to break live links.

[MysteryFCM]

Register.com are known supporters of and actively in, spamming.

http://hphosts.blogspot.com/2008/09/dear-registercom-stop-spamming-me.html

Can you post the entire e-mail? (including headers)
_________________
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

[anartist]

from Internet Evidence Removal Services <BLC_Data@extenti.com>
to <removed by admin>@gmail.com
date Sat, Aug 9, 2008 at 1:49 PM
subject Don't get caught

Don't ever get caught looking at things on the Internet that you DO NOT want people to know you are looking at!

Press Here to Permanently DELETE your Internet surfing HISTORY and other tracks:
hxxp://extenti.com/tr.php?53692+<removed by admin>@gmail.com

PLEASE READ THIS IMPORTANT MESSAGE regarding the websites you visit, your chat conversations, and all of your Internet and other PC files:

Don't lose your job, get divorced, become embarrassed, or be sent to prison because of what you do on your home or office computer!

Are you aware that your computer is also a recording device? Almost every action you make is recorded and can be easily retrieved by anyone, not just by a computer geek but by an average computer user such as your spouse, boss, friend, or anyone who has access to the PC you use.

Press Here to Permanently DELETE your Internet surfing HISTORY and other tracks:
hxxp://extenti.com/tr.php?53692+<removed by admin>@gmail.com

For example, web browsers such as Internet Explorer and Firefox can save every image and every website you open. Windows might save every login name and password you type. Media players often keep records of every movie and video clip you watch.

If you visit ADULT/Porn websites, Dating Sites, Myspace, Chat rooms, or any site that you don't want anyone to discover that you've been visiting, then you need to seriously consider permanently deleting your Internet files and HISTORY with Evidence Nuker as soon as possible.

Press Here to Permanently DELETE your Internet surfing HISTORY and other tracks:
hxxp://extenti.com/tr.php?53692+<removed by admin>

Without Evidence Nuker your computer is as private as a diary left on a restaurant table for anyone to read, and thousands of people have been fired, divorced and even sent to prison over what was found on their PC! Do you want your loved ones, employers, or law enforcement agencies to know everything you do Online?

For no cost at all you can download Evidence Nuker today and run a FREE scan that will show you a listing of deleted files, emails, chat transcripts, audio and video files, temporary internet files, image files (all formats), search histories, clipboard data, passwords, internet history, stored cookies and so much more! After you see everything that has been easily recovered you can use Evidence Nuker to permanently delete everything you want erased!

Press Here to Scan your PC For No Cost:
hxxp://extenti.com/tr.php?53692+<email address removed>

Do you know the ???Recycle Bin" does not destroy data?

There are tools that can retrieve deleted files even if a new file has been written where the old one used to be. Not even formatting your hard drive is a guarantee of privacy! You should never give away an old computer before permanently deleting all of the personal information you have left on it.

Evidence Nuker gives you a choice of several deletion methods including the one approved by the Department of Defense (DOD 5220.22-M standard) and the one scientifically proven to be sufficient (Guttman).

Press Here to Scan your PC For No Cost:
hxxp://extenti.com/tr.php?53692+<email address removed>

-----

To not receive future offers/promotions from us please press on the below link and scroll to the bottom of the page:
hxxp://extenti.com/tr.php?53693+<removed by admin>

Or send us a letter at:

6965 El Camino Real
Suite 105 -698
La Costa, CA 92009

You will not get anymore of our emails if you go here
hxxp://extenti.com/unsub.php?client=BLC_Data&msgid=8080800083 and enter your email address<email address removed>

or write to:

126 E. Wing Street Suite 103
Arlington Heights, IL 60004


(Edited to make links inactive - Admin)

[MysteryFCM]

First and foremost, please replace the http in your post, with hxxp to prevent accidental clickity action.

Both of the domains you mentioned, whilst having a blank parent page, are valid if you add;

/tr.php?53692

This redirects you to a site peddling Evidence Nuker (rogue)

[anartist]

By rogue, do you mean that they are harvesting information or something?

[MysteryFCM]

Nope, by rogue I mean - bogus (fake) application that is designed to do one thing - extract money from the victims that install it.
_________________
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

[suzi]

I've gotten similar emails from the same people, pushing other programs. They are indeed same people that were behind SpywareNuker -- scammers from way back imo.

http://whois.domaintools.com/nuker.com

Jamie Leasure, aka James Leasure, the old Trek8/TrekBlue group. Some history here:

http://www.spywareinfo.com/newsletter/archives/0804/4.php

http://spywarewarrior.com/viewtopic.php?p=22011

anartist, I removed your email address -- not a good idea to post it in public like that. Other spammers will get it if you do that.
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn.

[olliver]

Wouldn't it be more appropriate to move the entire thread to the spam corner? I think that's where it belongs to and where people would go looking for in case they had similar spams.

And to remain on-topic:
Any incoming crap you did not ask for and that forcefully tries to get your attention for a service/product by a company you do not business with should be safe to get discarded. After all, no matter how sneaky a spammer is, he still has to mention the product/service he gets the commision for .

O.
_________________
Petcord netlabel :: Synflict post-digital arts :: Leftob audio cast
Each click on any of the links above will save the life of a cute kitty somewhere in the universe.

[suzi]

Good idea, topic moved accordingly.
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn.

[Nightmaretony]

Speaking of rogue, can we get updated on the blog of the latest rogues and things? (hint hint)

had a nice lunchtime diversion, friend got a WebWebSearch thing in email going round. AdAware seemed to do the trick. Avast didnt catch it and was fighting his own Trend Micro. I alos installed up Firefox and will be teaching him safe computing practices....
_________________
For this is the place
where dreams
and nightmares
are birthed
and bred

Nightmare Park