Tekblog

Majority of spam I have been receiving for the past two weeks:
From: software_innovations5@setuta.com
Canonical name: lice.powatih.com
Addresses:
38.103.164.130

Some of the URLs in these campaigns attempt to immediately download the file after a few redirects to other sites. The majority of software download sites have shifty or no company information and remain secretive about their identity. Most sites push affiliate programs with 65%+ earnings.

Today I will briefly examine Spyware Nuker
8,646,618 registered users as of 08/16/2009, 5:46:59pm PST
None of the IPs listed are in the SBL.

I received this email last week:

New Update to fix Windows File Errors [software_innovations5@setuta.com]

File Error Notification – Instructions To fix File Errors in your Registry:
Your PC may be suffering from serious file errors in your WINDOWS registry which may be the reason why your PC is running so slow, or crashing and freezing from time to time. Also, these can lead to major system problems and possible memory leaks.

Below are instructions that will enable you to Increase Your Computer’s Speed, Power, Stability and Reliability in just a few minutes.

Press below to launch the Diagnostics Test download for no cost at all:
This URL instantly attempts to load errornukerinstaller.exe

Spam Path

Email URL: setupa.com [IP: 75.127.82.10 Error: 302] redirects to flxclick.com. [IP: 209.124.80.94 Error: 302]
flxclick.com redirects to 123.fluxads.com. [IP: 207.67.0.17 Error: 301]
The cookie from 123.fluxads.com attempts to set domain to:
directtrack.com (Online marketing and tracking systems)

Final Destination:

Open download from: Resolving hxxp://www.nukerdownloads.com IP: 64.18.156.154

When you check out “about us” at hxxp://www.nuker.com/ you are directed to hxxp://www.trekblue.com/about/

I think we should also go after the affiliates of these spam campaigns and make them responsible for trying to profit at our expense!

1. Make the company liable for the spam actions of affiliates – they must monitor their affiliates closely.
2. Provide name, address, references, and a working phone number of affiliate for public preview if the affiliate is involved in found to be involved in a spam campaign.
3. Two weeks prior to an affiliate sending out an email campaign bundle, the affiliate must certify with their company and with the state regarding how each email address was obtained.
4. Create a BAB (Better Affiliate Bureau) to rate affiliates along with their company. This would also be a place to lodge complaints.
5. No redirecting or disguising URLs and all domains must be fully disclosed in a whois: lookup. If redirects are used (for click purposes) this must be disclosed in the footnotes of the originating email.

Spamhaus.org has an excellent write up about how we should be controlling affiliate spammers.

Until next time — Stay safe online!

Tags: affiliate marketing, email, spam