Buy Today!
Book Cover
The Music Video
You've got to see it to believe it: Check out the "Mister Spam Man" video at YouTube.
Search Dispatches
Archives
May 2019
March 2019
August 2018
July 2018
June 2018
May 2018
April 2018
December 2017
November 2017
September 2017
August 2017
July 2017
February 2017
March 2016
January 2016
November 2015
May 2015
April 2015
February 2015
January 2015
December 2014
November 2014
October 2014
September 2014
April 2013
February 2013
January 2013
December 2012
September 2012
August 2012
July 2012
June 2012
May 2012
April 2012
March 2012
February 2012
January 2012
December 2011
November 2011
October 2011
September 2011
August 2011
July 2011
June 2011
May 2011
April 2011
March 2011
February 2011
January 2011
December 2010
November 2010
October 2010
September 2010
August 2010
July 2010
June 2010
May 2010
April 2010
March 2010
February 2010
January 2010
December 2009
November 2009
October 2009
September 2009
August 2009
July 2009
June 2009
May 2009
April 2009
March 2009
February 2009
January 2009
December 2008
November 2008
October 2008
September 2008
August 2008
July 2008
June 2008
May 2008
April 2008
March 2008
February 2008
January 2008
December 2007
November 2007
October 2007
September 2007
August 2007
July 2007
June 2007
May 2007
April 2007
March 2007
February 2007
January 2007
December 2006
November 2006
October 2006
September 2006
August 2006
July 2006
June 2006
May 2006
April 2006
March 2006
February 2006
January 2006
December 2005
November 2005
October 2005
September 2005
August 2005
July 2005
June 2005
May 2005
April 2005
March 2005
February 2005
January 2005
December 2004
November 2004
Dispatches RSS Feed
Powered by Movable Type 3.121
Home The Book Training Events Tools Stats
Web log archive.
A Dispatch

« "Does Anyone Fall for Lottery Scams?" You Ask | Main | eBay Phishing for High Value Accounts »

December 08, 2007

Wrong on So Many Levels

An author of 45 books is, by nature, a bibliophile (lover of books). I can't help it. When I was in the Eisenhower-era third or fourth grade, my elementary school belonged to a program that let students buy books (not the textbooks) right in the classroom—probably some program that a publisher or distributor sold to the school district to provide kickbacks to the district (ah, the cynicism of middle-to-old age). I don't remember much about the selections (the catalog must have been well-sanitized for our protection), but those rare days when the books arrived were my happiest days of the otherwise desperately long school year.

Thus, the Subject: line in my email program's Spam folder peaked my curiosity:

New amazing shopping place for books [removed].com

I didn't recognize the domain name at all. It sounded like something in a foreign language, perhaps from South Asia. For a reason I'll never be able to fathom, I am on a lot of Malaysian spam lists, and the domain name for this spam sounded as though it could have been from there.

First things first. I opened the source code view of the message to look for any signs of nastiness, even though my email client is theoretically immune to the usual "phone home" and auto-download shenanigans. You can't be too careful these days.

The message was in plain text, so there was no HTML malarkey going on. But the content...well, I think I'd expect a bit more literacy from a bookseller:

Hello

The newest shopping place just start to work and we invite You to look us site. There You can bargain for the lowest price ever. Books aprox. for 4$ and lower. You must see that .


administration
www.[removed].com


This message is sent using [Removed] Server Professional Trial:
http://www.[removed].com/

Not wanting to assist this spammer in any way—including registering a hit on his web site—I started a typical investigation trail. I began with the domain registration. The identity was blocked through one of those domain cloaking services. For a commercial endeavor, that can't be a good sign. To his partial credit, the domain was registered in February of 2007, so it wasn't born yesterday.

Next I went to Google to see if the domain name (thankfully uncommon) garnered any hits elsewhere. I found a few listings that appeared to be affiliate sites ("buy 9 get 5 free" appeared in the Google summary), as well as several blog spam hits with links to the main site. Ugh, this was going to be painful. The main site, itself, showed up in Google's listing. Fortunately, Google had a cached copy of the page, which would allow me to view the home page without registering a hit with the actual site. Cool.

But before I would even do that, I bore in mind that Google has been linking to pages that have contained malware. Although Google has been working to clean that up, the fact a) that my invitation to the site came via spam, b) that the domain name record is cloaked, and c) that they use blog spam made me more than cautious. To be on the safe side, I viewed the HTML source code of the cached copy on the Mac's text-only Terminal program (using the curl command). I agree, it's like wearing two hazmat suits to clean up a spilled glass of milk, but I didn't want to give this spammer any chance of benefiting from his emission.

I saw no malware loading on the page, but there was a hit counter on another domain. Checking only the HTML source code prevented the hit counter from counting. Yay!

Based on what I read in the HTML source code (horribly coded, by the way), this site sells ebooks. It's not painfully clear from the home page because aside from being garbled English (no better than the spam message), details about what they do are few and far between. But links on the home page to download WinZip and Adobe Acrobat are dead giveaways.

With a bit more careful digging, I found a very long list of computer books this outfit offers (under "Business," go figure). My books get pirated quite a bit, especially the editions that come with a CD-ROM containing the PDF version of the book. It takes zero effort on the part of a pirate to compress the file and put it up on RapidShare and elsewhere for free download. My publishers' legal departments have staff whose jobs are to find these pirated copies and get them taken down. It was no surprise to find some of my books on the list.

Here's where it gets a bit interesting. Two editions of my JavaScript Bible appear on the list. Both editions (which were released in 2001—it's a long, boring story) are two editions earlier than the current 6th edition. We're talkin' Olde Schoole. But this "amazing shopping place for books" is charging money for these old ebooks. As partly described in the spam message, the sales premise for this "bookstore" is that interested buyers make an offer on however many titles they're interested in. There is no listed price per title, although the email message suggests prices are $4 or lower. Payment is made through PayPal and Skype Pay.

In looking through the rest of the list and other categories, I sensed that this list was awfully familiar. If I'm not mistaken, the inventory source for this "amazing shopping place for books" was a DVD available a few years ago that contained all of these titles already. The disc used to be offered on eBay (especially in the U.K.) for dirt cheap (like ten pounds for the entire collection). I had dozens of those auctions taken down. Some of the sellers then took my title off the displayed lists of titles, although I'm sure the books were still on the discs. I also alerted my publishers and author friends to pursue the same action whenever these unauthorized ebooks appeared on auction.

And so, we have a spammer trying to sell for real money pirated electronic copies of very outdated books (most already available for free download with a little digging) to unsuspecting suckers. It wouldn't surprise me if this spammer didn't buy a kind of kit containing the DVD and instructions how to spam using a free copy of the [Removed] Server software—all in an effort to start his own Internet business. If that's the case, I suspect that the only party who makes money on this deal is the guy selling the kit and the promise of Internet Riches.

The capper is that this spamvertiser of pirated property has the gall—no, the balls—to plaster a copyright notice at the bottom of his ugly-ass web site pages. All Rights Reserved. He can't possibly know what that means.

As for the true identity of this spammer, it's hard to say. The server software referenced in the message lets you essentially install an outgoing email server on your PC, allowing you to send email without going through your ISP's outgoing server. That's how computers that are members of a botnet convey their messages to escape being quantity-limited by an ISP's server. (I'm not saying that this particular server software isn't a legitimate program, but its mechanism appears to be the same as that used by zombies.) That the tagline appears in the spam message means that the spammer has outlasted the software's trial period, and doesn't appear to be ready to pay for it (surprise, surprise!).

The computer that sent the message was located not in South Asia, but in Lithuania, as likely as any place for this spammer to be waiting to Get Rich Quick on the Internet. I'll have to drop him a note and tell him to make sure he sends me my royalty checks.

Posted on December 08, 2007 at 10:56 AM