The next Kickstarter Spammer Justbacker

Just got another spam mail for a Kickstarter project. This time from justbacker.com located in "335 Lowell Ave, Palo Alto, CA 94301" according to the mail. So another mail to my old Kickstarter email address which was part of the Kickstarter Hack/Leak in 2014. And from my experience with Kickstarter they seem to tolerate this and does nothing against. None of my reports had any verifiable effect and I never got any reponse, not even something like "stop sending us is this shit".
The spamvertised product is Tech Belt by Filippo Moratoo and is a Kickstarter Team Favorite. 
The mail was received from 213.109.77.33 / mx319.spsndr.com. Never heard of spendr.com before, The description on their homepage says The only cannabis payments & rewards app. WTF? Why sends a cannabis payment company spam for kickstarer project and what the hell are cannabis payments? Oh, the hoster are my old friends from contabo. The referer redirection is also using spendr.com and is hosted at hetzner.de, but for unknown reasons Spamcop wants to send a report to Amazon AWS.

Rubrik: 

More Spam from "Reward Update"

More Spam from "Reward Update" which most likely got the e-mail address from the Kickstarter hack (leak?) in 2014. How did they get their clients? Most likely through spam.

Spamvertized Products:

  • Sento Air: Kickstarter's Most Funded Towel Remastered | Raised $200,000+

    Japanese Craftsmanship // Meticulous Design // Exceptional Materials // Extremely Comfortable

  • Dride 4K: Next Gen Connected Dashcam | Raised $800,000+

    4K // Remotely Access // Heat Resistant // Motion Detection // GPS // 4G // Dual & Rear Cam

  • This project is trending on Indiegogo and has raised over $130,000!

    Claw 2.0 is a Titanium Box Cutter, Bottle Opener, Hex Driver, Pry Bar and it's small enough to sit on your keys.

  • This is the smartest desk mat around, ideal for those who hate clutter but love organization. Create and arrange your own desk space by building it exactly to your own specifications with this modular board.

    Raised over $340,000!

    Click Here To Learn More About the MOFT Smart Desk Mat

Rubrik: 

Spamvertised Product: ForeverPen™

A "newsletter" for another crowdfunded product was sent to the mail address stolen from Kickstarter in 2014... This time it's "ForeverPen™ - Writing Without Limits", Seems to be an "inkless" pen that can write forever. Seems they ordered promotion services from "Reward Update":

Reward Update
899 E 8th St, Brooklyn,
NY 11230, USA

Reward Update is not associated or affiliated in any way, shape, or form with either Indiegogo, Inc, Indiegogo(dot)com, kickstarter(dot)com, Kickstarter PBC or Kickstarter, Inc.

Rubrik: 

Spamvertised product: Kisha

For weeks now I get spam for a "smart" umbrella called "Kisha". I never signed up for their "newsletter" and it's using the mail address which was leaked in the 2014 Kickstarter hack or leak. I report the mails ASAP to Amazon (Origin of the mails) and Cloudflare (Hoster of the spamvertised site) but neither of them seem to care about about spam. Anyway, let the world know that the guys behind Kisha are just spammers and never buy stuff from spammers. 

Some of their Newsletters:

Sender Subject
Kisha Umbrellas Kisha Classic Foldable is Back in Stock - Get it now with $20 Discount
Kisha Umbrellas Foldable Back in Stock
Kisha Umbrellas Meet MINI KISHA - Our Most Affordable Model
Kisha Umbrellas FREE Shipping Forever + 50% OFF on Kisha Classic Black
Kisha Umbrellas Kisha Smart Umbrella - 50% OFF Flash Sale
Kisha Smart Umbrella Kisha Smart Umbrella - 30% OFF New Fun Collection & 50% OFF Kisha Classic Black
Kisha Smart Umbrella Giveaway - Win A Free Kisha Smart Umbrella This June
Kisha Umbrellas Kisha Smart Umbrella Family Pack - $58.9 Discount on this bundle + FREE Shipping (Save up to $160)
Tags: 
Rubrik: 

Killing your Kickstarter Campaign with Fiverr

After the Kickstarter data leak in 2014, spam for kickstarter project became common. The scoundrels just use the data from this breach for sending email spam. Some even have real companies and some are individuals offereing their services directly to the campaign starter and others are "hired" by more or less reputable PR/Marketing companies which in turn offer advertisment services to the campaign owner. Looking at the URL in the mails and following redirections, you see mostly the same chain of irresponsibility: Big E-Mail Marketing companies sending out the mail (e.g. SendGrid or SpamChimp) --> the spammer -> marketing company -> kickstarter -> Project Page. So normaly everything is traceable and in case of spam compains any serious company should immediately terminate their contract with the previous element in this chain. Okay, everything can raise a fake company in seconds, but resolute action will make the current campaign worthless and on the long run spamming as a whole. 
 
Normally when confronted, the project owners won't disclose the names of companies commissioned for promotion, effectively protecting the offender and not helping the victims. 
 
A company called Terrahelix started a new campaign for "the future of lawn care" and fell into this trap: 
 
But they gave a small piece of information: They bought a couple of "gigs" on Fiverr, a company I haven't heard of yet. Okay, I seldom run spam campaigns ;-) . Okay, on Fiverr you can buy services including spam errr advertisement: 
 
 
So looking at the mail again, this spam mail was a little bit different. There was no referral id in the link, so there is no trace back to the one . And the kickstarter owner cannot analyze the success of each campaign and even if the commissioned promoter did anything at all but taking the money. And even worse these people may hurt your campaign, product and your company. 
 
From what I heard, as soon as you start your project on kickstarter you will get a lot of promotion offers, you get a taste of spam yourself. Welcome to the kickstarter shark tank. 
 
"Killing your campaign" was inspired by currenly only commenter on kickstarter. 
Rubrik: 

Fake domain renewal invoice

Your domain evilazrael.net registration is pending. Failure to complete this order by may result in the cancellation of this notification (making it difficult for your customers to locate you, using search websites on the web).

I wish simply ignoring these "orders" will result in cancelling these "notifications".
 
One of the best argument of these domain privacy services: less spam.

Tags: 
Rubrik: 

AMD 50th Anniversary Gifts

So, AMD is celebrating its 50th anniversary with some promo gifts when buying certain AMD products. You can get 2 free games and a free t-shirt. Here are the processes: 
T-Shirt

  1. Buy a AMD Ryzen 7 2700X 50th Anniversary Edition
  2. In the Ryzen 7 2700X CPU package you find a small card with a code. 
  3. You can redeem this directly on the amdrewards.com page

The Gamebundle

  1. AMD Ryzen 7 2700X 50th Anniversary Edition
  2. Request a Voucher from the shop
  3. Go to amdrewards.com and create an account
  4. Receive the confirmation mail and activate your account
  5. Redeem the voucher
  6. Download, install and run the "AMD Product Verification Tool" (no idea if they have a Linux version)
  7. You get three "credits" and put the 3 games @ 1 credit each in your basket, confirm order
  8. Get an Ubisoft's Usuck activate link for "The divison 2"
  9. Get two codes for Epic's "Exclusives suck" Shop
Rubrik: 

VirtualBox: !!Assertion Failed!!? Try disabling SME!

After upgrading from an old FX-8350 to a new ThreadRipper VirtualBox was not able to start any VM in Linux. The error  shown in VM was something like "NS_ERROR_FAILURE (0x80004005)"

And in the VM logs were these entries: 

!!Assertion Failed!!
Expression: pVM->pVMR0 == CreateVMReq.pVMR0
Location  : /home/vbox/tinderbox/6.0-lnx64-rel/src/VBox/VMM/VMMR3/VM.cpp(591) int vmR3CreateU(UVM*, uint32_t, int (*)(UVM*, VM*, void*), void*)
Stack     :
00007f8970304133 VBoxRT.so + 0x1f1133
For me this was solved by disabling AMDs Secure Memory Encryption (SME) .You can do this in the BIOS/UEFI Setup, via the linux boot parameter mem_encrypt=off or by disabling this during in your next self-compiled kernel. 
 
This was solved by trying to work around a kernel/firmware/AMD bug which caused errors when trimming/discarding from a NVME with an activated IOMMU. After setting the iommu to passthrough discarding worked, but the Broadcom/LSI/Avago RAID controllers  and the Radeon driver failed to start: 
mpt3sas 0000:09:00.0: SME is active, device will require DMA bounce buffers
mpt2sas_cm0: reply_post_free pool: dma_pool_alloc failed
mpt2sas_cm0: failure at drivers/scsi/mpt3sas/mpt3sas_scsih.c:10506/_scsih_probe()!
radeon 0000:07:00.0: SME is active, device will require DMA bounce buffers
radeon 0000:07:00.0: SME is active, device will require DMA bounce buffers
software IO TLB: SME is active and system is using DMA bounce buffers
[drm:r600_ring_test [radeon]] *ERROR* radeon: ring 0 test failed (scratch(0x8504)=0xCAFEDEAD)
radeon 0000:07:00.0: disabling GPU acceleration
And after disabling SME VirtualBox also worked..
 
Given my fun with my Lenovo notebook last year and the unblogged fun I have/had with my successor  Dell notebook, it seems that the AMD IOMMU is quite a PITA. 

A short cynical Become a Spammer Tutorial

Developing my own spam filter is one of my hobbies so I do a lot of spam analyses and I always see the same names, techniques and schemes. This tutorial is written from the view of spam recipient and reporter. 
Starting a successful spamming business is quite easy. So what do you need? 

1. Some way to generate revenue

In the end you want to make money, so what options do you have? 
  •  Start your own business like selling fake gucci handbags, cheap potency-enhancing drugs (or just some dextrose bonbons), logos for your victims' websites or whatever you can imagine. You just need some web space. Recommended are hosting companies in Ukraine, Russia or other 2nd or 3rd world shithole countries who do have anti spam laws or do not enforce them. If you need first class hosting, go for western lage hosting companies like Amazon Web Services, 1&1, OVH, Hetzner, Softlayer an so on. You can create a Virtual Machine almost instantaneous, quite anonymously and very cheap. What about abuse reports? If the companies react at all, you have plenty of time  before they do so. And if you want some extra time, use the free services of Cloudflare. Cloudflare is for incoming traffic almost the same as anonymous VPN is for outgoing traffic.
    And no need to buy commodities. Your "customers" do not expect to receive anything
  • The easier way is something called "Referral marketing" where you promote goods and services from 3rd parties. Your customer (not the spam recipient) will give you a special link which you can send to your "subscribers" (US legal term for "UCE recipient") and when your happy subscriber click on the link and buy or order from your partner you will get a commission. Becoming a partner is easy, mostly automated without any need of authentication and as a bonus, these partners do not care much for spam as in the end you will drive new customers to them. It also helps to have some intermediaries, as the grade of responsibilty diminishes with each level of indirection. If necessary you can also create intermediaries yourself, just in case you get into trouble you can proclaim that your intermediary already terminated the partnership with bad evil spammer. Just invent a new name and start again. From my personal experience, Indiegogo and Kickstarter are good intermediaries, not taking responsibility for anything.
    More dubious partners like illegal gambling sites operating from Panama or Belize or binary options trading sites are even more problem-free.
  • Feeling creative? Pretend to be a nigerian prince and offer a huge reward for a small up-front fee. 

2. Recipients for your advertisements

How do you find happy "subcribers" and future customers? 
  • Harvest the internet for public email addresses. You need a crawler and harvester which will search for email addresses on web sites. There are ready to use solutions which can be bought for a few bucks. Or ask your neighbors' kid. He will develop one for 20€. 
  • Buy a list. Usually you will get emailed an offer of 1 million verified company contact information for 100$ every 2 days or so. Of course all the recipients on these lists consented to receive junk mails, like you, or did you expect to be exempted from this list? 
  • Download a list generously made public domain by some benevolent hacker. Sometimes ideals publish personal data they liberated from evil corporations. These lists are usually named after the evil corporations, so fire up google, search for the corporate name, add the terms "hack" "leak", "download" or "torrent" to the search and download the list you want. A catalog of known public lists is avalaible from HaveIBeenPwned.com. Choosing the best list for your business is important. If you want to "promote" a indiegogo or Kickstarter project, the "Kickstarter 2014" list may be wisest choice as people who backed crowdfunding projects before are more likely to invest in future projects.

3. Send out millions of newsletters

Sending out millions of mails needs a lot of bandwidth, usually more than your DSL line and your VPN can provide. Possible solutions: 
  • Rent your own world wide mail cluster. Your neighbors' kid can help you by installing mail relay agents on computers around the world to make use the unused bandwidth of their internet uplinks. This works without manual interaction of the owners. These large mail grids can also be rented for a small fee. The darknet has many offers. One downside is that dial-up connections may be either firewalled by the internet provider or listed as untrusted mail sender on public blacklists. 
  • Rent a small cheap VPS. VPS are virtual server can be rented for a s little as 3€/month from the same hosting companies mentioned in the first step. The registration is automated without any authentication, the setup is automatized and after paying the first monthly it takes only a few minutes until you can start sending out your mails. Of course you need some Linux or Windows administration skills.
  • For your first time I recommend to use professional services. Sendgrid and Mailchimp offer mail services, even for free and seemingly without any serious authentication or verification. Send out a lot of mails and benefit from their "good reputation". Not sure how they handle spam complaints internally, but my observation is "> /dev/null". It took me a lot of mails to get one of my email addresses blacklisted a mailchimp. Unfortunately shortly after that one legit sender tried to mail via mailchimp. Bad luck. AFAIR sendgrid was blacklisted for spam reporting on SpamCop. 
This should be all you need to start a successful spam company. Of course every can be optimized. You may want to use anonymizing VPNs (google..), Anonymous Prepaid Credit Cards (Wirecard in Germany), anonymous Mail addresses for registrations, anonymous mobile phones (still available in europe), bitcoin wallets and so on.

The Internet is for porn spam

Why I am writing this? I am really pissed. Why I am pissed is described above. This works really great and too often. All the participants are named. I get spam mails for projects on Kickstarter or Indiegogo, usually sent via the named mail services in 3) or via the hosters in 1). The links in the mails are usually tracking links hosted by the companies listed in 1) optionally protected by cloudflare. These are only redirects to some intermediaries as listed in 1), after one or two redirects you end up with a referral link to Indiegogo or Kickstarter. And the target mail address was the address used on kickstarter in 2014. 
I report this backwards to all participants. 
  •  support@ or abuse@ kickstarter/indiegogo is like a black hole. No answer, no reaction. Even kickstarter seems to not care that the address was leaked from their own site. 
  • These intermediaries deny any responsibily for the actions of their partners or "boosters" as one called his partners. Some take some "actions" with the only result that the next mail comes from a company with a sligthly changed name. Maybe the people behind this operations are the same.
  • Cloudflare never reacts on any mail sent through spamcop. Even malware gets protected by them
  •  Mailchimp and Sendgrid are annoyances at best. On the one hand, what can they do if creating a new account is almost effortless? And on the other hand how serious are their actions when after forwarding the spam mail in full to their abuse addresses you get the request to upload the headers via a web form. Or you get a ticket link for your report, but you can read the ticket as you do not have an account there?? 
 
Time taken for this text: 3h. No proof reading. Sorry. 
Rubrik: 

2 of 3 E-Mail addresses from the Verifications.io breach are random

HaveIBeenPwnd just informed me that 3 of my e-mail address are were found in another stupid data breach.Some "e-mail verification" service called "verifications.io" thought it was a good idea to run their database with public internet access and without any password.

I checked the mail addresses found in this breach and 2 of them are random generated addresses I have never used and the third one probably the most generic one I use. All three addresses are being spammed for years..

The first one is being spammed even since before I started my own spam blocker in 2008. There seem to be two other addresses similar one, with the targeted address being a truncated version of the other two. The breached one received 58,451 mail since 2008. One of the others was used once as a spoofed sender address for a spam mail, the other one was used thrice in 2008. 

The second breached email address was first targeted in march 2013 and I counted 817 mails since then. 

For the third address I cannot give any reliable numbers, as this address was in regular use, was found in multiple breaches and received a lot of legitimate email since the beginning of the internet. 

The generated addresses are set to block and autoreport, meaning emails to these address will be rejected (without backscatter) and automatically reported to abuse and spam databases as no legitimate mails should be received on these addresses.

Pages