Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

FakeSMS spamware bidniz

 
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Spam
View previous topic :: View next topic  
Author Message
olliver
Expert Developer


Joined: 27 Jan 2006
Last Visit: 02 Dec 2010
Posts: 1157
Location: yes
PostPosted: Sun Jul 08, 2007 12:22 pm    Post subject: FakeSMS spamware bidniz Reply with quote
First the mail body, so you have an idea what this whole thing is about:
Quote:
Send anonymous, flash, fake SMS over GPRS or any other internet connection!

fakeSMS is an application that allows you to send SMS to any destination with special features for less than 0.02 per credit. With fakeSMS you can play with your friends, sending fake, flash, or even anonymous SMS messages! You can send SMS messages that seems to be sent from other persons! You can put anything you want on the "From" field (numeric or alphanumeric).


Also, you can send Flash SMS messages, that appear instantly on your friends display, without the need to press any key to read it!

For more information go to http ://www.spy-sms.com/id14.html

You can check your credits any time, anywhere

You can also choose the number from your contact list

You can now check the coverage of the number! And how many credits will be used per SMS to him


NEW: FakeSMS for PDA & PocketPC


Send cheaper SMS (worldwide) than any other provider, from GPRS, HSDA, ActiveSync or any other internet connection! Anonymous, flash, fake SMS! Works on any PocketPC.


You can connect your PDA to the internet and send SMS messages to your friends anywhere in the world, without any cellphone. And you can send the messages pretending to be any other person you want!


For more information go to http ://www.spy-sms.com/id14.html

Wireflex team


Email headers:
Quote:
Return-Path: <fakesms@spy-sms.com>
X-Flags: 1001
Delivered-To: <spamtrap>
Received: (qmail invoked by alias); 07 Jul 2007 10:46:15 -0000
Received: from smtp-wifi.orange.fr (EHLO smtp-wifi.orange.fr) [194.250.131.236]
by mx0.gmx.net (mx104) with SMTP; 07 Jul 2007 12:46:15 +0200
Received: from User (unknown [81.253.53.123])
by smtp-wifi.orange.fr (Postfix) with SMTP id EC1805285DB;
Sat, 7 Jul 2007 12:44:46 +0200 (MEST)
Reply-To: <fakesms@spy-sms.com>
From: "jay"<fakesms@spy-sms.com>
Subject: Send anonymous, flash, fake SMS
Date: Sat, 7 Jul 2007 12:45:36 +0200
MIME-Version: 1.0
Content-Type: text/plain;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000

Sent via France's worst spam supporting network, Orange.fr (formerly known as Wanadoo) and I think that qualifies as spamware, because at the referenced page, we can read the following (amongst other interesting things):
Quote:
Send anonymous, flash, fake SMS over GPRS or any other internet conection!

fakeSMS includes 10 free credits!

"anonymous", "fake" and "any internet conection"(sic!) are literally begging for abuse. What legitimate reason would there be to reveal one's identity if it were just to send some messages to friends? That doesn't make much sense unless someone wants to put up a plausible deniability. Further down below are two neat links to a Paypal account (sales@spy-sms.com) that should clarify how it is actually meant:
Quote:
[cue paypal button #1]
59$
Fakesms soft

[cue paypal button #2]
30$
Pack of 100 credits for fakeSMS

(emphasis mine, source: www .spy-sms.com/id14.html)

The contact page lists this as their postal address:
Quote:
WIREFLEX Soft S.A.
R. Tour
8 avenue de la Paix
94260 FRESNES
FRANCE


domain registratration data:
Quote:
[whois.melbourneit.com]

Domain Name.......... spy-sms.com
Creation Date........ 2007-04-18
Registration Date.... 2007-04-18
Expiry Date.......... 2008-04-18
Organisation Name.... Lycos, Inc.
Organisation Address. 17 rue de lepineete
Organisation Address.
Organisation Address. athis-mons
Organisation Address. 91200
Organisation Address. essonne
Organisation Address. FRANCE

Admin Name........... fatma behilil
Admin Address........ 17 rue de lepineete
Admin Address........
Admin Address........ athis-mons
Admin Address........ 91200
Admin Address........ essonne
Admin Address........ FRANCE
Admin Email.......... toilesdunord@yahoo.fr
Admin Phone.......... +33670456675
Admin Fax............ +1.7814667060

Tech Name............ Lycos Domains NIC
Tech Address......... 100 Fifth Ave
Tech Address.........
Tech Address......... Waltham
Tech Address......... 02451
Tech Address......... MA
Tech Address......... UNITED STATES
Tech Email........... nic at domains.lycos.com
Tech Phone........... +1.7813702700
Tech Fax.............
Name Server.......... ns1.spy-sms.com
Name Server.......... ns2.spy-sms.com


Note the admin's email address and the traces it left in Google:
Quote:
y a t il quelqu'un qui puisse le cracker? si oui dite moi votre prix
je serai très reconnaissant
edy, mon adresse est toilesdunord@yahoo.fr

http://www.vbfrance.com/infomsg_KEYGEN-CRACK-SERIAL_41619.aspx
But let's look at edouard9191's profile on this board:
http://www.vbfrance.com/auteurdetail.aspx?ID=679555

It seems he has some ties to Algeria, as he left three messages at the following place:
http://www.annonces-dz.com/user_info.php?user_id=13015
Quote:
pour toutes commandes ou informations, contactez nous à "toilesdunord@yahoo.fr"

Matias

hotels SSCH
dept 77/78/93/94/95
France
Tel: +33616906146

http://www.annonces-dz.com/detail.php?id=160
Edouard, Matias, Fatma. This dude has quite a few names, hasn't he? Of course this could be a community e-mail because yahoo addresses are so expensive these days, but I don't want to give the spammers ideas, so I'm not going to put it into consideration.

We haven't looked at the location where this "bidniz" is hosted:
Quote:
[olliver@bunkiten ~]$ host 209.202.226.100
100.226.202.209.in-addr.arpa domain name pointer members.tripod.com.

Just a cheapo site and given the traces in Google we learn about the reason why:
http://www.google.com/search?q=spy-sms.com
Returned are merely other spams by them, not the actual page as you'd expect.

Olliver
_________________
Petcord netlabel :: Synflict post-digital arts :: Leftob audio cast
Each click on any of the links above will save the life of a cute kitty somewhere in the universe.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Spam All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group