Log in

No account? Create an account

Previous Entry Share Next Entry
Junk Mail: Spam Remedy
I'm sure you've all gotten the 'Spam Remedy' junk e-mail message by now. Doesn't it seem ironic that a Anti-Spam product is using Spam to sell itself? Well, it's even more insidious than that.

I've received enough of these by now to do a little analysis on the messages. All of them seem to be sent from 'end user' IP addresses, such as the end points of DSL or Cable-Internet services. Other types of spam usually come from other addresses, or a mix, but the Spam Remedy has invariably, 8 out of 8 that I've seen, come from simple user IP addresses.

This has convinced me that it is in fact the Anti-Spam product itself that is sending out the messages. In other words, if you're stupidly convinced to install this product, it will itself be responsible for sending out the company's spam. It may even get the list of email addresses to send from your address book, or some other method.

So, as well as not wanting to use (or pay for) a product that uses spam to sell itself, I'm sure as hell not going to want to use a product that contains 'malware'.

(If you want to see what a Spam Remedy spam looks like, here's a copy that made it onto some poor group's mailing list. You might also want to do a Google search for Spam Remedy, which will find the above link, links to Spam Remedy's web site, as well as a bunch of folk talking smack about Spam Remedy. Have fun!

  • 1
Actually, they use pre-bought lists.

It might be a worm, but so far the ISPs have no acted as such when I've reported them.

The biggest problem I see is that their registrar continues to support them no matter how many servers they go through... Grr.

The ISPs aren't going to act unless the volume of mail is very large. If the software writers are smart, they'll only get the 'malware client' to send out a small amount of mail... trickle it out over a long period, say.

Actually, there's another way.

We just shut down ten servers on our network for scanning and sending out traffic to huge amounts of machines on port, get this, 1080.

That's right. Spammers are now scanning for open proxies, since open relays have been closed, mostly.

And every genius using a flawed copy of wingate or something is suspect. It may not be the spam software, but it could be that too.

  • 1