Saturday, December 18, 2021

There is some kind of life at spam-court.com

 But not much.

Briefly looking back, was it 12-13 years ago already? I have forgotten most, so memory need to be refreshed.

Wonder what the spammers, botnetters, stock pump-and-dumpers, carders, hackers and the rest of the scum are up to in 2021.

And perhaps taking a closer look at them some time next year. Perhaps a special one at the bulkerforum members. Especially the admins. Crypto, Swank, Phantom. And the russian. I wonder what they are up to these days. If they are still alive.

Ducks restarted this, we both will be back. So we have the Good and the Bad slowly back in business. We should add an Utgly one. But clever, we are struggling a bit with the database from the old days.

Monday, November 24, 2008

bulkman99 - the MontrealPimp

http://news.justia.com/cases/featured/california/candce/5:2008cv03889/206207/

Default judgement if I read correctly, Facebook v. Adam Guerbuez.

Big mouth, that bulkman99/MontrealPimp.
And a bit stupid.
FTC showed some kind of interest in him back in February this year.
What kind of interest is unknown to me.
I dont know how strongly they want him either.

Someday someone else than Facebook will go after him.
He was easy to trace.

Friday, September 19, 2008

BulkEnt

Yeah, I am breathing.
BulkEnt/Gary Garrett is next.

About a year ago the following was posted on bulkerforum.biz:

Hey guys

We are looking for one or two responsible/can-spam compliant mailers to do a few mailings for us. We need to do a little more testing to tweak our system before launching 100%. I am willing to pay upfront if you have good references. The product is mobile phone text-message(SMS) based. I am looking for someone that can hit all the major ISPs and can send atleast a few million per day. Contact me ASAP for more details as we are looking to get started right away.

AIM: BulkEnterprise
ICQ: 221-281-113
Yahoo: BulkEnt1
If this ebizpro ever got his bluetooth and SMS-spamming up and going is an open question.

If someone else is more eager than me, go ahead.

Wednesday, April 16, 2008

spam-court.com taken offline

For an unspecified time. Forever is definately a possibility.
Watch ducksintworows.blogspot.com or this one instead.
If you feel it is worth the time.

Saturday, March 1, 2008

Nathan ("n")

Briefly mentioned by Ducks in his "snippets":

  • Note to self: The nick "n" is probably also known as elitet0kr, EvilAnarchistGuy, nathanownzu, t0k3d, EliteRAHA. Remember the guy from a couple of years back: Nathan?

I don't know what he mean by the last sentence, I should have a chat with him about that. But the info about his other nicks are correct with one exeption, I doubt that he is "EvilAnarchistGuy". I also add another of his nicks which is very interesting: t0k3d. More about that one later.

Anyway, on bulkerforum.biz he was offering proxies for sale.
A post from Tue Feb 05, 2008, not so long ago:
Hello,

I am selling high quality IP restricted proxys that are HP scanned and have anti-honeypot code working at the bot-level to get rid of those tricky HPs. As of now there are 1.5-2.5k working, unlisted (spamcop, spamhaus) proxys online at any given time. The list is reset every 1.5 to 2 hours, depending on what the customer wants. The proxy supports socks4 and socks5, no HTTP as of yet, sorry.

The cost is $150/week for every IP authorized on the proxys. This includes scanning/proxy checker servers as well. Many people ask me why they have to pay for the scanning/proxy checker server. It is simply because every IP takes up space in the IP authorization bracket, and that is what I base the price on.

If you are interested, my Skype is savethedogs. PM me for AIM and MSN.


Legal proxies? Hardly.
He had another posting back in September 2007 with some nice screenshots.
There are also some other screenshots floating around which can be tied to his highly illegal activity. And a domain name legi0n.net (now expired) is highly interesting. That domain has been involved in some criminal activitity a few years back (nicked from http://www.f-secure.com/v-descs/ircbot_es.shtml):

The backdoor's file is a PE executable file about 8 kilobytes long, packed with MEW file compressor and patched with PE_Patch.

When the backdoor's file is activated on a computer, it copies its file to Windows System folder as MOUSEBM.EXE and then starts the copied file as a service named 'Mouse Button Monitor', described as follows:

Enables a computer to maintain synchronization with a PS/2 pointing device.
Stopping or disabling this service will result in system instability.

If the backdoor fails to start its service, it tries to inject its code into Explorer.exe process. When active, the backdoor connects to one of the following servers on port 18067:

esxt.is-a-fag.net
esxt.legi0n.net

Then backdoor joins an IRC channel called '#p2' using the hardcoded password and creates a bot there. A remote hacker can control a backdoor via a bot that it creates in the '#p2' channel. A hacker can do any of the following:
  • scan for vulnerable computers and spread to them using PnP exploit
  • download and run files on an infected computer
  • find files on local hard disks
  • perform DDoS (Distributed Denial of Service) attack
  • perform SYN and UDP flood
The backdoor has the ability to spread to remote computers using the PnP exploit on port 445. Please see the following page for detailed information on the vulnerability:

http://www.microsoft.com/technet/security/Bulletin/MS05-039.mspx

Detection

Detection for this malware was published on August 15th, 2005 in the following F-Secure Anti-Virus updates:

[FSAV_Database_Version]

Version=2005-08-15_05


You asked for screenshots?
Here is a couple, note his nicks and his website. I split this one in two:



More screenshots will be added if needed.

Someone should kick his Butt.