Spamit
From Spamwiki
Contents |
[edit] Description
Spamit is the alternate name for the Glavmed sponsorship, responsible for lots of illegal spamming of Canadian Pharmacy and US Pharmacy websites.
Following the same example as SanCash and GenBucks, this follows the pattern of having a public-facing, wide-open entity (ie: GenBucks / Glavmed) which makes no mention of email spamming, or hijacking of servers, coupled with a very secretive, underground Affiliate program (ie: SanCash / Spamit) which is invitation only, password protected, and never mentioned anywhere in public, via any means.
Spamit is known by law enforcement and several other entities to be closely related to the Russian Business Network, or "RBN", who are behind the Storm botnet and a variety of other bogus ecard-related exploits.
[edit] Spamit and Glavmed
Spamit is the actual sponsorship and affiliate program which is more directly tied to the email spam promotion of products such as Canadian Pharmacy and Downloadable Software, and which is responsible for the propagation of emails attempting to infect users with the Storm Worm. Glavmed is the more public-facing entity which never mentions anything related to email spam whatsoever, focusing instead on website, SEO and banner advertising. This is a pattern we have noticed between Glavmed / Spamit (public / private programs) as well as Genbucks / SanCash (another competing public / private sponsorship, responsible for an array of different products.)
The spam we have all been seeing for these above-mentioned products is on behalf of Spamit as opposed to Glavmed, who tend to focus on discussions related to website, SEO or banner advertising. SPamit and Glavmed are related companies; Spamit attempts to remain far more underground and less easy to investigate.
[edit] Wholesale Infection of Public PC's
There is significant evidence that Spamit's websites are always hosted using Windows PC's whose systems have become infected by either the Storm, or Waledac, or Conficker worm. They are usually hosted on "fast flux" platforms, always supported by multiple such infected PC's.
[edit] Hacking of Public Websites
There have been several instances of spam campaigns promoting a legitimate domain which has been hacked into to place a single html file to redirect users to the actual target URL. In many cases these hacked sites feature a file named either "1.html" or some series of random characters followed by the ".html" suffix.
[edit] Potential Facebook Hacking
There is some recent evidence (April 2009) that several legitimate Facebook accounts have been hacked into, likely using some form of social engineering, and then used to send spam to all of their Facebook friends. It is unclear what method is used to execute this particular form of spam but the timing matches up with the recent appearance of numerous Facebook phishing websites. source
[edit] Sponsoring registrars
The registrars who persist in providing the domain name service to the world's largest illegal spamming operation are
[edit] spamit.com Network Solutions
Domain Name: SPAMIT.COM Registrar: NETWORK SOLUTIONS, LLC. Name Server: NS1.SPAMIT.COM Name Server: NS2.SPAMIT.COM Status: clientTransferProhibited Updated Date: 30-mar-2009 Creation Date: 22-jun-2004 Expiration Date: 22-jun-2015 Registrant: Smernov, Andrej ATTN: SPAMIT.COM c/o Network Solutions P.O. Box 459 Drums, PA. 18222 570-708-8780 Record expires on 22-Jun-2015. Record created on 11-Feb-2009. Database last updated on 28-Nov-2009 21:25:58 EST.
[edit] spamit.biz Enom Inc
Domain Name: SPAMIT.BIZ Domain ID: D16302005-BIZ Sponsoring Registrar: ENOM, INC. Sponsoring Registrar IANA ID: 48 Domain Status: ok Registrant ID: IMG-832490 Registrant Name: Sergey Petrenko Registrant Organization: MEDIA CAPITAL LTD Registrant Address1: Suite B, 29 Harley street Registrant City: London Registrant State/Province: NA Registrant Postal Code: W1G 9QR Registrant Country: UNITED KINGDOM Registrant Country Code: GB Registrant Phone Number: +44.225330843 Registrant Email: mediacapitalltd@gmail.com Name Server: NS1.SPAMIT.BIZ Name Server: NS2.SPAMIT.BIZ Created by Registrar: TIERRA NET INC. DBA DOMAIN DISCOVER Last Updated by Registrar: ENOM, INC. Last Transferred Date: Sun Feb 15 16:03:04 GMT 2009 Domain Registration Date: Mon Feb 05 07:08:15 GMT 2007 Domain Expiration Date: Fri Feb 04 23:59:59 GMT 2011 Domain Last Updated Date: Sun Feb 15 18:15:47 GMT 2009
where the ICANN listed contact for Tierra Net Inc is given as
Pablo Velasco Tel: +1.858.560.8120 Email: pablo@tierra.net
[edit] Sponsoring ISPs
The spamit.com domain uses two name servers
spamit.com. 60 IN A 78.24.219.53 spamit.com. 60 IN NS ns2.spamit.com. spamit.com. 60 IN NS ns1.spamit.com.
where
spamit.com has address 78.24.219.53 ns1.spamit.com has address 78.24.219.53 ns2.spamit.com has address 82.146.49.44
These addresses are the responsibility of
Peter A Svistunov ISPsystem, Raduzhny 34a Irkutsk, 664017, Russian Federation +7 3952 525789 Alexandr Brukhanov PoBox30, 664017, Irkutsk, Russia +7 495 727 38 79
[[Category:Spam Sponsoring Companies] ]
