New Spamming tool? (The Bat! (v3.62.03) UNREG) ????

Giganews Newsgroups
Subject: New Spamming tool? (The Bat! (v3.62.03) UNREG) ????
Posted by:  Jamie (nospam@geniegate.com)
Date: Mon, 21 May 2007

Hi Newsgroup,

Wondering if anyone else has had the dubious honor of being selected
as (apparently) the target of someones sick idea of sending out UCE.

This one is really weird, I thought I had it understood they just forge
the "From:" line, but this is different.

I'm getting a ton of these bounced emails from some creep sending out spam:
(this is one of the "Headers attached" bounces)

---------------------------------------------------------------------------
    [-- Type: text/rfc822-headers, Encoding: 7bit, Size: 0.9K --]
            armstrong<*>ugoods.com,andy<*>ugoods.com,andrews[*]ugoods.com,alvarez[*]ugoods.com,
            [ More email addresses here ]

    Received: from dsl.dynamic851002843.ttnet.net.tr (unknown [85.100.28.43])
            by musubi.uncommongoods.com (Spam Firewall) with ESMTP
            id 4BBC67E900; Mon, 21 May 2007 03:27:38 -0400 (EDT)

    Received: from 205.134.237.37 (HELO geniegate.com)
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ <---- Whats up with that???

         by ugoods.com with esmtp (,,+@.0GL- 'W,W)
         id PN<846-P/)/KA-E2
         for audrey<*>ugoods.com; Mon, 21 May 2007 07:27:51 -0200
    Date:  Mon, 21 May 2007 07:27:51 -0200
    From: "Sherri Babb" <lecgeniegatep…@geniegate.com>
    X-Mailer: The Bat! (v3.62.03) UNREG / CD5BF9353B3B7091
    X-Priority: 3 (Normal)
    Message-ID: <707734297.063482046401…@thhebat.net>
----------------------------------------------------------------------------

Note one of the "Recieved" headers actually has my domain name in it. It would really
look as though the email passed through "geniegate.com" at some point.

I did a grep through every single log file looking for 'ugoods' (and several other
"to" email addresses from other spam) and none were found, if sendmail is actually
acting as a relay, it isn't recording it anywhere.

Anyone seen this? "The Bat!" seems to be the spam tool in use. I'm getting bounced
spam at such a high rate it's comming in faster than I can download it. All these
people seem to think I'm the one sending it out. (I thought I was too at first from
seeing the headers, until doing a grep on the log files)

Jamie

--
http://www.geniegate.com                    Custom web programming
Perl * Java * UNIX                        User Management Solutions

Replies