Joe Wein
Fighting spam and scams
on the Internet

Home / Blog / About us
Spam
419/Nigeria
Online fraud
jwSpamSpy
Contact

Email Spam Filter:
jwSpamSpy
Try it for free!

Google
 

"OEM software" spam

Would you feel safe giving your credit card details to Russian mafias?

That's one question anybody should be asking himself who is seriously considering brand name software at a few percent of regular retail prices, such as Microsoft Office XP or Adobe Photoshop 7 for $60, from websites advertised via email spam.

Most likely, this stuff is not really OEM software, i.e. software licensed to hardware manufacturer at steeply discounted prices to be bundled with hardware, but simply pirated software, a.k.a. "warez". Even if it was software from genuine OEM deals, it would be illegal to sell without a piece of hardware under the agreements signed by the OEMs. Whichever way you twist it, buying, selling or using this stuff is illegal.

Commercial websites advertised under domain names that change daily are put up by spammers, who seem to be operating out of Russia, where they appear to be largely out of reach of US courts and law enforcement. Even the likes of Microsoft, which has billions of dollars in cash available for legal action, have not been able to put a halt to these criminal enterprises.

Some people don't have a moral problem giving money to spammers who pollute the intrays of millions of people every day. Enough people don't seem to care whether they violate copyright laws by ordering pirated software from these websites, as long as the prices are low enough. If they get found out, they may face criminal and civil proceeedings.

But that is not the only risk facing potential "OEM software" customers. When they pay 10 cents to the dollar for a pirated Microsoft or other major products, they are willingly revealing their credit card details to unscrupulous criminals who even steal from people who employ thousands of lawyers.

It's truely amazing how some people's brains just stop working when they see a deal that's too good to be true. They may be getting more than they bargained for. Next time a child pornography site (another speciality of Russian mafias) gets taken down by the police, who knows what credit card will have been used to pay for the domain registration?

Examples of OEM software spam:
Here is a typical example for "OEM software" spam, sent via a Polish cable network provider, advertising a site hosted in Russia:

Received: from 212.160.84.18  (HELO bbc.com) (212.160.84.18)
  by mta110.mail.re2.yahoo.com with SMTP; Wed, 23 Jun 2004 03:04:22 -0700
Date: Wed, 23 Jun 2004 10:01:46 +0000
From: name@domain
Subject: software
To: myaddress@yahoo.de>
References: <0DJH33A5AH14EL6I@yahoo.de>
In-Reply-To: <0DJH33A5AH14EL6I@yahoo.de>
Message-ID: <0HI98F374C9DGEBE@domain>
MIME-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

Microsoft Windows XP Professional 2002=20
Retail price: $270.99 Our low Price: $50.00 You Save: $220.00 =20
=20
Adobe Photoshop 7.0 =20
Retail price: $609.99 Our low Price: $60.00 You Save: $550.00 =20
=20
Microsoft Office XP Professional 2002 =20
Retail price: $579.99 Our low Price: $60.00 You Save: $510.00 =20
=20
Adobe Illustrator 10
Retail price: $270.99 Our low Price: $60.00 You Save: $210.00 =20
=20
Corel Draw Graphics Suite 11
Retail price: $270.99 Our low Price: $60.00 You Save: $210.00 =20

Delphi 7
Retail price: $404.99 Our low Price: $60.00 You Save: $335.00 =20
=20

And more!!!

Our site is  http://ugijz.lddekfan.info/?h0PmjyNQWlUGzhNrbzxryw


Why so cheap?

All the software is OEM- Meaning that you don't get the box and the
manual with your software. All you will receive is the actual
software and your unique registration code.=20

All the software is in the English language for PC. Our offers
are unbeatable and we always update our prices to make sure we
provide you with the best possible offers. Hurry up and place
your order, because our supplies are limited.

Our site is  http://vtkzij.jjglcllj.info/?KtgjM_ehTilDweekwau


xtdcoaaq puxzf wrhwpzu lvnyu xiguibq ceur euivoh=20
vvdm czebuqw toqgy yatzrkel digl ewtaqxn=20
txrvrir azj gxtg gtzqlku wrhao b bgzpa=20
Here's a second specimen, advertising other domains by the same spammers, sent through a South Korean provider, advertising a site hosted in Russia:
Received: from home (unknown [221.143.86.186])
	by mymailserver (Postfix) with SMTP
	for <myname@mydomain>; Sun, 20 Jun 2004 07:26:39 -0400 (EDT)
Date: Sun, 20 Jun 2004 11:25:31 +0000
From: fakesender@guide.co.jp
Subject: DoYouNeed EverydaySoftware?  more...
To: Myname <myname@mydomain>
References: <3JD9058IIF7I6EG2@mydomain>
In-Reply-To: <3JD9058IIF7I6EG2@mydomain>
Message-ID: <3293K11LD212L7B0@guide.co.jp>
MIME-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

http://vmwc.BDCNGLJJ.biz/?bqdgJsHlgLOAZbbjfcI
http://tMNt.CAJGBBDH.biz/?l4nWnCR_qVsK7RlbNpt
bye-bye
If we look up the domains, we end up with Russian addresses:
     Domain Name:                                 BDCNGLJJ.BIZ
     Domain ID:                                   D7214883-BIZ
     Sponsoring Registrar:                        NAMEBAY SAM
     Domain Status:                               ok
     Registrant ID:                               MS35463-NBAY
     Registrant Name:                             Marusia Sitzeva
     Registrant Address1:                         voykovskiy proez 43, 2
     Registrant City:                             Moscow
     Registrant Postal Code:                      214524
     Registrant Country:                          Russian Federation
     Registrant Country Code:                     RU
     Registrant Phone Number:                     +7.0956775642
     Registrant Email:                            andreykashnov@mail.ru
     Administrative Contact ID:                   MS35463-NBAY
     Administrative Contact Name:                 Marusia Sitzeva
     Administrative Contact Address1:             voykovskiy proez 43, 2
     Administrative Contact City:                 Moscow
     Administrative Contact Postal Code:          214524
     Administrative Contact Country:              Russian Federation
     Administrative Contact Country Code:         RU
     Administrative Contact Phone Number:         +7.0956775642
     Administrative Contact Email:                andreykashnov@mail.ru
     Billing Contact ID:                          MS35463-NBAY
     Billing Contact Name:                        Marusia Sitzeva
     Billing Contact Address1:                    voykovskiy proez 43, 2
     Billing Contact City:                        Moscow
     Billing Contact Postal Code:                 214524
     Billing Contact Country:                     Russian Federation
     Billing Contact Country Code:                RU
     Billing Contact Phone Number:                +7.0956775642
     Billing Contact Email:                       andreykashnov@mail.ru
     Technical Contact ID:                        MS35463-NBAY
     Technical Contact Name:                      Marusia Sitzeva
     Technical Contact Address1:                  voykovskiy proez 43, 2
     Technical Contact City:                      Moscow
     Technical Contact Postal Code:               214524
     Technical Contact Country:                   Russian Federation
     Technical Contact Country Code:              RU
     Technical Contact Phone Number:              +7.0956775642
     Technical Contact Email:                     andreykashnov@mail.ru
     Name Server:                                 FIRST.BERUDACOM.INFO
     Name Server:                                 SECOND.BERUDACOM.INFO
     Name Server:                                 THIRD.BERUDACOM.INFO
     Created by Registrar:                        NAMEBAY SAM
     Last Updated by Registrar:                   NAMEBAY SAM
     Domain Registration Date:                    Fri Jun 18 16:28:06 GMT 2004
     Domain Expiration Date:                      Fri Jun 17 23:59:59 GMT 2005
     Domain Last Updated Date:                    Sun Jun 20 15:54:09 GMT 2004
and
     Domain Name:                                 CAJGBBDH.BIZ
     Domain ID:                                   D7214884-BIZ
     Sponsoring Registrar:                        NAMEBAY SAM
     Domain Status:                               ok
     Registrant ID:                               MS35463-NBAY
     Registrant Name:                             Marusia Sitzeva
     Registrant Address1:                         voykovskiy proez 43, 2
     Registrant City:                             Moscow
     Registrant Postal Code:                      214524
     Registrant Country:                          Russian Federation
     Registrant Country Code:                     RU
     Registrant Phone Number:                     +7.0956775642
     Registrant Email:                            andreykashnov@mail.ru
     Administrative Contact ID:                   MS35463-NBAY
     Administrative Contact Name:                 Marusia Sitzeva
     Administrative Contact Address1:             voykovskiy proez 43, 2
     Administrative Contact City:                 Moscow
     Administrative Contact Postal Code:          214524
     Administrative Contact Country:              Russian Federation
     Administrative Contact Country Code:         RU
     Administrative Contact Phone Number:         +7.0956775642
     Administrative Contact Email:                andreykashnov@mail.ru
     Billing Contact ID:                          MS35463-NBAY
     Billing Contact Name:                        Marusia Sitzeva
     Billing Contact Address1:                    voykovskiy proez 43, 2
     Billing Contact City:                        Moscow
     Billing Contact Postal Code:                 214524
     Billing Contact Country:                     Russian Federation
     Billing Contact Country Code:                RU
     Billing Contact Phone Number:                +7.0956775642
     Billing Contact Email:                       andreykashnov@mail.ru
     Technical Contact ID:                        MS35463-NBAY
     Technical Contact Name:                      Marusia Sitzeva
     Technical Contact Address1:                  voykovskiy proez 43, 2
     Technical Contact City:                      Moscow
     Technical Contact Postal Code:               214524
     Technical Contact Country:                   Russian Federation
     Technical Contact Country Code:              RU
     Technical Contact Phone Number:              +7.0956775642
     Technical Contact Email:                     andreykashnov@mail.ru
     Name Server:                                 FIRST.BERUDACOM.INFO
     Name Server:                                 SECOND.BERUDACOM.INFO
     Name Server:                                 THIRD.BERUDACOM.INFO
     Created by Registrar:                        NAMEBAY SAM
     Last Updated by Registrar:                   NAMEBAY SAM
     Domain Registration Date:                    Fri Jun 18 16:28:09 GMT 2004
     Domain Expiration Date:                      Fri Jun 17 23:59:59 GMT 2005
     Domain Last Updated Date:                    Sun Jun 20 15:54:11 GMT 2004
and
     Domain ID:D6003948-LRMS
     Domain Name:LDDEKFAN.INFO
     Created On:20-Jun-2004 14:32:12 UTC
     Expiration Date:20-Jun-2005 14:32:12 UTC
     Sponsoring Registrar:R123-LRMS
     Status:ACTIVE
     Status:OK
     Registrant ID:C4862647-LRMS
     Registrant Name:Maria Zerberg
     Registrant Street1:sheremet'evskaya 15, 23
     Registrant City:Moscow
     Registrant State/Province:RU
     Registrant Postal Code:124235
     Registrant Country:RU
     Registrant Phone:+7.0956890433
     Registrant Email:marialazenberg@mail.ru
     Admin ID:C4862647-LRMS
     Admin Name:Maria Zerberg
     Admin Street1:sheremet'evskaya 15, 23
     Admin City:Moscow
     Admin State/Province:RU
     Admin Postal Code:124235
     Admin Country:RU
     Admin Phone:+7.0956890433
     Admin Email:marialazenberg@mail.ru
     Billing ID:C4862647-LRMS
     Billing Name:Maria Zerberg
     Billing Street1:sheremet'evskaya 15, 23
     Billing City:Moscow
     Billing State/Province:RU
     Billing Postal Code:124235
     Billing Country:RU
     Billing Phone:+7.0956890433
     Billing Email:marialazenberg@mail.ru
     Tech ID:C4862647-LRMS
     Tech Name:Maria Zerberg
     Tech Street1:sheremet'evskaya 15, 23
     Tech City:Moscow
     Tech State/Province:RU
     Tech Postal Code:124235
     Tech Country:RU
     Tech Phone:+7.0956890433
     Tech Email:marialazenberg@mail.ru
     Name Server:FIRST.BERUDACOM.INFO
     Name Server:SECOND.BERUDACOM.INFO
     Name Server:THIRD.BERUDACOM.INFO
The name servers berudacom.info was used for the following spammer domains, all used in spam on the same day:
aclbkcdc.info2004-06-20
nennekae.biz2004-06-20
bdcngljj.biz2004-06-20
fifcaijn.info2004-06-20
fhclicbh.info2004-06-20
bjklnndd.info2004-06-20
cajgbbdh.biz2004-06-20
ecnfhhfa.info2004-06-20
Spamvertised domains supported by vacnoses.info:
benbce.info2004-06-12
cbkgdf.info2004-06-12
eniicn.biz2004-06-12
imgclm.info2004-06-12
bfecef.biz2004-06-12
dncnla.info2004-06-12
mecnmd.info2004-06-12
kanldl.info2004-06-12
fjgcna.info2004-06-12
ldeega.biz2004-06-12
fgmkhj.info2004-06-13
geiian.biz2004-06-15
gabjdg.biz2004-06-16
malmik.biz2004-06-16
jkhgjb.info2004-06-16
anckhem.info2004-06-16
deeddc.info2004-06-16
deglblj.info2004-06-17
fgeeinl.info2004-06-17
ccfgbah.info2004-06-17
egeablh.biz2004-06-17
febfkmk.biz2004-06-17
dhhcdbc.biz2004-06-18
agelmkb.info2004-06-18
kjmbkck.biz2004-06-18
cdadnin.info2004-06-18
ifbccch.info2004-06-18
ildligg.biz2004-06-18
cgnacmg.info2004-06-18
nennekae.biz2004-06-20
fifcaijn.info2004-06-20
fhclicbh.info2004-06-20
Spamvertised domains supported by xml-soft.info:
ar41.info2004-03-20
warezshop.info2004-03-23
abcwarez.com2004-03-25
abacussoftwareltd.info2004-03-26
budulay.com2004-03-29
zsoft.info2004-04-01
londonsoft.biz2004-04-03
by-soft.info2004-04-04
soft-dindon.biz2004-04-04
5ti.info2004-04-05
cheap-oem-software.biz2004-04-07
jy7.biz2004-04-10
thehun-soft.biz2004-04-11
softbureau.biz2004-04-13
alesoft.com2004-04-15
ribsoft.com2004-04-16
1081774541.com2004-04-16
geforce4tm.com2004-04-17
mrsoft.biz2004-04-26
oem-licenced-soft.com2004-04-27
ramsid.com2004-04-27
mrwarez.biz2004-04-30
dbsoft.biz2004-05-01
hotsoft.biz2004-05-01
oem-licenced-soft.biz2004-05-06
oem-licensed-soft.biz2004-05-07
impressedsoft.biz2004-05-12
softwaretorent.com2004-05-14
reachsoftware.com2004-05-15
mansoft.info2004-05-19
topratedsoft.biz2004-05-21
tellthemabout.com2004-05-22
redealsoftware.com2004-05-23
coolnewservice.com2004-05-24
phpsoft.biz2004-05-24
cheap-oem-license.biz2004-05-26
200gb.biz2004-05-29
zidan.info2004-05-31
discountweek.info2004-06-01
oem-licenses.biz2004-06-04
discounted-soft.biz2004-06-09
desad.biz2004-06-09
mintonsoft.info2004-06-10
dutyfreesoft.info2004-06-16
dreamstore.info2004-06-16
warezhouse.biz2004-06-16
nicedeal.info2004-06-16
Spamvertised domains supported by lgdjgn.biz:
kjjdjd.info2004-06-10
dmbkgn.info2004-06-10
dfbele.info2004-06-10
knaeeh.info2004-06-10
hnebdm.info2004-06-10
kdmeid.biz2004-06-10
cmbcag.biz2004-06-10
ejmcka.biz2004-06-10
jfnidj.biz2004-06-11
gnndja.biz2004-06-11
eneldd.biz2004-06-12
haahab.info2004-06-12


Anti-Spam Resources:
jwSpamSpy is our mail filtering solution for any Windows email program using the POP protocol. Try it out for yourself for 14 days for free!

Anti-spam domain blacklist – list of domains that I refuse to receive mail from
Recent additions to domain blacklist (with whois details)
"419" scam sender/contact addresses ("Nigeria connection" address book)
DNS-based IP and domain name blacklists
Dynamic IP addresses (700 KB!)
Name server / Registrar combinations
Free email providers
AOL dial-up address ranges and mail servers
How to trace senders of spam
Frequently asked questions (FAQ)
Lookup an IP address on blacklists (http://dnsbl.net.au/lookup/)

Clueless virus filters spam innocent third parties
Challenge and Response spam filters: A selfish idea for selfish times
Link exchange offer spam
ShareYourExperiences.com spammers
Stock Price Manipulation Spam ("Pump & Dump")
Getting creative with spam
Link exchange spam: allcarpictures.com
Smyrnagroup spammers (in German)
Xenophobia, Spam and Viruses: The "German Spam" (Sober.H)
Sober.H – Racist German email spam spread by virus (in German)
"Joe job" against joewein.de
Porn spam: watchsound.com
Porn spam: hotsalza.com
Name servers used by spammers: joker.com
Rogue name servers: mediadreamland.com
Rogue name servers: airmaramba.biz
Rogue name servers: bonafidecash.com
Rogue name servers: maileasy.biz

Computer Viruses