Another spambot

Captain Red · 2008-01-09 4:21 pm

I believe I've found another one, and I highly doubt I'm the first one to do so -- the naming scheme is far less subtle, and there seems to be a hard connection between the username, the email address, and the IP address. Additionally, all the hits seem to come from a few small clumps of IPs.

It appears that the hit from this was reported somewhere around the 19th of September.

Username pattern:

(name1) (underscore/hyphen/asterisk) (name2)

Both "name1" and "name2" are always capitalized. It might also be possible that "name1" and "name2" are both drawn from the same list.

It's harder for me to track the usernames through my own log because I mainly track emails or IP addresses, only logging usernames if they post or if I notice repeats.

Usernames:
Date last seen in paraentheses. Unless otherwise noted, repeats of full usernames are all associated with the same email and IP addresses.

Appearing in both the leading and following position:
Anna (10/21/07 leading) (12/17/07 following)
Bauer (10/25/07 leading) (10/25/07 following)
Braun (01/08/08 leading) (12/20/07 following)
Doktor (12/09/07 leading) (12/03/07 following)
Fred (10/20/07 leading) (10/03/07 following) (appears twice)
Hausarzt (01/09/08 leading) (10/16/07 following)
Hoffman (12/06/07 leading) (09/23/07 following)
Katya (10/25/07 leading) (11/08/07 following)
Merz (12/07/07 leading) (10/31/07 following)
Mik (10/24/07 leading) (12/18/07 following)
Muller (12/21/07 leading) (01/09/08 following)
Schultz (10/29/07 leading) (10/19/07 following)
Snitz (12/09/07 leading) (12/09/07 following)
Vika (10/31/07 leading) (12/12/07 following)
Viktor (10/25/07 leading) (12/18/07 following)

Spotted/Suspected (name1)s:
Anya appears twice across about a day (11/01/07)
Berliner appears twice, about a day apart (10/28/07)
Der (10/16/07)
Her appears once (12/03/07)
Herr (12/20/07)
Kaiser (12/18/07)
Koch appears once (12/11/07)
Max appears once (10/21/07)
Norbert appears once (12/19/07)
Ralf appears twice, across two days (10/28/07)
Sara appears twice, across two days (10/23/07)
Schmidt appears once (12/05/07)
Schulze (12/19/07)
Snitman appears four times in six days, two uname/email combos (11/07/07)
Starkman (11/29/07)
xHausarzt appears once (01/08/08)

Suspected (name2)s:
A
Alex appears once (08/18/07)
Albert appears once (12/09/07)
August appears once (12/06/07)
Dasha appears twice in one day (11/02/07)
Dich appears three times in four days, two uname/email combos (10/23/07)
Dietrich appears three times in one day, two uname/email combos (01/08/08)
E
Ekaterina appears twice across two days (11/12/07)
Eugene appears once (12/05/07)
Frank appears twice in one day, two uname/IP/email combos (12/20/07)
Gerhard (12/12/07)
Grink appears once (11/02/07)
Gutman appears once (10/02/07)
Hanz appears twice in one day (12/19/07)
Kann appears once (09/25/07)
Katerina appears once (11/02/07)
*Katrin appears once
Linner appears once (10/03/07)
Marina appears three times in 42 days, 2 unames/IPs, 3 emails (12/19/07)
Mark (12/12/07)
Markiz appears twice, a month apart,different IP/emails (12/06/07)
Maxim appears once (12/14/07)
Mittel appears twice, a day and a half apart (09/28/07)
Nadejda appears four times, across four days (11/25/07)
Natasha appears three times, across three days (11/13/07)
Nik (11/17/07)
Oleg appears once (11/12/07)
PRO appears once (10/08/07)
PROf appears four times, across four days (10/14/07)
Reinhard appears twice, four days apart, different emails (10/29/07)
Sam appears once (10/05/07)
Schiren appears once (12/04/07)
Schukman appears three times in four days, two uname/email combos (10/29/07)
Schultze appears once (12/19/07)
Schumacher appears five times in five days, two uname/email combos (10/31/07)
Schwarz appears once (9/21/07)
Schukman appears three times in four days, two uname/email combos (10/29/07)
Skichman appears twice across about a day (11/01/07)
Sex appears once (10/08/07)
Stefan appears once (12/19/07)
Vickie appears once (12/03/07)
Vik (11/25/07)
Vitta (12/21/07)
Wolf (12/20/07)
Wolfgang twice, almost four hours apart (12/17/07)
X
Zahulg appears oncw (12/6/07)

Oddity:
Doktor (associated with a disproportionate number of initials)

Username that might be related:
Der_NetDoktor (has too many capitals), but it comes from an IP the others use)
Starkman_E (initial used, appears twice. One IP fits, the other's a loner/ Both use the same email)
Hoffman_A (initial used, but the IP fits. appears once)
Merz_E (initial used, but the IP fits. appears four times)
Anya_Skichman (neither name appears with any other, but the form and IP fit)
M_Marked (unusual email/IP. Likely coincidental resemblance)
Viktor Dalin (unusual email/IP. Likely coincidental resemblance)

For the most part, if a name appears only as a last or a first, it means that it has been reported fewer times(there are exceptions to this)

IPs used:
67.19.251.226 (20 times(probably 24)
67.19.251.227 (7 times)
67.19.251.228 (8 times)

70.84.55.186 (1 time)
70.84.55.187 (5 times)
70.84.55.188 (5 times(plus one incidental))
70.84.55.189 (27 times)
70.84.197.162 (1 time)

74.52.3.18 (20 times(plus one incidental))
74.52.3.19 (2 times)
74.52.3.20 (8 times)

81.176.228.22 (1 time)

83.222.23.104 (1 time(possible mistake, the one hit's uname/email combo was also associated with 83.222.23.154 once, two minutes before, and twice with 209.62.13.147 (six hours before this report, and 13 hours after it)))
83.222.23.154 (1 time(possible mistake, see note above at 83.222.23.104)

195.229.242.57 (1 possible, 15 incidentals)

209.62.13.146 (37 times)
209.62.13.147 (6 times(probably 9)
209.62.13.148 (5 times)
209.62.13.149 (5 times)
209.62.13.150 (2 times)
209.62.13.151 (1 time)

Captain Red · 2008-01-10 4:43 pm

Adding onto the above:

First Name:
Evan found once (10/18/07) No IP info. authenticated. email: sositehuy@lvovs.com

#1 2008-01-09 4:21 pm

Another spambot

#2 2008-01-10 4:43 pm

Re: Another spambot

Board footer