Spam from the Wareham Forge?

The short article below was prepared some years ago, back when my site was hosted by PIPCOM out of Peterborough ON. Much has changed since then, but sadly, the volume of spam has increased if anything. The Wareham Forge web site has greatly expanded, with a huge number of external sites from all over the world which link to the massive content here. This, and the long history of the site, both make it a possible target for illegal spam highjacking. Much of what is mentioned below still remains in effect despite my best efforts today...

 

Originally published 2001

It seems that my domain - www.warehamforge.ca - has been the target of a well known (and hated) international spamer. It appears that either a targeted virus (or maybe more like a worm?) has been used.

What has been happening is that a volume of e-mails have been generated that have as their content an advert for (get this) anti virus software. To add insult to injury - the message contains a disclaimer stating that the company does not involve itself in spam!!

The message uses a return address with the form of  'some letters and numbers'@warehamforge.ca. Often there is a fictitious name in quotes "Some Name". Usually the subject line is badly formed or gibberish.

On top of all that, it appears the message also acts like a virus, grabbing all addresses listed in a mail list and adding these as CC copies.

First - I must clearly state that these messages have NOT originated from the Wareham Forge.

Second - This is also not a result of a virus on my computer. All my incoming mail is washed through McAfee software at my ISP and any possible viruses stopped. On my end I have Norton installed, and have washed my entire system twice over the last two weeks to be sure. On top of all that - I'm running a Macintosh here, which typically is NOT effected by most viruses. Another clue is that almost all of the returned messages are from people that I have never communicated with in the past.

This is part of the ongoing process being undertaken by PIPCOM - the ISP that hosts the Wareham Forge domain:

" It looks like your domain amongst others has been targeted as a bounce
address for a fellow who is a known criminal in the spam world.  He owns
many many domains and has many false addresses in the states. I think is
name is George A. Moore, but I'm only relying on webpages and have no
substantiated facts.  (What we had) gleaned this from info that (we) found
in the email contents referring to a domain: www.antivirususa.com  In any
case I've written to the CIRA (Canadian domain name registrar) to see if
they can help - and to at least alert them to this if they aren't already
aware - I'd be surprised if they don't know.  I don't think they can do
anything, but it doesn't seem to hurt to spread the word. "

" One of the suggestions in the link above is to send all addresses you didn't
specifically create to the garbage so you never have to see them.  I am
unsure if your domain is actually being used as the real return address  ....  or
if its just a bounce address. "

" .....  (April 8)  it looked to me like the domain was listed at an IP that was owned by
Sprintlink in the states.  Today however it looks like the domain has
vanished.  Maybe one too many pings to a specific domain sends him running I
don't know.  I don't know if that means your problem will stop right now or
not.  If (we) can still resolve the original IP to Sprintlink, I'll be
sending them an email letter as well to see if they know or can check ..... "
 

I am sorry about any complications this may have caused anyone who has also fallen prey to the indicated individual. At best this has resulted in a few unwanted e-mails. At worst it may nothing less that one link in a chain of intentionally sent viruses and theft of personal information. Unfortunately, there seems little that I can do to correct the problem, other than wait it out. Needless to say, I am also furious. I have been operating on the world wide web since the early days of live mail. It has taken years to establish www.warehamforge.ca as a source of reliable historic information for museums and educators.
 

Darrell

********************

 A Sample Message:

From: "Stephanie Winslow" <u20ld9og@warehamforge.ca>
To:  (your address)
Subject: goor hushup b yh
 

                Take Control of Your Computer With This       Top-of-the-Line Software!                                                 Norton SystemWorks 2003 Software Suite
-Professional             Edition-                                    Includes Six - Yes 5 !Ý- Feature-Packed Utilities
ALL for             1 Special LOW Price of Only             $39.99!                                                height=129>This             Software Will:
Ý- Protect your computer from unwanted and             hazardous viruses
Ý- Help secure your private &             valuable information
Ý- Allow you to transfer files and send             e-mails safely
Ý- Backup your ALL your data quick and             easily
Ý- Improve your PC's performance w/superior             integral diagnostics!
Ý- You'll NEVER have to take your             PC to the repair shop       AGAIN!Ý

5 Feature-Packed Utilities
1 Great             Price
A $300+ Combined Retail Value YOURS for Only $39.99!
< Price Includes FREE Shipping! >

 

Don't fall prey       to destructive viruses or hackers!
ProtectÝ your computer and your       valuable information and

                                    -> CLICK HERE to Order Yours NOW!              <-

Opt-Out       Instructions:
We are strongly against sending unsolicited emails to       those who do not wish to receive our special mailings. You have opted in       to one or more of our affiliate sites requesting to be notified of any       special offers we may run from time to time. We also have attained the       services of an independent 3rd party to overlook list management and       removal services. This is NOT unsolicited email. If you do not wish to       receive further mailings, please visit the link below be removed from the       list. Please accept our apologies
if you have been sent this email in       error. We honor all removal requests. Submit your remove request at: http://antivirusline.com/goodbye.html.