Hey guys,
 
Anyone else receive this subject on the 14th...
"AMERICAN STOCK MARKET: TRHL Retains Sky Investor Relations...edita", where edita was changed with multiple names.
 
Not strange that I received spam, however I received the same message 8 times to the same address with about 2-3 per hour. My spamassasin picked them up but the strange thing was they all came from different IP addresses and I couldn't traceroute any of them...
 
All of them stop at 202.37.246.18 (Global-gateway)
 
eg.
traceroute 89.87.209.213
traceroute to 89.87.209.213 (89.87.209.213), 64 hops max, 44 byte packets
 1  gateway (219.88.241.241)  1.679 ms  2.403 ms  1.358 ms
 2  fe0-0.cr1.idc.orcon.net.nz (219.88.242.250)  0.863 ms  0.872 ms  0.852 ms
 3  fe-1.qos2.idc.orcon.net.nz (219.88.242.226)  1.134 ms  1.004 ms  1.128 ms
 4  219.88.242.233 (219.88.242.233)  1.774 ms  1.906 ms  1.567 ms
 5  202.50.245.33 (202.50.245.33)  39.962 ms  93.651 ms  6.643 ms
 6  ge-0-3-0-6.akbr3.global-gateway.net.nz (202.37.246.18)  6.165 ms !N^C
 
Ip addresses they were sent from:
99.27.67.200
202.163.151.24
89.87.209.213
112.188.234.68
45.38.78.200
244.128.164.67
168.80.80.67
64.215.105.194
 
In all cases the messages were stopped as they were listed in blacklists.
 
RCVD_IN_NJABL      (0.9 points)  RBL: Received via a relay in dnsbl.njabl.org
                   [RBL check: found 45.38.78.200.dnsbl.njabl.org.,]
                   [type: 127.0.0.9]
RCVD_IN_UNCONFIRMED_DSBL (0.5 points)  RBL: Received via a relay in unconfirmed.dsbl.org
                   [RBL check: found 45.38.78.200.unconfirmed.dsbl.org.]
RCVD_IN_BL_SPAMCOP_NET (3.0 points)  RBL: Received via a relay in bl.spamcop.net
                   [RBL check: found 45.38.78.200.bl.spamcop.net.]
 
They were also stopped because of forged headers, some having forged froms, forged MUA Outlook, etc.
 
The thing I don't understand is that there was no consistency, all the emails from different IP's, all different forged header fields, all not tracerouteable and within 30 minutes of eachother to an address only listed on a new zealand website.
 
Weird, sounds very much like the spam system explained on the list not too long ago.
 
Barry Murphy