There's been somewhat of a rise within the last week or two, of spam for two specific things - "ExtraIncome", and penny stock fraud. Penny stock spam is definitely winning so far, having racked up over 2000 emails within the last week alone.
The subjects have been as varied as the number of IPs they have originated from. So far they've included;
I've popped a copy of the emails inclusive of their headers (naturally), on the server, for those that want to take a look;
One thing I did find curious, is the dates - I'm used to seeing spam push its date into the future, but these have also gone the other way, choosing dates years previous.
The ExtraIncome spam however, all (also rather curiously), goes straight to a single website;
IP PTR: v16143.1blu.de
ASN: 42730 22.214.171.124/19 EVANZOAS EVANZO e-commerce GmbH
IP PTR: www02.cloudsfor.com
ASN: 49973 126.96.36.199/19 TELEPORT-TV-AS Teleport-TV Ltd
Other domains that have been seen both in spam, and on these IPs, includes;
Some of these domains have since moved to;
IP PTR: 62-76-180-234.clodo.ru
ASN: 48172 188.8.131.52/23 OVERSUN-MERCURY Oversun-Mercury Ltd
The NS that they appear to have setup specifically for these, is dnsultrahighspeed.com. You'll also not be surprised at the registrar - BizCN.
Subjects for these so far;
For those wanting to see what the site looks like;
A copy of the emails and headers for those interested, can be found here;
Why am I posting about this here? Simply put - I needed a break from work as I've been working (with the exception of a couple hours yesterday afternoon), since waking up yesterday morning.