Friday, November 22, 2013

PerniciousMalware

I have renamed PeskySpammer PerniciousMalware due to the large amount of malware they keep shoving out.  Will it ever end?  Who knows.

But I do know ever since they sucked in all of the fake email addresses out of their from list and added them to their to list I have had a steady diet of several hundred spam messages per day when they are sending spam and almost a dozen malware per day when they are sending malware.  This has gone on for over a year and a half now.

Let me see if I can explain this to the PerniciousMalware people who don't seem to know how mail works.  Many IWSPs (Internet Web Service Providers) set their customers up with email that is compliant with the old RFC when they get a combo email + web-site.  What that means is that for any user that is not known, those email messages go the postmaster. for the domain  Who is the postmaster for my SecureMecca.com domain?  Me.  But after looking at PerniciousMalware's list of users that they use to send to my domain, I noticed that almost all of the user names are just hexadecimal hashes.  So I wrote a program that PernciousMalware can use to remove not only the fake users at my domain, but it will remove the fake users at all domains.  Here is the folder that contains the programs:

Winnow Hash Users

The 0-Instructions.txt file shows how to make it work and is also included in the zips.

Use the program in good health to remove all of those fake users from your send-to lists.  All you are doing by sending hundreds of spam messages per day is making who ever you are doing it to mad as hell.  So I advise you alter the program (it is covered by the GNU license) in your bot email address gathering to exclude the hexadecimal-hash user-names before they even get added as well.

The hexadecimal-hash users aren't the only kind of bogus users you have but you have to start some place.  I suspect that some of those people may even purchase your wares once the flood of spam becomes just one message every so many weeks.

Finally sending Windows malware to somebody using Linux isn't going to get you anything but more people knowing about it faster and the AV companies detecting faster.  I faithfully make them known to as many other people as time permits.

You are welcome.

Tuesday, November 12, 2013

FanBoy For AdBlockPlus Gone

I just went to replace my EasyList + EasyPrivacy lists with FanBoy-AdBlock + Fanboy-Tracking and let Liste-FR handle it however only to find they were gone!
Please say it isn't so.  Just yesterday I blocked several hosts in the lphbs.com tracker domain that I block in my PAC filter and FanBoy-Tracking also blocks the hosts in the domain.  But EasyPrivacy doesn't.  You have proof right there that FanBoy was needed and is still needed.  I always recommended to others to take the FanBoy lists because they were less obtrusive and less likely to cause you problems.

So FanBoy, please come back.  If you need other people, find local people willing to take it over for you.  As I see it, nobody can do this for more than 3-4 years before they get jaded and finally burned out.

FanBoy, if you are never are coming back, thanks for all of the hard work.  You have no idea how much you have helped other people.  That especially includes me.  Thanks!

Oh. you don't believe me about the Tracker rule?  Here mine is:

BadDomains[i++] = ".lphbs.com";

EasyPrivacy does not have it and many other rules that you have.  We really do need FanBoy revived, so people with a PayPal account with funds, make a donation to keep their good work going.