Sunday, January 23, 2011
Following a Spammer's Trail
Yesterday, a friend posted an odd message to my Facebook wall. As soon as I read it I realized that her account was highjacked, probably by visiting a nefarious website.
This can happen when you click on a link that takes you to a website while you're still logged into Facebook. At this point, the nefarious website will exploit a vulnerability in your web browser and post something to Facebook on your behalf.
I decided to follow the trail. It started with a post that took me to allfreeipad.com (to be on the safe side, don't visit these websites).
AllFreeiPad.com redirected my web browser to www.ipadfree4me.com which lead me to www.ipadfree4me.com/freeipad.htm.
After all these hops, you're now at elitesiteemporium.com. This domain name is private, so you can't see who actually owns it, but you can find out that its IP address (22.214.171.124) reveals that it's located in Russia. However, this isn't the end of the line, after a few more hops, you'll end up at a web page that wants you to enter your e-mail address so that they can send you a free iPad.
The trail ends at yourrewardinside.com's servers (IP address 126.96.36.199) running on a network leased to MPC Systems LLC which could be based in Delaware or perhaps Texas, depending who you ask.
Keep in mind that there are two parties (confederates) involved in this scheme which could be unrelated, but that's usually not the case. One party created the nefarious web page which posted their message to your Facebook wall, without you knowing, and the second party is located at the destination website (yourrewardinside.com) which claims that it will give you an iPad for the low (free) price of giving them your e-mail address.
I wouldn't recommend giving them your e-mail address.