Nov 092008
 

Last updated on November 20th, 2015

Last month, I made a posting called Spoofed Emails Make Me Look Like Dodgy Software Saleman …. I’m now beginning to see the bigger picture after I followed through the initial investigation after receiving another email spam today.  My interest was piqued because the spam was very different but the final web page destination was not!

It pointed to http://formarnione.com/ which, if it’s still going, is the same as http://lierkaser.com/ from last month.  The website is registered like so:

Domain Name: FORMARNIONE.COM
Reseller…………..: PlanetDomain
Created on…………: 8 Nov 2008 07:02:16 EST
Expires on…………: 8 Nov 2009 07:02:16 EST
Record last updated on: 8 Nov 2008 07:02:16 EST
Status…………….: ACTIVE
Owner, Administrative Contact, Technical Contact, Billing Contact:
Joan Vairo (ID00391833)
11 Bay Point Drive
Toms River, NJ 08753
United States
Phone: +1.2127734859
Email:

You can find it on google maps here:
View Larger Map

Further fishing, took me to this forum post on FraudWatchers, say, and to this very informative website which everyone should bookmark immediately! http://spamtrackers.eu/wiki/index.php?title=Main_Page

A host of highly informative stuff is in the root http://spamtrackers.eu but for now, let’s go here to:

Eurosoftware_1_.jpg

…. which is all about the very problem I’m poking with my metaphorical stick.

Today’s site, formarnione, isn’t listed, which is hardly surprising when you read all the information.  A key bit is the link to Leo Kuvayev who has been responsible for a shed-load of nasties for years.

Leo_Kuvayev_1_.jpgWhack his name into Google.  Bizarrely, for someone so nefarious, he has less online pictures than a mafioso!  There are 4 identical ones, all on spock.com, but whether that’s him or not – he just looks too nice and smiley for words!

Anyway, I’ve done a few spamtracker suggestions, including using the wacky little tool called “The Complainerator”   😀    It’s quirky, but works!  Now let’s see if our friends in the Far East at http://59.63.157.213/ actually do anything.

EuroSoftMarketSecurity

EuroMarketSoftware security details! n.b. Firefox address bar NOT green!

The forged software website, http://eurosoftmarket.com/  stays mostly constant because the “secure” purchase area is sub-domained off like https://secure.eurosoftmarket.com/!  What you make of the security is your business.  I just know that Firefox doesn’t go green, even though there is some sort of certificate…  Check the (wide, I know) picture.

But I tell you, the funniest thing about the whole shebang, is right at the very bottom, next to the “money back policy” and “terms and conditions”, they have the audacity to put the following phrase:

© Euro Software LCC`2005-2008

Ha Ha Ha Ha Ha Ha

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)

© 1977, Strangely Perfect.