Published in News

Spammers reveal their entire operation

by on07 March 2017


Thanks to poor security


A top spammer has accidently revealed its entire operation thanks to poor security.

River City Media (RCM) sends a billion unwanted messages a day but has been exposed thanks to a joint effort by Mackeeper’s Security Research Centre, CSOonline and Spamhaus.

Chris Vickery, one of Mackeeper’s operatives, discovered an unsecured and publicly exposed repository of company backup files containing damning information about the practices of an initiative led by Matt Ferris and Alvin Slocombe.

RCM positions itself as a legitimate marketing company, subject to the regulations around mailshots, while surreptitiously approaching one billion illegitimate spam mails daily.

The researchers found incriminating logs and chat exchanges exposing the hacks and workarounds to make sure that RCM could keep ahead of the anti-spammers.

One exchange explains how the outfit could open the maximum possible number of connections whilst staggering their own response packets in a haphazard way, preventing conventional protections against such spamming operations for as long as possible.

It is a similar technique used by hackers to cripple a web server, but spammers don’t want the server to go down, just to control what it does.

The researchers report that details about RSM’s operations have been sent to Apple, Microsoft, Salted Hash and other concerned parties, and that their approach to law enforcement agencies has been met with great interest.

More than 1.4 billion user details were found in the data base including full names, IP addresses and, in many cases, real-world addresses. A lot of the information is out of date but a great proportion of the entries appear to be valid.

Spamhaus is blacklisting RCM which should go a long way towards crippling to RCM’s operations.

Last modified on 07 March 2017
Rate this item
(0 votes)