Massive Lockergnome Spam Look-a-Like Campaign! Lockergnome “Spam” Joe Job Implicates Apple’s Mail Servers! - 1,769 Views, 1 Comment
|
Previous Article « Motion Picture Association (MPAA) Accused of Hacking - Hires exTorrentSpy Employee Robert Anderson to Break Into TorrentSpy Servers
Read Next Article » Security Hole in Microsoft Excel
The Internet Patrol has received several examples of spam which has been sent out under the Lockergnome name, and through Apple’s mail servers. The spam includes fake confirmation requests to join various Lockergnome newsletter mailing lists, In addition, other pieces of the spam campaign include actual Lockergnome newsletters, despite not having confirmed (or even requested) to receive them. The copies of the spam Lockergnome newsetters we saw were addressed to “s.jobs@apple.com”. The fake spam Lockergnome confirmations look like this, and also spoof Lockergnome’s real email service provider, WhatCounts: Your email address ‘elided@deleted.com’ has been submitted to be To confirm that you want to join this list, simply reply Also, make sure that your message is sent to ‘elided@whatcounts.com’. If you Alternatively, you can simply click on this link to confirm your The IP addresses through which this spam is being relayed include 17.254.13.9, 17.128.113.37, and 17.254.13.22, all of which are Apple mail server machines. (They are mail-in6.apple.com,, relay7.apple.com, and mail-out3.apple.com, respectively.)
Follow Anne on Twitter
From: confirmations@whatcounts.com
Subject: Your confirmation is needed (ok i160929001150989078925)
Date: June 22, 2006 8:11:35 AM PDT
To: [elided]
subscribed to the ‘Media Center’ mailing list. The list creator
has asked that all new sign-up requests be confirmed.
to this message leaving both the subject and message body intact. It’s important that
the words ‘ok i160929001150989078925′ appear in either the subject or
body of your message (it’s fine if they appear in both places).
simply press your email client’s ‘reply’ button this should happen automatically.
request: http://www.whatcounts.com/bin/confirm?code=i160929001150989078925
Twitter Explained in Plain English
Previous Article « Motion Picture Association (MPAA) Accused of Hacking - Hires exTorrentSpy Employee Robert Anderson to Break Into TorrentSpy Servers
Read Next Article » Security Hole in Microsoft Excel
Read more:
» How to Stop Spam - for Windows Users
» Using a Gmail Account in Conjunction with Your AntiSpam Program as the Perfect Spam Folder
» Massive Joker DNS DOS Takes Out Portion of Internet
» California, Feds Slam Spammer Who Used Affiliates
For additional similar stories check out our archives on Spam
NOTE: We never, ever, ever will recommend any product or service on this site that we have not regularly used ourselves and do not wholeheartedly believe in. That said, in some cases after being very pleased with a product or service, we may enter into a relationship with the provider of that product or service such that if someone purchases that product or service based on our recommendation, we may get a small payment. Such payments go towards the upkeep of the Internet Patrol.
I had a problem looking for a Lockergnome download last night, I kept getting redirected to somewhere other than the download site. I wonder if that was related. I guess I could dredge up the Lockergnome post and examine it more closely.
Comment by Val Golding — 6/22/2006 @ 9:49 am