Fight Back for Golarger Spam

Yesterday, I talked about golarger, which I claim to be both Net Send Spammer and Blog Comment Spammer. Shortly after that, I am very happy to see SImo posted about the effort to fight back for Golarger Spam. Please read this.

In contesy of Simo, I quoted his comment here.

!!! FIGHT BACK FROM NET SEND SPAM !!!

It does pay to advise the ISP that the NET SEND SPAM is coming from….Please see this email I just recived :

Hello,

your report was registered, due disciplinary measures about our customer are on the way.

Meanwhile, please accept our apology for Your trouble.

Best regards.

=================================================

Abuse Staff

Seat Pagine Gialle s.p.a.

http://tin.virgilio.it

Area Internet – abuse@tin.it

Consulta la guida sulla sicurezza alla pagina http://tin.virgilio.it/periniziare/guida/sicurezza.html

==================================================

===== Original Message =====

From: “Simon Frappell”

To:

Sent: Thursday, February 27, 2003 12:52 PM

Subject: Net Send Spam Abuse

> Hi,

>

> I’m getting Net Spam coming from this address : 80.116.221.181. Can

> you please see that this is stopped.

>

>

> Spam details :

> 02/27/03 21:29:42 UPLOAD_SUCCEEDED OK REPORT_INSERTED

> FWIN,2003/02/27,21:29:40 +10:00

> GMT,80.116.221.181:26142,203.45.218.24:137,UDP

>

> Event Type: Information

> Event Source: Application Popup

> Event Category: None

> Event ID: 26

> Date: 27/02/2003

> Time: 9:26:53 PM

> User: N/A

> Computer: PSYCHO

> Description:

> Application popup: Messenger Service : Message from GOLARGER to on

> 2/27/2003 8:45:34 PM

>

>

>

> www.golarger.com

> www.golarger.com

> www.golarger.com

>

>

> We are the #1 MALE ORGAN ENLARGEMENT

> supplement on the web. We guarantee the

> success of our program or we will refund every

> penny. Come find out why more men AND WOMEN

> come to us than any other site.

>

> Enlarge your member 1-3 inches in a matter of days!

>

>

> www.golarger.com

> www.golarger.com

> www.golarger.com

>

> Whois information captured by my Firewall. :

>

>

> inetnum: 80.116.128.0 – 80.116.255.255

> netname: TINIT-ADSL-LITE

> descr: Telecom Italia

> descr: Accesso ADSL BBB

> country: IT

> admin-c: BS104-RIPE

> tech-c: BS104-RIPE

> status: ASSIGNED PA

> remarks: Please send abuse notification to

> abuse-bbb@telecomitalia.it

> notify: ripe-staff@telecomitalia.it

> mnt-by: TIWS-MNT

> changed: net_ti@telecomitalia.it 20020801

> source: RIPE

>

> route: 80.116.0.0/16

> descr: INTERBUSINESS

> origin: AS3269

> notify: network@cgi.interbusiness.it

> mnt-by: INTERB-MNT

> changed: net_ti@telecomitalia.it 20020517

> source: RIPE

>

> person: BBBEASYIP STAFF

> address: Via Val Cannuta, 250

> address: I-00100 Roma

> address: Italy

> phone: +39 06 36881

> e-mail: ripe-staff@telecomitalia.it

> nic-hdl: BS104-RIPE

> notify: ripe-staff@telecomitalia.it

> changed: net_ti@telecomitalia.it 20001019

> source: RIPE

>

> Awaiting your reply,

> Simon Frappell.

>

Beautiful fight back, SImo. I wonder what the “due disciplinary measures” are. I am looking to see if there is any further investigation of this issue. Please keep us updated. Thanks.

Easiest way – turn off Messenger service

The easist way to stop receiving this kind of message is to turn off Windows Messenger service. If you are running Windows XP, following these steps:

  • Click Start button on your toolbar.
  • Click Run…
  • Enter “Services.msc” (without quotation marks) and click OK.
  • Browse the list till you find “Messenger” in Name column
  • Right click and click “Stop” on the pop up menu. That is not all. If you don’t want the service to start the next time you start your computer, continue with the following steps:
  • Double click it. The Messenger Properties (Local Computer) dialog box comes out.
  • Choose “Disable” in “Startup type” drop down box.
  • Click OK.

Related

Golarger.com – NET SEND Spamer and Comment Spammer

When I opened my web server log today, I was surprised that many visitors are visiting my site via Yahoo! or Google just to find out who is golarger or golarger.com. (Yes! I intensionally didn’t hyperlink this URL since I don’t want to contribute more traffic to this spammer’s web site).

Why are people interested in golarger

It is obvious the 221 hits for searching the exactly the same term golarger is not just by chance that people happen to think about this term together. When the sudden increase of a word in my web log, I know something special happened. This is the case of golarger.com.

The truth is, golarger.com sent out Windows Messenger spam to a lot of people, asking them to visit their web site. I don’t know how many yet.

According to Work of Fiction, Brad Nugget received the popup box like this:

Message from GOLARGER on 2/15/2003 11:55:17 PM

www.golarger.com

www.golarger.com

www.golarger.com

We are the #1 MALE ORGAN ENLARGEMENT supplement on the web. We guarantee the success of our program or we will refund every penny. Come find out why more men AND WOMEN come to us than any other site.

Enlarge your member 1-3 inches in a matter of days!

www.golarger.com

www.golarger.com

www.golarger.com

Brad, sorry that I cannot link to the orginal blog entry on the site since the archive link on this site does not work when I visited

Someone even posted the Network Monitor result of the analysis here.

Bad. Very bad!

As always, I hate NET SEND SPAM of any kind. If you are interested, please see my previous blog entries (the pages enjoy the highest hit rate of my whole blog site) on NET SEND SPAM.

Why searching for golarger leads to my page?

I was asking the same question then. This is another bad thing golarger did. Under my page of Stoping Net Send Spam, James left a comment like this:

I mean, honestly… www.golarger.com should be the target of the next “Code Red”…

Posted by: James on February 14, 2003 02:25 AM

I did notice this entry but didn’t pay much attention to this one. Now, the discussion on golarger.com is not popular on Internet, my page became one of the only 4 pages on Internet which contains golarge at the time this entry is created.

James, the bloggerr comment spammer

Again, beside being a “NET SEND SPAMMER”, the lovely James has another title, blogger comment spammer – who sends their advertisement to blogger’s comment system. I used the term from this article.

The battle against Net Send Spam (NSS) just begins

I thought everyone is hating spam, but Mr/Miss/Mrs Marketer told me the opposite thing. He commented in ths comment entry that

So, what do you do when you go to your mail-box outside of your home? Do you beat up the postman when he delivers a piece of junk mail or do you go to court because you received the latest sales flyer from Radio Shack or maybe you call ABC and NBC when your favorite movie is on TV and here comes a commercial. I think not! This whole Spam Issue makes me sick and you should be ashamed of yourself.

Let people advetise…there is nothing wrong with it…it is how you got your website on one of the top search engine pages….OH!, Maybe you forgot that!!!…

I also replied the entry stating

However, net send advertisement directly popup on MY screen no matter what I am doing. It is just like someone jumping into my room and paint their advertisement on MY wall. I don’t care if he/she do it on his wall or on his friends’ wall – as long their friend is OK for that. But I am angry if I see these kind of popups….

Hot debate on net send spam

Many other people joined the debate on the topic of Net Send Spam under my page on Net Send Spam – Yet Another Type of Spam. It is very interesting to see how people think of the same thing diffenetly.

Marketer:

I hope that I was able to maybe shed some light on this subject and enable you to look through the eyes of an Online Marketer who earns just over $3,000 per month Online. This is my small income to support six children of which three are being adopted by my beautiful wife and myself….

Const:

In a word, i think such spamming in the cyber world is not ethical, although one might make a large amount of money from it….

Antimarketer:

Yeah, now this ass marketer is telling us that if he has 3 adopted children and 3 of his own, he has the right to spam. so now if i go an adopt 6 kids, and have six of my own, i guess i can go and kill too, because i will be making a meanie 3000 dollars to feed my kids. what an asshole this guy is, and how stupid can he become ?? …

Marketer

I am asking this board to please use another term

other than SPAM when addressing this form of advertising.

The word SPAM is incorrect, go and see for yourself. Spam relates ONLY to EMAIL…period!…

Reader:

Well, first I have to say that I agree somewhat with marketer.

You pay for cable or satellite to see your movies on tv, then they send you their advertisements that they paid for.

It’s pretty much the same with the internet. You paid for access, and someone else is paying to advertise where you can see it….

iX:

Some boastingly thought this sort of SPAM should continue. I don’t think so. There are certain types of Junk mail it is illegal to send, there are some forms of advertising on the Television that is illegal (subliminal), even though everyone has a TV and is capable to receive subliminal messages, it has been deemed illegal. Net Send messages take processing cycles and comsume memory and network bandwidth, which means I have fewer resources to perform more effective functions. Ditto to Web Popups and Popbacks. These things consume resources and are unsolicited advertising….

Graeme:

In response to the pro spam ad post by Marketer, the patronising attitude of telling me to click “that little x” is not appreciated. Having to close the pop up is not the problem here, it’s the intrusive nature of the advertising. What right does anyone have to force a box with their useless little message onto your screen. Not only is it annoying, but it can potentialy destroy someones work….

anon:

Opt-in email advertising is not only ethical but also appropriate for small business owners in today’s internet society.

I could go on for a while – but I think that my point has been made – IF YOU DON’T WANT TO RECEIVE THE MESSAGES – THEN TURN THE OPTION OFF….

SpamBlows:

We don’t like it. If you love spam so much give us all your ip address, and we’ll spam the hell out of you, and we’ll do it using a dynamic IP…how do you like them apples?…

Ryan:

my friends and i have used net send for years at the university we attend. i was shocked to find out that people have began using such a useful tool as a means of mass advertising. i would like to point out to the readers out there that these people CLAIM to pay thousands, and if they are foolish enough they actually may, but in fact anyone with an extra 15 minutes can send these spam messages to every ip in the world for free….

Want to be heard of what you think?

You can view the full text of the discussion under this page:

I also welcome you to join the discussion to be heard – this is the first place every body goes if they search for “NET SEND SPAM” in Google, Yahoo! or MSN, at the time when this blog is written.

ICBC Card

I have a very interesting card – the ICBC credit card. It can only withdraw cash from ATM machine outside P.R.China but not within the country. It is a card issued by Industry and Commercial bank of China! How strange it is.

It is also the first card I don’t need password in China to purchase or to withdraw money. I don’t need a citizen ID card either.

315.51 + 425.17 RMB/USD

Eyes on Guangzhou

It is reported that the Outbreak of Atypical Pneumonia is under control. It is good news. However, from the individuals ofr the city, the anxiousity don’t seems be to controlled yet.

I have a lot of friends and classmates in Guangzhou, and Shenzhen. I am concerned about their situation and worried about them. So I keep a close eye on our class BBS to see how well they are doing. But I feel even anxious when reading the pieces of posts. I have to say, most of the news are not confirmed – or I have to say, “officially” confirmed yet, but it is definitely confirmed people in Guangzhou are discussing this.

Feb 13 – “Citizens in Shenzhen rush to stores to buy salt and rice for stock. A very small bag of salt soars to 10 RMB. It is unbelievalbe!”

Feb 13 – “I don’t see people around me to stock rice and salt, bu I read it in newspaper”

Update

Guangzhou Virus Outbreak – Pneumonia-type

According to friends in Guangzhou, unknown virus outbroke in Guangzhou in the previous week. It is widely believed that 200 people have been infected in Guangzhou alone till Feb 10 (two days ago) and more in other areas. The official report said there is only 5 died from the virus.

I don’t know the exact number and I don’t believe anyone has the actual number, but it is very true that the virus has caused wide anxiousity in Guangzhou and in other areas in China. My friends in Guangzhou is planning to leave Guangzhou immediately. White vinegar and medicines have been out of stock in all stores. Even the virus harm is not confirmed, the impact is real. I was planning some visits to Guangzhou but I have to postpone the schedule.

There are some street phones of current Guangzhou.

guangzhou-virus-people.jpg

Guangzhou-Virus-waiting.jpg

Guangzhou-Virus-waiting.jpg

Update

Remove Xupiter.com Toolbar

Currently, I found my computer is infected by the annoying Xupiter.com toolbar. This is very annoying.

The symptoms

One day, I suddenly found whever I type a wrong URL, or when the server I want to visit does not respond, the URL is first changed to a strange format, something like

http:///?%20msn.com, where /?%20 is inserted unexpectedly.

Meanwhile, the page of http://www.xupiter.com/search2error2.html is loaded. Sometimes another pop up window with Ad also appears.

This is really annoying!

What is Xupiter.com?

Thanks for PC Hell to give clear explaination of Xupiter.com as below:

What is Xupiter?

Xupiter Toolbar browser plug-in tools that gets installed on your computer through a popup ad or driveby installation that installs many times without your permission. It can also be loaded as an Active X control in Internet Explorer.

Once installed on your computer, Xupiter proceeds to display pop-up and pop-under ads as you surf the net. It also adds the Xupiter Toolbar to your browser, adds links to your favorites, and changes your home page. Xupiter then proceeds to track your browsing habits and report back to a server.

It also listed the way to tell you if you have Xupiter on your computer.

Follow these instructions:

1) Click on Start, Run

2) Type MSCONFIG and press Enter

3) Click on the STARTUP tab

4) Look in the list for the following item

Xupiter Toolbar

5) If this item is in the list. You have Xupiter installed. Uncheck it to temporarily disable the toolbar.

Update: Now the Toolbar has been upgraded. In step 4, you may also see

XupiterStartup2003

XTCfgLoader

It will run C:\Program Files\Xupiter\upiterStartup2003.exe

If you find these, you have Xupiter installed.

Remove it

It does not work if you delete all files under C:\Program Files\Xupiter folder. On one hand, you cannot delete them directly since some of the files are in use, such as XTCfgLoader and XTUpdate.dll. On the other hand, deleting DLLs and Exe rudely are always dangerous and may lead to instable system.

The best way to is to turn it off by uncheck the check box before the two files in MSCONFIG and restart the computer. Xupiter is not removed but it is not annoying any more. If you want to manually remove it in a graceful way, check Doxdesk.com‘s page for more information.

P.S. Dang An ID 9904154 @ 021-62403626

Shanghai Pudong Airport to Suzhou

A lot of people are asking me about how to go to Suzhou from Shanghai Pudong International Airport. My previous answer was “Go to Shanghai Railway Station and go by train”.

It is not a perfect solution, since the railway station is always the worst and confusing place in China. By worst, I mean it is crowded with all kinds of people – dirty passengers from various areas mixed with thiefs and bad guys. It is confusing because it is always hard to find the ticket counter and even harder to locate the gate to get aboard of train. This is almost mission impossible for a foreigner.

Today, I realized there is an alternative way. Obviously, this is a pleasant way.

Hong Qiao Airport as transition station

You can take Airport bus No. 1 to Hong Qiao Airport. See more in this blog entry.

Go to Suzhou by bus

Almost on the same stop is the stop for Suzhou. There are one bus leaving for Suzhou every hour from 10:00 to 20:00 (10:00, 11:00, 12:00, …, 20:00)

It SHOULD be a nice trip

Since the buses will take the route via the Shanghai-Nanjing Highway, it should be very fast (about 1 hour) to get to Suzhou.

Resources

p.s. I returned from Luoyang to Shanghai today via MU5382

Update: There is direct bus to Suzhou and Pudong Airport June 12, 2004

See this post for more information: PVG: Buses to Hangzhou, Suzhou.

Updated Latest Bus Information September 22, 2004

Here is the updated information of the bus to nearby cities.

Hangzhou 100 RMB 1030 1200 1330 1530 1730 1930

Qing Tian 青田 192 RMB 1310

Kun Shan (via Hong Qiao Airport) 76RMB 1130 1230 1330 1430 1530 1630 1730 1830 1930

Suzhou (via Hong Qiao Airport) 82RMB 1050 1150 1250 1350 1440 1520 1610 1650 1750 1850

Wuxi (via Hong Qiao Airport) 100 RMB 1120 1220 1320 1420 1520 1620 1720 1820

Zhangjiagang (via Hong Qiao Airport) 110 RMB 1140 1250 1440 1540 1740

Nanjing (via Hong Qiao Airport) 122 RMB 1120 1320 1510 1640 1840

If there is any conflict between this table to other time table, this one should be more accurate since I recorded the time table from the poster of the ticket office at Pudong Airport for my visitors.