An ongoing crisis brings new meaning to the phrase "unfair business practices". Please watch this page for updates and further information Last modified - October 28, 2003. Hello Sir This is not spam. If you don't want to answer - just ignore this e-mail. Our project www.boxedart.com is looking for young talented designers. We will provide good work for them - we can order unlimited ammount of website templates for great prices (5-10$/template). Please send us your portfolio to jobs@boxedart.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ BoxedArt Employment Team jobs@bigresources.com ICQ: 73592108 If you received the above email, or any other suspicious email, check the headers, and please continue to follow the instructions below, as with the previous spam attack. Thank you for your support. Greetings, and thank you for allowing us the opportunity to discuss a situation that has become quite dire for our company. Before we continue however, there is an important message that we would like to deliver to all users of the web that have received multiple messages from us, starting in the month of June, 2003: IF YOU RECEIVED UNSOLICITED EMAIL ADVERTISING BOXEDART.COM - WE DID NOT SEND IT! The bogus "advertisements" that are being sent, claiming to be on behalf of our site, are sent as an attack against our company, and are commonly known as a "Joe Job". This Joe Job (or spam attack), uses a form of Internet "identity theft", which is extremely simple for anybody with access to a POP3 account to perform, because when sending outgoing POP mail, all that is needed to spoof the sender's address, is to simply fill it in with the desired sender's name - and presto, an email has been sent using the identity of another individual. Why Would Someone Advertise Your Site as An Attack? Lets say you received 30 messages within 5 hours from a company that is advertising their services to you, would this be an appealing way for that company to introduce their services to you? Nobody else thinks so either. That's the entire point of a Joe Job, it annoys and frustrates the recipients of the emails until they can no longer tolerate the constant nuisance of email after email containing the same advertisement from the same company. Often, these enraged spam victims will take their own actions against the site that they believe to be responsible, especially if there is personally identifiable information available in the spam (the Joe Job against us contains exactly this). These enraged users will then often: Reply over and over trying to unsubscribe, mail bomb the return address with hundreds of messages, include huge file attachments in their replies, report the "offenders" to their webhosts, report the "offenders" to their domain registrars, call and scream at the "offenders", threaten the lives of the "offenders", report the "offenders" to the authorities, and threaten or file suit against the "offenders". In the case of the spam that is going out in the names of BoxedArt.com and Big Resources, Inc., all of the above has been happening 30,000 - 50,000 times per day, in response of the 100,000's of daily emails being sent in our name, and it is increasing at a growing rate. Why Don't You Stop These Attackers? We are making every attempt to put an end to these bogus spam emails, trust us, we want it to end even more than you do. If you've been hit by 5, 10, 20, 30, or even 100 of these emails per day, you know how frustrating it is to be emptying your inbox of garbage every few minutes. Now imagine you are receiving 50 - 70 messages per MINUTE, only these messages are not advertisements, they are hate mail full of obscenities, or death threats, or threats against your family, or threats against your business, or mail bombs - this is exactly the end of result of the spam attack that is happening on our company, only it is not the attackers that are sending these emails to us, it is the recipients of the repetitive spam. It is being sent from normal folks, doctors, teachers, housewives, individuals that are normally calm and rational, but that have been pushed to such a point of annoyance, that the foulest vulgarities and threats that we have ever read are flying from their fingertips into our inboxes, by the 100's, by the 1000's, and by the 10's of 1000's, it is a phenomenon that I have come to call "spam rage". We have been attempting to reply to each and every of these emails, quite a task as you can imagine (and our outlook express clients have begun to fall behind in the war), because we feel that everyone deserves to know why their inbox is being flooded by a large number of messages by someone that has decided to use our names. The most common reply to our explanation of our situation has been "why don't you just stop these attackers"? Wouldn't it be great if we could just flip a switch and do so? Just turn off the attack, or even just send an email to the attackers saying: "Hello, we've received a few complaints, it seems that folks just don't want the email you are sending them (we're surprised too, we thought for sure most Internet users would like to receive a few hundred emails from you, pretending to be us, but you live and you learn right)! So anyway, think you can stop? Thanks!" But obviously, we wouldn't get much of a reply from doing this, so the next obvious method of stopping the attackers would be to just shut them down right? Well here's where the fun begins. In all likelihood, there is not one spammer/attacker sending these out, but several. Some information that we have colleted leads us to believe that these attackers may be located in Asia, as well as possibly Eastern Europe. The real trouble is that these "few" attackers, are not using a source to send the attack that is easy to shut down. They are controlling thousands (or 10's of 1000's) of "zombie" (hacked) servers, and abusing servers with open relays (servers that freely allow mail to be sent through them by anyone). So we can shut them down all day and all night, but unfortunately, there are enough insecure boxes connected to the web for these attackers to hop around, and add more power to the attack endlessly. Why Are These Jokers Attacking You? Starting waaay back in December (or possibly even earlier of 2002). Several well known template sites (we will just call them TS, DG, and L2D), were under a similar attack. At the time, these sites were among the largest template targets on the net. BoxedArt.com had been around for a little while at this time, but had not yet really started to blossom. These three sites were DDoS'd (read further below if you would like information on a DDoS), and Joe Jobbed terribly, one of them was pounded out of existence, and even lost its domain name. During this time, BoxedArt.com was mentioned in one of the Joe Job emails as an ally of DG (one of the sites being attacked), but was it was not a primary target, nevertheless, we did catch SOME complaints from the spam that was sent out. However over the past several months, BoxedArt.com has really bloomed, and has become one of the most recognizable sites on the web for purchasing web templates and web graphics. These original attackers (who remained at large from their previous round of assaults despite an FBI investigation at the time) have since returned for another round of assaults, this time focusing in on BoxedArt.com as a prime target to take down using a variety of assault methods (oh, you thought the spam was the worst of it did you)? Who Are the Ones That Hired The Attackers? Ahhh. Our second most popular question! I thought you'd never ask! The names of at least 2 suspects have been given to us by the Computer Intrusion Cyber Squad of the Los Angeles FBI (yes both of them are template sites), however there is not yet enough prosecutable information collected such that we can make a formal public allegation against the business(es) that are believed to be involved. If we were to print (or respond to questions) with the name of this/these business(es), and we were not yet able to prove it, then the very sites that are attempting to pound our site out of existence, could very well sue us in turn for a deformation of their character! This information will be released by the FBI, and by the FBI only, if and when they are able to collect enough information (however we hope that every attack will bring them one step closer). What Other Attacks Have You Faced? As mentioned above, another tactic these attackers have used, in the attempted elimination of our site, is called a DDoS attack. To keep this article somewhat reasonable in length, I will not go into great details of what a DDoS attack, there is a very comprehensive article already up at: http://grc.com/dos/grcdos.htm that gives a very detailed account of the effects and sources of a DDoS. Needless to say, the DDoS attacks against us have been very severe. We encountered at least 7 total days of downtime during the month of June, 2003, because of the heavy saturations of DDoS attacks that we were hit with, and web hosts that would simply shut us down when we experienced one. These attacks have not completely stopped, but we have been filtering them to the best of our abilities, and have become stable enough such that the attackers have decided to switch gears and try eliminate our site through the force of the public, instead of through the force of packet flooding. What Can "I" do to Help Stop the Spam? If you've been reading this entire story, then you already know that these attackers are not easy to stop. Their arsenical of servers is tremendous, and our entire staff is drowning at the bottom of a seemingly endless pool of spam responses from this Joe Job that has been slamming our site to no end. However, despite the tremendous arsenical at the disposal of the attackers, there is something that you can do to help slow down the volume of email that they are able to send. I have pasted instructions below that require SOME technical abilities to follow, but which may remove some of the ammunition that these spammers have at their disposal. What to do when you receive a spam message from these attackers: 1. In your email program, enable viewing of 'Headers'. Example: Received: from adsl-156-134-98.bgk.bellsouth.net [66.156.134.98] by publishingresources.com (SMTPD32-8.00) id AD587D1017C; Wed, 04 Jun 2003 16:58:00 -0400 Message-ID: <2003063883.31625.qmail@bigresources.com> Date: Wed, 4 Jun 2003 13:59:48 -0700 From: "Jason M. DesRoches" The only part of these headers that you CANNOT forge is the Received: lines. Notice that this message was from 66.156.134.98, which is a BellSouth IP address. (All IP addresses are assigned to companies/countries.) I again EMPHASIZE - The sender's EMAIL ADDRESS is SPOOFED. This is where the attacker wants you to believe the mail is coming from -- but it is NOT. The sender's email address is worthless. 2. Now go to SpamCop and paste all the headers into their website and hit Interrogate. SpamCop looks up who owns the IP and tells you who to send Abuse reports to (The above headers have already been reported to BellSouth). On the next page you will be able to send the correct party an abuse report. In your message, please include the entire email that you received, and include a message such as: "I am receiving spoofed messages from the server addressed in the headers of this email. Please shut down this server immediately, or close the relays on the box. You are hosting a machine that is spamming and may be held liable if you refuse to correct this issue." What Else Can I do to Help? As you've probably understood by now, we're flooded beyond imagination with replies to the spam that is being sent out. We need some help spreading the word that this spam is false -- there will come a time (and it may be soon) that the volume of incoming email overwhelms us altogether and we will no longer be able to pass this information to those that write in. We need your assistance in spreading this information by any medium -- post this link on a forum where someone accuses us of spam, tell your friends about this page if they've received the spam. If you have any other medium of helping us deliver this message, we can sure use it. What Else Can We Expect to Happen? The most recent element to the Joe Job attack, has been the inclusion of child pornography in sequence with the bogus emails from our site. We've received reports from numerous receivers of the spam, that immediately after receiving a BoxedArt spam, they also receive am email advertising for child pornography. It may be that the spammers are just plain getting paid for advertising this filth, or perhaps they are trying to link our site to this material. In either case, you should also report these emails using SpamCop as indicated above. BoxedArt.com and Big Resources, Inc. express our most sincere apologizies to anyone that has been flooded with this spam. We would like to thank you for your understanding in this matter. Sincerely, The BoxedArt Team http://boxedart.com |