Todays spam contains fake unsubscribe details.
The entire spam is a single image that has one single hyperlink, so that if you click the section where it says to unsubscribe you are transported to the same place as the advertising intends.
The mailer has attempted to conceal their link through a series of redirects.
The mailing is going to email addresses contained within a whois lookup.
FROM: Lucky Emperor Casino<Platt@golfshore.com>
SUBJECT: Play with your Lucky Emperor Gift-Card Today
The actual href is:
xhttp://www.golfshore.com/CHGV1896_3/3228/wqlxhtudo7diiloldvhuG/toedtg/u.htm
which resolves to:
xhttp://www.golfshore.com/red/V1896.asp?linkid=3
which resolves to:
xhttp://www.luckyemperor.com/splash.asp?aff_id51_145_3140_1192_1_316_3&pop_ up=1&from_id=1
codes contained in source code:
Code:
<a HREF="https://luckyemperor.microgaming.com/luckyemperor/default.asp?BTAG=51_145_3140_1192_1_316_3" target="_newWin">
exit script on the page
<script SRC="./exit/exit_js.asp?aff_id=51_145_3140_1192_1_316_3&from_id=4" LANGUAGE="JavaScript1.1"></script>
Also interesting to note is that the image is being served from
xhttp://www.webgreenlight.com/email/le/le_500350_031104/le_500350_031104.gif
Spam is bad enough, but to completely LIE about any kind of remove process makes all casino marketers look bad.
Rick
Universal4