fake unsubscribe

[universal4]

Todays spam contains fake unsubscribe details.

The entire spam is a single image that has one single hyperlink, so that if you click the section where it says to unsubscribe you are transported to the same place as the advertising intends.

The mailer has attempted to conceal their link through a series of redirects.

The mailing is going to email addresses contained within a whois lookup.

FROM: Lucky Emperor Casino<Platt@golfshore.com>

SUBJECT: Play with your Lucky Emperor Gift-Card Today

The actual href is:
xhttp://www.golfshore.com/CHGV1896_3/3228/wqlxhtudo7diiloldvhuG/toedtg/u.htm

which resolves to:
xhttp://www.golfshore.com/red/V1896.asp?linkid=3

which resolves to:
xhttp://www.luckyemperor.com/splash.asp?aff_id51_145_3140_1192_1_316_3&pop_ up=1&from_id=1


codes contained in source code:

Code:

<a HREF="https://luckyemperor.microgaming.com/luckyemperor/default.asp?BTAG=51_145_3140_1192_1_316_3" target="_newWin">


exit script on the page
<script SRC="./exit/exit_js.asp?aff_id=51_145_3140_1192_1_316_3&from_id=4" LANGUAGE="JavaScript1.1"></script>

Also interesting to note is that the image is being served from
xhttp://www.webgreenlight.com/email/le/le_500350_031104/le_500350_031104.gif

Spam is bad enough, but to completely LIE about any kind of remove process makes all casino marketers look bad.

Rick
Universal4

[universal4]

Appears to be same pattern as above.

FROM: Aztec Riches Casino<Appleton@asandox.com>
SUBJECT: New players receive a Huge welcome Bonus!

The actual href is:
xhttp://www.asandox.com/CHEV1956_1/3234/wqlxhtudo7diiloldvhuG/toedtg/u.htm

which resolves to:
xhttp://www.bevivek.com/red/V1956.asp?linkid=1

which resolves to:
xhttp://www.aztecrichescasino.com/default_us.asp?btag=BanAff10927.email_arc_01&c id=azr

This mailer has a remove process which is hidden with a font color the same color as the background. How honest is that?

Rick
Universal4

[universal4]

This group just doesn't stop!

FROM: Carnaval <Webb@asandox.com> (might be fake but appears domain is not)

xhttp://www.asandox.com/CHEV1895_3/3236/wqlxhtudo7diiloldvhuG/toedtg/u.htm

redirects to

xhttp://www.blackjackballroom.com/splash.asp?aff_id=51_145_3100_1192_1_237_3&pop _up=1&from_id=1



Attention affiliate managers....please have a talk with these individuals....as this stuff makes us ALL look bad.

Rick
Universal4

[universal4]

Here is another one.

FROM: Lucky Emperor Casino<Malory@bevivek.com>

See the fake From above?

Hyperlink of
xhttp://www.bevivek.com/CHFV1896_3/3269/wqlxhtudo7diiloldvhuG/toedtg/u.htm

Redirected to
xhttp://www.luckyemperor.com/splash.asp?aff_id=51_145_3140_1192_1_316_3&pop _up=1&from_id=1

Casino Rewards, do you really want marketers sending spam "PRETENDING" to be mailing DIRECTLY from the Casino?

Hmmm...

Rick
Universal4