Home Services Contact Info

Spammers Target Moscow Children’s Hospital – savechilds.net Nasty Xmas Scam

Posted in: General,Security by Richard Hearne on December 7, 2006
Internet Marketing Ireland

You may have received copious spams today with the following:

Spam Christmas Scammers

Going to the URL in question delivers you a very slick website:

SCAM website?

And background on the hospital:

Fake Russian Children's Hospital

Except it’s copied wholesale from here:

www.russischkind.nl

While the homepage seems to be copied from deti.msk.ru:

deti.msk.ru

To be quite honest, I cant say for sure that I would trust any of these sites.

I do know, however, that the slick site that is spamming everyone has got to be fake. So slick, in fact, the only real give-away is the lack of contact details (and the obvious spamming techniques).

The DNS Lookup gives the following cached info:

Using 25 day old cached answer (or, you can get fresh results).
Hiding E-mail address (you can get results with the E-mail address).

Domain Name.......... savechilds.net
Creation Date........ 2006-10-31 17:56:04
Registration Date.... 2006-10-31 17:56:04
Expiry Date.......... 2007-10-31 17:56:04
Organisation Name.... Chuyi ZHU
Organisation Address. Kurchatov sq, Moscow 123182
Organisation Address.
Organisation Address. taiyuan
Organisation Address. 19473
Organisation Address. WG
Organisation Address. RU

Admin Name........... gufty htfy
Admin Address........ Kurchatov sq, Moscow 123182
Admin Address........
Admin Address........ taiyuan
Admin Address........ 19473
Admin Address........ WG
Admin Address........ RU
Admin Email.......... ************@hotmail.com
Admin Phone.......... +7.2147483647
Admin Fax............ +7.2147483647

Tech Name............ he wenjie
Tech Address......... 706,huanandianli building,shennanzhong rd
Tech Address.........
Tech Address......... shenzhen
Tech Address......... 518031
Tech Address......... SZ
Tech Address......... CN
Tech Email........... *************@126.com
Tech Phone........... +86.61280100
Tech Fax............. +86.61280100

Bill Name............ he wenjie
Bill Address......... 706,huanandianli building,shennanzhong rd
Bill Address.........
Bill Address......... shenzhen
Bill Address......... 518031
Bill Address......... SZ
Bill Address......... CN
Bill Email........... ************@hotmail.com
Bill Phone........... +86.75561280100
Bill Fax............. +86.75561280100
Name Server.......... ns2.pokerbotmakemoney.com
Name Server.......... ns1.pokerbotmakemoney.com
Name Server.......... ns7.kindofbullats.com
Name Server.......... ns8.kindofbullats.com

They dont look like the type of name servers a charity would use?

While the real-time DNS lookup returns:

Domain Name.......... savechilds.net
Creation Date........ 2006-10-31 17:56:04
Registration Date.... 2006-10-31 17:56:04
Expiry Date.......... 2007-10-31 17:56:04
Organisation Name.... Chuyi ZHU
Organisation Address. Kurchatov sq, Moscow 123182
Organisation Address.
Organisation Address. taiyuan
Organisation Address. 19473
Organisation Address. WG
Organisation Address. RU

Admin Name........... gufty htfy
Admin Address........ Kurchatov sq, Moscow 123182
Admin Address........
Admin Address........ taiyuan
Admin Address........ 19473
Admin Address........ WG
Admin Address........ RU
Admin Email.......... vince_stebbi@hotmail.com
Admin Phone.......... +7.2147483647
Admin Fax............ +7.2147483647

Tech Name............ he wenjie
Tech Address......... 706,huanandianli building,shennanzhong rd
Tech Address.........
Tech Address......... shenzhen
Tech Address......... 518031
Tech Address......... SZ
Tech Address......... CN
Tech Email........... adminspeed123@126.com
Tech Phone........... +86.61280100
Tech Fax............. +86.61280100

Bill Name............ he wenjie
Bill Address......... 706,huanandianli building,shennanzhong rd
Bill Address.........
Bill Address......... shenzhen
Bill Address......... 518031
Bill Address......... SZ
Bill Address......... CN
Bill Email........... vince_stebbi@hotmail.com
Bill Phone........... +86.75561280100
Bill Fax............. +86.75561280100
Name Server.......... ns2.3fn.net
Name Server.......... dns195.3fn.net

Domain registered on October 31… vince_stebbi@hotmail.com seems to be in both Moscow and Schenzen… This is just plain nasty.

I’ve received about 8 copies of the email. I know most people don’t take any notice, but some might just be taken in by the headline and the slick website.

I called the number on the Dutch website and spoke to a guy called Sergei who is in Spain. Odd? Yes. But he sounded legit and has sent an alert to some group that monitors these sites. Still no harm in putting up the message here.

NASTY, NASTY, NASTY

(If you do want to be charitable this Christmas why not head over to OxfamIrelandShop.com)

You should subscribe to the RSS Feed here for updates.
Or subscribe to Email Updates now:

24 Comments »

  1. Nice catch.
    I haven’t received any yet and wouldn’t ever spend a cent with something spammed to me.

    If it is fake, which it clearly is, it’s a sick way of going about it.

    Comment by Dave Davis — December 7, 2006 @ 3:04 pm

  2. [...] While you’re here can you please spread the word about this nasty bunch of spammers that are trying to scam donations to a children’s hospital in Moscow. More info here. Share and Enjoy: [...]

    Pingback by If You’re Going To Steal Someone’s Design… | Search Engine Optimisation Ireland .:. Red Cardinal — December 7, 2006 @ 3:10 pm

  3. I haven’t got one of them yet myself, but the be honest I don’t donate anything to companies or charities groups I never heard of.
    I know is for a good cause, but there are so many heartless people out there that will use this kind of fake excuses for a get-rich-quick scheme which makes me sick.

    Comment by Louie — December 7, 2006 @ 5:53 pm

  4. I got one today.I was reading an article yesterday on GigOM I think about how spammers are using colour obfuscated text in the images to bypass the filters. Looks like this was very subtle, but it worked.

    Finally, I don’t feel as left out for not getting the same spam as the rest of the Irish :)

    Comment by Dave Davis — December 8, 2006 @ 10:12 am

  5. I will gladly swap email addy’s with you Dave :grin:

    This one really made me angry. They are obviously pushing this – I have received a number of variations of the mail with different images on mutiple email accounts.

    It’s almost as busy as the recent WEXE stock spam.

    Rgds

    Comment by Richard Hearne — December 8, 2006 @ 10:15 am

  6. As it was said above this is very annoying.
    How low can you get to use such a scheme for making money?

    Comment by Louie — December 8, 2006 @ 10:22 am

  7. Maybe I’m just living in plant-cuckoo-land, but I hope that be bringing this to the attention of those affected they might be able to have the site taken out.

    I sent an email to the company doing the payments (US based) but they didn’t respond. If I get no response today from them then I’m going to fire a quick email off to US authorities.

    Comment by Richard Hearne — December 8, 2006 @ 10:30 am

  8. Good idea. Reporting to spamcop etc is only a temporary solution. They’ll just find a way around it. It’s getting to the source that’s the problem.

    I wish there was more that the “Little Guy” could do. This problem is only going to stop if it’s tackled on a global scale by global authorities.

    I’m starting to think that the idea of a relative small fee for email delivery would actually be not so bad.

    And don’t get me started on the stock spam, that’s really doing my nut in.

    Comment by Dave Davis — December 8, 2006 @ 10:53 am

  9. I’d be interested in seeing the email headers. If you want to post them to pastebin so I can have a peek ….

    Comment by Michele — December 8, 2006 @ 8:18 pm

  10. [...] Richard has provided online screenshots and his findings on why this looks to a be a scam, a sickening one at that. Take a look at Spammers Rob From Childrens Hospital and if you have a blog or a site then spread the word. [...]

    Pingback by Ireland SEO Marketing :: Childrens Hospital Online Scam — December 9, 2006 @ 2:37 pm

  11. Pl.unsubscribe from all of your servers

    Comment by rajnish — December 11, 2006 @ 11:41 am

  12. Pl. unsubscribe me from all of your servers

    Comment by rajnish — December 11, 2006 @ 11:42 am

  13. rajnish

    I cannot find you subscribed to any post on this site?

    If you have some problem can you please email me?

    I sent you an email just now about this.

    Rgds

    Richard

    Comment by Richard Hearne — December 11, 2006 @ 11:57 am

  14. Looks as if the site has been pulled.

    Comment by Gavin — December 11, 2006 @ 5:45 pm

  15. That’s good news Gavin :grin:

    Comment by Richard Hearne — December 11, 2006 @ 5:53 pm

  16. I am in Canada and save all my scam mail so I can study it and see if there are patterns. In this one there are many errors and the reference to God making us brothers is a common theme for them. In the past 3 months I have received four copies of the same message. I suggest you give only to a charity that you know well. The scammers will try anything to get into your pockets and bank account.

    Comment by OldGuy1944 — December 20, 2006 @ 5:21 am

  17. [...] Spammers Target Moscow Children’s Hospital – Nasty Xmas Scam By Richard Hearne Hiding E-mail address (you can get results with the E-mail address). … Admin Email………. vince_stebbi@hotmail.com Admin Phone. … I’ve received about 8 copies of the email. I know most people don’t take any notice, but some might … Red Cardinal – http://www.redcardinal.ie [...]

    Pingback by ScamBlog » Blog Archive » Google Alert - email scam — December 23, 2006 @ 3:31 pm

  18. They are pure scum, I got one through the other day in the form of an Evite card supossedly from a women with cancer who needed to give away so many million dollars, it nearly made me sick, email spammers are scum and they should all be locked up!

    Comment by David Eaves — January 8, 2007 @ 12:51 pm

  19. Hi David

    Welcome to my blog :grin:

    Spamming is one thing, but praying on people’s charity to line your own pockets at the expense of those who really need help pisses me off like nothing else. Scum, scum, scum.

    Rgds

    Richard

    Comment by Richard Hearne — January 8, 2007 @ 1:09 pm

  20. That email address (vince_stebbi@hotmail.com) has a lot of spammer’s website

    Comment by thunder — February 4, 2007 @ 9:57 pm

  21. Well I can tell you that a whole lot of people search for him – I see them in my referrers every day.

    Comment by Richard Hearne — February 4, 2007 @ 10:09 pm

  22. [...] I get my share of spam at Red Cardinal. Generally I just delete the crap left by ‘kind’ spammers, but occasionally I do a little digging to see what some of the particularly nasty spammers are at. More about spammers a little later – but first, let me tell you what I think of ‘Long Copy’. [...]

    Pingback by A Dose Full of Comment Spam, Long Copy Referrer Pages & SEO Tools - What Do YOU Think? | Search Engine Optimisation Ireland .:. Red Cardinal — February 26, 2007 @ 10:28 am

  23. Physical spam to your door is just as bad, and worse, some people still fall for it. I blogged about my investigation into the “Do Not Delay” crowd who seem to be targeting Ireland and the UK. Nasty bunch preying on people’s generosity towards cancer treatment. :(

    Comment by Donncha O Caoimh — February 26, 2007 @ 4:06 pm

  24. [...] topic. You can also subscribe by email for future updatesI’ve written a lot in the past about shady dealings and outright scams. I’ve also received legal threats on multiple occasions after writing [...]

    Pingback by Persimmon Publishing SEO Scam - Red Cardinal — July 28, 2009 @ 2:14 pm

Comments Feed TrackBack

Leave a comment