There has been a tremendous amount of spam from the turds in the last few weeks from “Capital movements , P.O box 340254, columbus,oh,43234”. A search through a favourite search engine reveals that many people are getting it, too.
They are pushing everything from Lasik Surgery, to MBA programs, to VoIP services and many others. Some people get 40 or more messages from these scum daily, day after day. They provide a link at the bottom of the email for the recipient to unsubscribe, but the domain that it points to keeps changing. The one we have been receiving points now to riverlogo.eu. Other domains used that may or may not be registered anymore include selectnation.com and magicultra.com. The email contains an ad advertising the payload, which links back to the riverlogo.eu domain. The image and link to the image are encoded, so that the mere fact of opening the email to read, if auto-download is enabled, sends a confirmation back to the scammers that they have sent an email to a valid recipient. Below is a sample image embedded in the email, followed by the source of the email. The link tracking codes has been changed slightly in the sample.
The best remedy is 1) resist ALL temptation to click on the unsubscribe link – it will only confirm yet again to them the validity of your email address to be used and re-sold numerous times, 2) turn off auto-display of linked email content – this will vary, depending of the email client and version that you use, 3) add @riverlogo.eu or whatever bogus domain you are receiving email from to your list of blocked addresses – this will only work temporarily until these criminals start using another bogus domain.
Return-Path: MBAOnlinePrograms@riverlogo.eu Received: from ipo9czjx7.riverlogo.eu (productball.com [22.214.171.124]) by mail.virtualsilo.com with ESMTP ; Sun, 20 Mar 2016 15:58:16 -0400 Received: from 013b0ae7.ipo9czjx7.riverlogo.eu (amavisd, port 10267) by ipo9czjx7.riverlogo.eu with ESMTP id 01QQCMWUBNC3B0AMWKDQTALEE7; for <email@example.com>; Sun, 20 Mar 2016 12:58:21 -0700 Date: Sun, 20 Mar 2016 12:58:21 -0700 Content-Type: text/html; charset="UTF-8" To: <firstname.lastname@example.org> From: "MBA Online Programs" <MBAOnlinePrograms@riverlogo.eu> Subject: Browse MBA Programs Available Online Today! Content-Language: en-us MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-ID: <email@example.com> X-hMailServer-Spam: YES X-hMailServer-Reason-1: Rejected by SURBL - (Score: 5) X-hMailServer-Reason-Score: 5 <html> <head> <title> Want to Further Your Business Degree? Explore MBA Programs Today! </title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> </head> <body bgcolor="#FFFFFF" leftmargin="0" topmargin="0" marginwidth="0" marginheight="0"> <table align="center" border="0" cellpadding="0" cellspacing="0" width="700"> <tr> <td align="center" style="font-family: Arial, Helvetica, Sans-serif;"> <a href="http://www.riverlogo.eu/l/lc1DF1267WH7XY/73DT118KA273O97UY20645364UL1760773252" style="font-size: 12pt; color: #629cce;">Want to Further Your Business Degree? Explore MBA Programs Today!</a><br> <a href="http://www.riverlogo.eu/l/lc2RW1267AP7XY/73DD118YP273B97JV20645364TD1760773252"><img src="http://www.riverlogo.eu/im/V1267F7XY/73B118N273JI97U20645364M1760773252/img07373315.jpg" alt="Search For Medical Billing Schools Near You!" width="432" height="440" border="0"></a> </td> </tr> </table> <br> <br> <br> <br> <br> <br> <br> <br> <br> <br> <br> <br> <br> <br> <br> <br> <br> <br> <br> <br> <center> This offer is brought to you by Capital Movements If you would no longer like to receive emails from riverlogo.eu To be removed from our list simply <a href="http://www.riverlogo.eu/unsEH1267M73XY/73OQ118PG273PP97XK20645364S1760773252">Unsubscribe.</a> or write to us at: Capital movements , P.O box 340254, columbus,oh,43234 </center> </body> </html>