Psycheclone

Psycheclone is a web bot used for harvesting e-mail addresses. It started to appear on web logs around June 2006. On one occasion, it accessed a blog 800 times, trying to look for additional links for e-mail harvesting.

In September/October 2006 many spam mails originating from this harvesting are being seen. Harvesters hit some spamtraps which encode ip and time in the email address like: 270706.073424.208.66.195.4 @ domain where the first part is the date and time in European format and the second one is the ip-address the http-request came from, thus proving the email harvesting activities.
These spam mails are sent from large bot net, of probably infected/trojanized end user computers. They do not originate from the original ip addresses used for harvesting.

The content of those spam mails consists of a useless text part and a gif image of so called 'Stock Trade Spam' advertising a company named TransAKT Ltd.

According to McColo the contract with Digital Infinity corp (operating 208.66.195.0/27) has been terminated somewhen lately and they don't show up anymore in the ARIN registry.

The bot seems to come from several IP addresses:

208.66.195.2

208.66.195.8

208.66.195.7

208.66.195.5

208.66.195.3

208.66.195.9

208.66.195.10

208.66.195.11

208.66.195.4

208.66.194.179


Based on records from ARIN reveals that this web bot is owned by a company called Digital Infinity Ltd located in Moscow, Russia.The name of the owner of Digital Infinity Ltd is "Elena Balkina".

Elena Balkina has been connected to spam before with linalinks.com. Please note the current owner of linalinks.com is no longer this person or her company. Elena's company has been used to send spam for online pharmacies.
 
< Prev   Next >