stalker spammer implied death threat to me

Discussion in 'other security issues & news' started by trs393, Nov 5, 2006.

Thread Status:
Not open for further replies.
  1. trs393

    trs393 Registered Member

    Nov 5, 2006
    Hi everyone,

    Since several years ago, I have owned TDS-3, Wormguard, and Port Explorer, and although I never felt truly proficient in any of them, I always respected them as first-rate programs.

    My problem. For several months now, I've been receiving wierd stalker or spammer emails that evidently contain falsified header information, and the body of the message is always made up of garbled, broken sentances, with implied offensive content.

    Here is an example, and I'll mention I replaced my actual email address prefix with [DELETED];

    MailWasher full mssg header & text #1:

    Return-path: <>
    Received: from ([])
    by atmail with smtp (Exim 4.60)
    (envelope-from <>)
    id 1GfZ4S-0007tV-G1
    for; Thu, 02 Nov 2006 03:41:12 -0600
    X-Spam-Score: 2.4
    X-Spam-Flag: NO
    X-Spam-Level: **
    X-Spam-Status: No, hits=2.4 required=4.0
    X-Spam-Report: 2.4 points, 4.0 required
    * 2.4 DATE_IN_FUTURE_96_XX Date: is 96 hours or more after Received: date
    * 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60%
    * [score: 0.4555]
    Received: from (HELO Krissz) (
    by with SMTP; 2 Nov 2006 09:41:11 -0000
    Received-SPF: none ( domain at does not designate permitted sender hosts)
    Received: from (HELO
    by with esmtp (S113MYCUH3A BIN2O)
    id 9NBUHG-216973-B2
    for; Thu, 2 Dec 2006 09:41:12 -0060
    Date: Thu, 2 Dec 2006 09:41:12 -0060
    From: "Rachel Newell" <>
    X-Mailer: The Bat! (v2.00.9) Educational
    X-Priority: 3 (Normal)
    Message-ID: <>
    Subject: nose-leafed mosaic binding
    MIME-Version: 1.0
    Content-Type: text/plain;
    Content-Transfer-Encoding: quoted-printable
    X-Spam: Not detected

    elizabeth almost stared at her. "can this be mr. darcy?" thought=20=
    she."that is to say, you had given your permission. i guessed as much."=20=
    and though he exclaimed at

    [End of message.]

    Then just the other day, I received another one. I've put [DELETED] in my actual home email line, and I will mention that the sender has -for the first time- indicated that he actually knows I subscribe to musician literature, that I am older, and that I am retired, and has added a thinly veiled death threat with the words 'you, an aging amateur musician drawn from retirement to risk his life' (meaning me).

    Notice also his wierd, offensive use of a misspelled 'viagra' reference, possibly not spelled right to get past spam filters.

    Full email header and spam/stalker mssg follows:

    Re: tip 328
    "Jaswinder Pettiford" <>
    Date: Sat, 4 Nov 2006 03:04:46 -0800
    Return-path: <>
    Received: from ([]) by atmail with smtp (Exim 4.60) (envelope-from <>) id 1GgJKy-0007UA-Nw for; Sat, 04 Nov 2006 05:05:20 -0600
    No, hits=3.9 required=4.0
    3.9 points, 4.0 required * 1.6 URIBL_SBL Contains an URL listed in the SBL blocklist * [URIs:] * 2.2 DCC_CHECK Listed in DCC ( * 0.1 FORGED_RCVD_HELO Received: contains a forged HELO * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60% * [score: 0.4880] * 0.0 HTML_70_80 BODY: Message is 70% to 80% HTML
    from (HELO ( by with SMTP; 4 Nov 2006 11:05:19 -0000
    none ( domain at does not designate permitted sender hosts)
    "Jaswinder Pettiford" <>
    Microsoft Outlook Express 6.00.2800.1106
    Produced By Microsoft MimeOLE V6.00.2800.1106
    avast! (VPS 0645-4, 03/11/2006), Outbound message
    AVG for E-mail 7.1.409 [268.13.27/517]
    multipart/mixed; boundary="=======AVGMAIL-454CB0F66FA0======="

    VljlAGRA $ 3, 35 Link removed - Ron

    you, an aging amateur musician drawn from retirement to risk his life

    No virus found in this incoming message.
    Checked by AVG Free Edition.
    Version: 7.1.409 / Virus Database: 268.13.27/517 - Release Date: 11/3/2006

    [End of message.]

    I have been forwarding each of these messages as they come in, to my ISP tech dept, for blocking. They assure me they are doing so. However, the messages continue to come through, possibly with new falsified header info to get past the old blocks.

    It finally occurred to me to give Wilders Security Forums a try, and see if anyone can help me do anything with this?

    Thanks and have a great day.

    Last edited by a moderator: Nov 5, 2006
  2. Devinco

    Devinco Registered Member

    Jul 2, 2004

    Welcome to Wilders.
    Don't give it another thought, it is common spam.
    They create garbage emails that contain random word combinations to bypass your bayesian spam filters.
    They call it Spamglish.
    The random database just happened to put in something you may be interested in.
    It is not a stalker. It is not a death threat.

    Those moron spammers must be real idiots if they think anyone with even half a brain would click on a link in such an email.
  3. trs393

    trs393 Registered Member

    Nov 5, 2006
    Please bear with me in saying what I have to say next. I live in Hill City, Kansas. Unless you can afford $50+ a month for satellite connections, the only available phone service is RuralTel, and the only ISP available is a subsidiary or affiliate, Nex-Tech. For several years now, I have had a serious problem that every forum I join, using an anonymous user name, and telling no one, my user name becomes mysteriously known to everyone here in town within one or two days. It's a typical small town where 'everyone knows everyone else's business'. But someone who has Administrative access to my web browsing information (or a trojan on my pc, which seem improbable), looks up my info, reads off the new user name, and tells key people, who branch the info out so that the whole town knows. No, I don't have ironclad, documented proof. But it is so obvious that this is going on, from the timing of the wierd looks I get after making posts at forums. I've pretty much had to give up joining forums, because of this.

    By the same token, the wierd 'spam-glish' emails I've been getting, contain key information about me which a complete outsider, spamming blindly at random, could not possibly know. This is leading me towards a conclusion that whoever has been blowing my anonymous user names, is now spamming me. That is to say, someone with Administrative access to the weblogs of Nex-Tech.

    I also know for a fact that Nex-Tech saves the full text of every email. I once had an urgent problem with an on-line order, and called their tech phone support line, and told a tech, who happily looked up my email records, and recited off the desired information from one of my earlier emails. They had full text of every email.

    Whoever is spamming me, does not like me. In fact, hates me. Mature readers will know you don't have to be doing anything wrong, to have someone take it upon themselves to hate you, and try to make life miserable for you. Someone is evidently taking that modus operandi into a new playing field, in stalking my forum user names and targeting me with privileged info about myself with spam emails, one of which contained a thinly-veiled death threat.

    So you can call it spam-glish, and say it's not personal, just blind aiming at me in the dark, but I'm calling this as I see it; someone at my ISP is evidently doing this.
  4. beetlejuice69

    beetlejuice69 Registered Member

    Mar 16, 2005
    I get the same type email in MailWasher. I don`t think you and I are related so I wouldn`t worry about it. Just delete it, blacklist it, and sleep easy. :)
  5. SSK

    SSK Registered Member

    Nov 28, 2004
    I'm not sure if you have a real problem, or just some strange things coming together. But, if it helps you:

    - Start documenting your evidence.
    - Use encrypted connections to surf the web:

    If you have enough evidence, file a complaint by normal (paper) mail to local law enforcement / complaint department of your ISP.

    Good luck.
    Last edited: Nov 12, 2006
  6. Meltdown

    Meltdown Registered Member

    Sep 17, 2004
    That's an easy one - Jane Austen, Pride and Prejudice

    I don't know where that comes from, but you're not the only one getting spam with that message: to risk his life"&btnG=Google Search

    I wouldn't give it a second thought.
  7. herbalist

    herbalist Guest

    Some of what turns up in my Yahoo account sounds like that.
    There were more but I deleted them a while ago. Others have what look like pieces of stories or plots to take down Yahoo or Google??
    It is entirely possible that what you describe locally could be happening completely separate from the spam. I'd start with going thru your system and make sure you aren't trojaned or rootkitted. Use more than just an anti-spyware scanner. After that, I'd install a good firewall that controls traffic in both directions. Rule out your own system being compromised first.
    I'm not sure how many ISPs keep copies of e-mail. I'd consider making more use of webmail in that instance.
  8. trs393

    trs393 Registered Member

    Nov 5, 2006
    I see what you mean about those wierd phrases being common on the internet. Tnx.

    I am not sure how to conclusively eliminate the possibility of a trojan or rootkit. I used to use TDS-3, but they stopped giving updates, and I've since switched from Win98 to XP, so I haven't reinstalled it yet. I run GhostSurf Platinum, which scans regularly, but it can be confusing what to permit and what to quarantine.

    I never felt truly proficient with TDS-3, but do miss having it in action. Since it no longer updates, I did not see what good it would do to reinstall it.

    GhostSurf Platinum's anonymous web browser used to work okay, until I switched to WinXP. Now, it no longer loads pages completely, so I've had to quit Ghost as a web anonymizer and I only use it's SpyCatcher function for trojan scans. I switched to JAP for anonymizing, which mostly works okay, except a lot of sites want java turned on to work right, and java gives them your ID.

    I just downloaded TOR and installed the Firefox plugin, but when enabled, I can't bring up any websites with it at all.

    Thanks everyone.
  9. trs393

    trs393 Registered Member

    Nov 5, 2006
    I reset my firewall to enable TOR to pass. I also discovered that TOR reset my Firefox Connection Settings to Manual Proxy, Port 8118, with Socks at 9050. Pretty sharp program. It said it had enough info to make a connection, but connection still failed. Not sure what to think.
  10. trs393

    trs393 Registered Member

    Nov 5, 2006
    Success. Looks like initial browser start-up involves going to Start>All Programs>TOR>Tor, with Tor being a DOSS window that searches for and sets up the 'info' required to build a connection. This takes a few seconds, after which it gives confirmation. It does not matter if Firefox is already running. One can then activate TOR, and web surf. Seems kind of slow, but hey, it works, and I got through to a few web sites that are normally blocked by my local ISP and accessible only through various proxies. I might mention, Ghost Surf has a feature that searches for the fastest connections and routes the info through several at once, making it very fast. Fast like a race car on concrete blocks with the wheels off; Ghost won't load pages properly.

    If anyone has an idea how to clue me in on searching for really elusive trojans or root kits, please let me know. I'm a little out of touch with the latest methods and not exactly a genius. Tnx.
  11. Texcritter

    Texcritter Registered Member

    May 6, 2005
    Teesside, North East England
    I've searched this saying and it is quoted on various sites
    associated with Viagra etc.

    It comes from "The Popular English Literature"
    "Why?" "Why is a good question. The answer is that although I stand before you, an aging amateur musician drawn from retirement to risk his life for the public good,

    Approx 89th line
  12. trs393

    trs393 Registered Member

    Nov 5, 2006
    Tnx for the word on the quote. It does seem random. That really had me going for a minute.
    I wonder can someone please suggest a good web mail server? I can't afford a paid one. Preferably something my local ISP can't track.
  13. herbalist

    herbalist Guest

    Unless you use TOR to access it, your ISP would be able to know about it, should they want to, but they won't be able to access the e-mail in it. There's a lot of free webmail sites. One I've used for a long time is Planet-save. It's a 25mb box. Compared to Yahoo and others, it's quite clean. Far fewer ads to put up with. They've been quite reliable for me. The one disadvantage is that their free account doesn't work with mail software like Thunderbird or OE.
  14. lodore

    lodore Registered Member

    Jun 22, 2006
    what about gmail thats encrypted?
    unless they are gonna spy on you as well
Thread Status:
Not open for further replies.