Possible (pending) usenet spam campaign (was: Hello world!) - abusereport

This message is being posted to:

microsoft.public.win98.gen_discussion
news.admin.net-abuse.usenet

as well as being copied to a handful of e-mail addresses. If you are
recieving this via e-mail, I will give you some background:

A usenet post was made recently to the newsgroup
microsoft.public.win98.gen_discussion, and the full header of that post
is as follows:

-----------------------
From: HelgTours
Subject: Hello world!
Date: Sat, 3 Oct 2009 02:25:33 +0100
Message-ID:
Organization: Win98banter.com
X-Originating-IP: 94.142.130.16
Newsgroups: microsoft.public.win98.gen_discussion
NNTP-Posting-Host: s15244360.onlinehome-server.info 87.106.71.77

Path:
(...)
bandi.nntp.kabelfoon.nl
xlned.com
feeder1.xlned.com
news.alt.net
msrtrans
TK2MSFTFEEDS02.phx.gbl
TK2MSFTNGP01.phx.gbl
TK2MSFTNGP02.phx.gbl
-------------------------

If you are recieving this message via e-mail, it is because you are
somehow connected to the usenet post in question, as explained below.
Please do not attempt to reply to me, as the address I use is spoofed.
I would hope that you would post any responses as replies to this post,
as it appears in microsoft.public.win98.gen_discussion or
news.admin.net-abuse.usenet.

My comments regarding that post are as follows:

Unless the path was pre-loaded with the phx.gbl entries, it appears that
it originated (or was injected into usenet) by the Microsoft group
servers.

I'm not that familliar with posts that originate from Microsoft's
servers, but I'm under the impression that any such posts will usually
have something like "K2MSFTNGP06.phx.gbl" in the message id. In this
case, we see win98banter.com in the MID.

The nntp-posting-host originates in Germany, and shares many other
domain identities as part of the "banter" domain family:

http://www.robtex.com/ip/87.106.71.77.html

I am therefore copying in this message, as that is
the contact handle for 87.106.71.77.

If we believe the actual source of the post (94.142.130.16) it would
appear to be in Latvia, hence I am also copying and
. The IP seems to be a known "comment spammer" so this
abuse report is appropriate:

http://www.robtex.com/ip/94.142.130.16.html#blacklists

Beyond the fact that we have a source of usenet pollution originating
from eastern europe (no surprise there), I think the larger story here
is why do posts that originate from the "banter" entity enter usenet via
the microsoft servers - without the typical MID construction indicative
of such a post?

Just what is the "banter" entity, and does it have a special
relationship with Microsoft?

The whois information for win98banter.com is as follows:

created: 22-Jul-2004
last-changed: 23-Jul-2009
registration-expiration: 22-Jul-2010

nserver: ns59.1and1.co.uk
nserver: ns60.1and1.co.uk

registrant-firstname: Kevin
registrant-lastname: Middleton
registrant-street1: 35 Grosvenor Avenue
registrant-pcode: HA2 7AS
registrant-city: Harrow
registrant-ccode: GB
registrant-phone: +44.2084270972
registrant-email:

tech-c-organization: 1&1 Internet Ltd.
tech-c-street1: Herschel Street
tech-c-street2: The Nova Building
tech-c-pcode: SL1 1XS
tech-c-city: Slough
tech-c-ccode: GB
tech-c-phone: +44.8708503305
tech-c-fax: +44.1753490444
tech-c-email:

I am therefore copying and
in this message.

The website http://kevinmiddleton.co.uk currently returns a blank page,
but the internet archive shows it once had some real content:

http://web.archive.org/web/200406051...ddleton.co.uk/

Kevin, I've performed some google searches on you and your set of
"banter" domains, cut can't find much in the way of organizational or
functional details of you or your operation.

I'm particularly interested in how (or why) you seem to be allowed to
operate as a gateway directly into the Microsoft servers for the purpose
of posting messages to the microsoft.public.* set of usenet groups.
Does Microsoft allow you to do this? Do they know you do this?

98 Guy wrote:
This message is being posted to:

microsoft.public.win98.gen_discussion
news.admin.net-abuse.usenet

as well as being copied to a handful of e-mail addresses. If you are
recieving this via e-mail, I will give you some background:

A usenet post was made recently to the newsgroup
microsoft.public.win98.gen_discussion, and the full header of that post
is as follows:

Potential spammer and abuser:

98 Guy
Organization: Aioe.org NNTP Server
Lines: 120
Message-ID:
References:
NNTP-Posting-Host: LanlDVNifBcF0g4mo97azA.user.aioe.org
X-Complaints-To:

Please read the recent entries in the win98.gen_discussion group
regarding Usenet; and the warnings to *NOT*: answer; or, post materials;
or, otherwise responding; *TO VERIFY* these types of activities.

98 Guy apparently wants to ensure this party or parties posting method
is confirmed as a viable method [see the php Hello world within the
original], making this party apparently in league with this activity.

win98banter.com last whois update:

Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.

Domain Name: WIN98BANTER.COM
Registrar: 1 & 1 INTERNET AG
Whois Server: whois.schlund.info
Referral URL: http://REGISTRAR.SCHLUND.INFO
Name Server: NS59.1AND1.CO.UK
Name Server: NS60.1AND1.CO.UK
Status: ok
Updated Date: 23-jul-2009
Creation Date: 22-jul-2004
Expiration Date: 22-jul-2010

Last update of whois database: Sat, 03 Oct 2009 19:11:34 UTC

% The data in the WHOIS database of 1&1 Internet AG is provided by
% 1&1 for information purposes, and to assist persons in obtaining
% information about or related to a domain name registration record.
% 1&1 does not guarantee its accuracy. By submitting a WHOIS query,
% you agree that you will use this data only for lawful purposes and that,
% under no circumstances, you will use this data to
% (1) allow, enable, or otherwise support the transmission by e-mail,
% telephone, or facsimile of mass, unsolicited, commercial
advertising or
% solicitations to entities other than the data recipient's own
existing
% customers; or

Were this a legitimate attempt to deter these activities, the abuse
contacts would have been handled *directly* [as in to the administrators
and/or moderators at win98banter.com] and WITHOUT* verifying the
purported suspect message and method *IN* this group
[microsoft.public.win98.gen_discussion].

http://www.win98banter.com/
http://www.win98banter.com/faq.php?
specifically:
How do I report an inappropriate post?
http://www.win98banter.com/faq.php?f...aq_newsgroups4

NOTE: heligtours has apparently been banned from win98banter.com
postings, see:
http://www.win98banter.com/member.php?u=6767
NOTE ALSO: the entity *98 Guy* has a long history of abuse within the
microsoft.public.win98.gen_discussion group and elsewhere.

Recommendation:

Disregard a 98 Guy request unless other verification is received and
carefully cross-checked [and properly handled]. Make sure to review the
purported history that may be or should be taken under consideration
regarding any purported complaint this entity may file.

Our apologies are extended to win98banter.com, and a "good work" is
extended on the quick response.

--
MEB
http://peoplescounsel.org/ref/windows-main.htm
Windows Info, Diagnostics, Security, Networking
http://peoplescounsel.org
The "real world" of Law, Justice, and Government
___---

MEB spewed:

Potential spammer and abuser:

Yes, you are.

But what's more interesting: I wouldn't have thought that your reply
would appear in news.admin.net-abuse.usenet, but I see that it has.

Strange - I would have thought that the microsoft servers would have
stripped away any non-microsoft newsgroup before propagating your reply
to other peers.

What this means is that spammers can use microsoft's nntp servers to
inject spam into non-microsoft newsgroups. What do you have to say
about that MEB? Would you criticize microsoft for that oversight? Or
do you even understand what I'm talking about?

win98banter.com last whois update:

And you re-posted a whois report for win98banter because ... ?

% The data in the WHOIS database of 1&1 Internet AG is provided

And include the fine print because ... ?

NOTE: heligtours has apparently been banned from win98banter.com

I guess that explains why they were able to post the item in question -
doesn't it?

Recommendation:

Note that MEB doesn't actually try to explain how the post in question
was injected into usenet from win98banter via microsoft's own servers.

Our apologies are extended to win98banter.com,

Our apologies? That win98banter has acted as a source of spam into this
newsgroup, and you want to apologize to them because I pointed that
out? Just how irrational can you get?

and a "good work" is extended on the quick response.

You're a fruitloop.

On 10/04/2009 06:55 PM, 98 Guy wrote:
MEB spewed:

Potential spammer and abuser:

Yes, you are.

But what's more interesting: I wouldn't have thought that your reply
would appear in news.admin.net-abuse.usenet, but I see that it has.

Strange - I would have thought that the microsoft servers would have
stripped away any non-microsoft newsgroup before propagating your reply
to other peers.

What this means is that spammers can use microsoft's nntp servers to
inject spam into non-microsoft newsgroups. What do you have to say
about that MEB? Would you criticize microsoft for that oversight? Or
do you even understand what I'm talking about?

win98banter.com last whois update:

And you re-posted a whois report for win98banter because ... ?

% The data in the WHOIS database of 1&1 Internet AG is provided

And include the fine print because ... ?

NOTE: heligtours has apparently been banned from win98banter.com

I guess that explains why they were able to post the item in question -
doesn't it?

Recommendation:

Note that MEB doesn't actually try to explain how the post in question
was injected into usenet from win98banter via microsoft's own servers.

Our apologies are extended to win98banter.com,

Our apologies? That win98banter has acted as a source of spam into this
newsgroup, and you want to apologize to them because I pointed that
out? Just how irrational can you get?

and a "good work" is extended on the quick response.

You're a fruitloop.

As you can see, since this IS being sent to
news.admin.net-abuse.usenet, this party does constantly attempt to cause
issues wherever possible.

You should also note that the reason this entity 98 Guy MAY have
instituted the complaint may be due to possible being banned or
otherwise repremanded on win98banter.com either under this misnomer or
one of the others used.
This entity recently posted in this group, that this had apparently
occurred elsewhere. SEE:
http://groups.google.com/group/micro...d2cf1?lnk=raot

Again, doing research upon this entity and the party in question will
reveal numerous other issues involved.

There was an attempt by this troll and abuser to direct this reply to:
[message header]
From: 98 Guy
Newsgroups:
microsoft.public.win98.gen_discussion,news.admin.n et-abuse.usenet
Subject: Possible (pending) usenet spam campaign
Followup-To: alt.bull****
Date: Sun, 04 Oct 2009 18:55:43 -0400
Organization: Aioe.org NNTP Server
Lines: 45
Message-ID:
References:

NNTP-Posting-Host: LanlDVNifBcF0g4mo97azA.user.aioe.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Complaints-To:
X-Mailer: Mozilla 4.79 [en] (Win98; U)

I would suggest you take whatever measures necessary to ensure this
party is properly dealt with. Moreover, you should supply this and
whatever other information you might have obtained to win98banter.com so
they may take the matter under consideration for potential legal action
or other as they wish to apply.

--
MEB
http://peoplescounsel.org/ref/windows-main.htm
Windows Info, Diagnostics, Security, Networking
http://peoplescounsel.org
The "real world" of Law, Justice, and Government
___---

"MEB" wrote in message
...
snip
I would suggest you take whatever measures necessary to ensure this
party is properly dealt with. Moreover, you should supply this and
whatever other information you might have obtained to win98banter.com so
they may take the matter under consideration for potential legal action
or other as they wish to apply.

You're joking right?

On 10/04/2009 11:02 PM, Sunny wrote:
"MEB" wrote in message
...
snip
I would suggest you take whatever measures necessary to ensure this
party is properly dealt with. Moreover, you should supply this and
whatever other information you might have obtained to win98banter.com so
they may take the matter under consideration for potential legal action
or other as they wish to apply.

You're joking right?



Must be, as this is being submitted to a non-moderated, junk, troll,
and spam filled sub-group in supposed news.admin.net-abuse.

But otherwise, no.

--
MEB
http://peoplescounsel.org/ref/windows-main.htm
Windows Info, Diagnostics, Security, Networking
http://peoplescounsel.org
The "real world" of Law, Justice, and Government
___---

"MEB" wrote in message
...
On 10/04/2009 11:02 PM, Sunny wrote:
"MEB" wrote in message
...
snip
I would suggest you take whatever measures necessary to ensure this
party is properly dealt with. Moreover, you should supply this and
whatever other information you might have obtained to win98banter.com
so
they may take the matter under consideration for potential legal
action
or other as they wish to apply.

You're joking right?



Must be, as this is being submitted to a non-moderated, junk, troll,
and spam filled sub-group in supposed news.admin.net-abuse.

But otherwise, no.

Then you are dreaming, news.admin.net-abuse, is not a Usenet law
enforcement agency, it's just another Usenet news group. win98banter.com
is a web based "forum" that just happens to "slurp" Usenet postings (like
Google)

Is your plea for others to take legal action part of your crusade for
being a "Peoples Counsel" ?

Full-Quoter MEB spewed:

As you can see, since this IS being sent to
news.admin.net-abuse.usenet

My first post in this thread touched on the spammy or abusive nature of
the original post. Therefore, cross-posting to
news.admin.net-abuse.usenet was not out-of-line.

Your comment above is incomplete. You state that I cross-posted to
news.admin.net-abuse.usenet without saying why the cross-post was in and
of itself notable.

And this aspect is particularly interesting: You are critical of me
including news.admin.net-abuse.usenet in the distribution of these
posts, yet you do not remove it for your replies. Why do you not
remove news.admin.net-abuse.usenet when you formulate and post your
replies?

this party does constantly attempt to cause issues wherever
possible.

It was you who chose to escalate this and turn it into an "issue".

You should also note that the reason this entity 98 Guy MAY
have instituted the complaint may be due to possible being
banned or otherwise repremanded on win98banter.com

(laughing out loud)

Only lame people engage in usenet reading/writing via http interface.
The deeper aspects of this issue that relate to the "banter" entity and
it's relationship with the microsoft server are obviously over your
head, which leaves you grasping at straws as to why I've pointed a
finger at the banter operator.

Again, doing research upon this entity and the party in
question will reveal numerous other issues involved.

Note how MEB employs cloudy and muddled syntax in an attempt to evade
legal consequences along the lines of slander and defamation. By doing
so, his comments and statements are reduced to vacuuous nonsense.

This is known as MEB-speak, which is a form of legalese, which MEB
learned the hard way as he acted as his own lawyer in family court
during various proceedings he was involved in, in which he obviously
(but probably deservingly) got the short end of the stick.

There was an attempt by this troll and abuser to direct this
reply to:

(...)

Wouldn't it have been more readable (and have more impact) to have
simply said "alt.bull****" instead of fully-posting the message header?

You don't even explicitly mention alt.bull**** - you leave it up to the
reader to figure that out, for no obvious or rational reason I can think
of.

This is why most of your arguments fail.

Instead of directly answering questions or make unambiguous statements
that contain actual information, you use evasion as if every statement
you make could be used against you in a court of law - something that
obviously terrifies you.

You are a sad case. The court system has dammaged you psychologically,
mentally. It has rendered you fearful of anything you say in public.

Why do you not use an anonymous identity when you post public messages
like these?

We see the liabilities that you struggle with by posting with your real
name - so what benefit do you gain by doing so?

On 10/05/2009 01:20 AM, Sunny wrote:
"MEB" wrote in message
...
On 10/04/2009 11:02 PM, Sunny wrote:
"MEB" wrote in message
...
snip
I would suggest you take whatever measures necessary to ensure this
party is properly dealt with. Moreover, you should supply this and
whatever other information you might have obtained to win98banter.com
so
they may take the matter under consideration for potential legal
action
or other as they wish to apply.
You're joking right?


Must be, as this is being submitted to a non-moderated, junk, troll,
and spam filled sub-group in supposed news.admin.net-abuse.

But otherwise, no.

Then you are dreaming, news.admin.net-abuse, is not a Usenet law
enforcement agency, it's just another Usenet news group. win98banter.com
is a web based "forum" that just happens to "slurp" Usenet postings (like
Google)

Is your plea for others to take legal action part of your crusade for
being a "Peoples Counsel" ?



So you and 98 Guy intend your normal junk, so be it.


Just a little reminder for those perhaps unfamiliar with the Usenet
culture. There is a common suggestion: DO NOT FEED THE TROLLS.
*Expect though*, that there will be those who MUST *tromp on the
trolls* so the world knows what and who they are and/or to dispell
whatever myth or falsehood may be involved. You can generally recognize
a REAL troll or these other parties rather easily by what they
consistently use [attacks against parties and their viable materials]
and their type of posting style.
These low-life Usenetters [note1], generally without anything of value
to post and lacking the intelligence necessary to do so; they *WILL*
attack [often several trolls and sockpuppets at a time] those posting
viable materials attempting to take over the various groups for their
own usage or to kill the respective group [a personal satisfaction to
these types]; and to discredit viable parties and postings to whatever
extent possible.
There are also those who deliberately post false information with
seemingly legitimate links or arguments, or who actually believe the
"urban myths" regardless of ALL of the materials and arguments
otherwise; it does not, however, change what these people are, the scum
of Usenet and what will bring its ultimate demise.

Please read the below so you might have a better understanding of the
various types of parties [there are other classifications], and what to
expect within Usenet. Here's a hint, if the party posting is using their
REAL name, you can likely, a least, consider their post *might* be of
value, since what they post follows them to their REAL life. Note
though: Usenet is also filled with Identity theft, so look for those
parties including some method of verification of who they are.

Here's a well put idea taken from jonz, a dejanews user/troll's sig
[per a discussion with this entity], who must have forgotten this *was*
the sig being used, unless it was a sub-concious admission and warning
of what this party is/was:

""Usenet is like a herd of performing elephants with diarrhea - massive,
difficult to redirect, awe-inspiring, entertaining, and a source of
mind-boggling amounts of excrement when you least expect it."
- Gene Spafford,1992"

So here's "the rest of the story" {Paul Harvey's well known keymark
statement}:
http://www.angelfire.com/space/usenet/
http://en.wikipedia.org/wiki/Troll_%28Internet%29
http://en.wikipedia.org/wiki/Sockpuppet_%28Internet%29
http://en.wikipedia.org/wiki/On_the_...you%27re_a_dog
http://en.wikipedia.org/wiki/Shill
http://en.wikipedia.org/wiki/Astroturfing
http://en.wikipedia.org/wiki/Hit-and-run_posting
http://en.wikipedia.org/wiki/Lurker
http://en.wikipedia.org/wiki/1%25_ru...net_culture%29

note1 - Not all Usenetters are trolls or such, but there ARE vast
numbers of them throughout Usenet with apparently nothing better to do
in their miserable and pathetic lives but to use the groups for their
own inexorable and infantile amusement.

--
MEB
http://peoplescounsel.org/ref/windows-main.htm
Windows Info, Diagnostics, Security, Networking
http://peoplescounsel.org
The "real world" of Law, Justice, and Government
___---

On 10/05/2009 09:45 AM, 98 Guy wrote:
Full-Quoter MEB spewed:

As you can see, since this IS being sent to
news.admin.net-abuse.usenet

My first post in this thread touched on the spammy or abusive nature of
the original post. Therefore, cross-posting to
news.admin.net-abuse.usenet was not out-of-line.

Your comment above is incomplete. You state that I cross-posted to
news.admin.net-abuse.usenet without saying why the cross-post was in and
of itself notable.

And this aspect is particularly interesting: You are critical of me
including news.admin.net-abuse.usenet in the distribution of these
posts, yet you do not remove it for your replies. Why do you not
remove news.admin.net-abuse.usenet when you formulate and post your
replies?

this party does constantly attempt to cause issues wherever
possible.

It was you who chose to escalate this and turn it into an "issue".

You should also note that the reason this entity 98 Guy MAY
have instituted the complaint may be due to possible being
banned or otherwise repremanded on win98banter.com

(laughing out loud)

Only lame people engage in usenet reading/writing via http interface.
The deeper aspects of this issue that relate to the "banter" entity and
it's relationship with the microsoft server are obviously over your
head, which leaves you grasping at straws as to why I've pointed a
finger at the banter operator.

Again, doing research upon this entity and the party in
question will reveal numerous other issues involved.

Note how MEB employs cloudy and muddled syntax in an attempt to evade
legal consequences along the lines of slander and defamation. By doing
so, his comments and statements are reduced to vacuuous nonsense.

This is known as MEB-speak, which is a form of legalese, which MEB
learned the hard way as he acted as his own lawyer in family court
during various proceedings he was involved in, in which he obviously
(but probably deservingly) got the short end of the stick.

There was an attempt by this troll and abuser to direct this
reply to:

(...)

Wouldn't it have been more readable (and have more impact) to have
simply said "alt.bull****" instead of fully-posting the message header?

You don't even explicitly mention alt.bull**** - you leave it up to the
reader to figure that out, for no obvious or rational reason I can think
of.

This is why most of your arguments fail.

Instead of directly answering questions or make unambiguous statements
that contain actual information, you use evasion as if every statement
you make could be used against you in a court of law - something that
obviously terrifies you.

You are a sad case. The court system has dammaged you psychologically,
mentally. It has rendered you fearful of anything you say in public.

Why do you not use an anonymous identity when you post public messages
like these?

We see the liabilities that you struggle with by posting with your real
name - so what benefit do you gain by doing so?

More troll and sockpuppet materials from 98 Guy and Sunny.


Just a little reminder for those perhaps unfamiliar with the Usenet
culture. There is a common suggestion: DO NOT FEED THE TROLLS.
*Expect though*, that there will be those who MUST *tromp on the
trolls* so the world knows what and who they are and/or to dispell
whatever myth or falsehood may be involved. You can generally recognize
a REAL troll or these other parties rather easily by what they
consistently use [attacks against parties and their viable materials]
and their type of posting style.
These low-life Usenetters [note1], generally without anything of value
to post and lacking the intelligence necessary to do so; they *WILL*
attack [often several trolls and sockpuppets at a time] those posting
viable materials attempting to take over the various groups for their
own usage or to kill the respective group [a personal satisfaction to
these types]; and to discredit viable parties and postings to whatever
extent possible.
There are also those who deliberately post false information with
seemingly legitimate links or arguments, or who actually believe the
"urban myths" regardless of ALL of the materials and arguments
otherwise; it does not, however, change what these people are, the scum
of Usenet and what will bring its ultimate demise.

Please read the below so you might have a better understanding of the
various types of parties [there are other classifications], and what to
expect within Usenet. Here's a hint, if the party posting is using their
REAL name, you can likely, a least, consider their post *might* be of
value, since what they post follows them to their REAL life. Note
though: Usenet is also filled with Identity theft, so look for those
parties including some method of verification of who they are.

Here's a well put idea taken from jonz, a dejanews user/troll's sig
[per a discussion with this entity], who must have forgotten this *was*
the sig being used, unless it was a sub-concious admission and warning
of what this party is/was:

""Usenet is like a herd of performing elephants with diarrhea - massive,
difficult to redirect, awe-inspiring, entertaining, and a source of
mind-boggling amounts of excrement when you least expect it."
- Gene Spafford,1992"

So here's "the rest of the story" {Paul Harvey's well known keymark
statement}:
http://www.angelfire.com/space/usenet/
http://en.wikipedia.org/wiki/Troll_%28Internet%29
http://en.wikipedia.org/wiki/Sockpuppet_%28Internet%29
http://en.wikipedia.org/wiki/On_the_...you%27re_a_dog
http://en.wikipedia.org/wiki/Shill
http://en.wikipedia.org/wiki/Astroturfing
http://en.wikipedia.org/wiki/Hit-and-run_posting
http://en.wikipedia.org/wiki/Lurker
http://en.wikipedia.org/wiki/1%25_ru...net_culture%29

note1 - Not all Usenetters are trolls or such, but there ARE vast
numbers of them throughout Usenet with apparently nothing better to do
in their miserable and pathetic lives but to use the groups for their
own inexorable and infantile amusement.

--
MEB
http://peoplescounsel.org/ref/windows-main.htm
Windows Info, Diagnostics, Security, Networking
http://peoplescounsel.org
The "real world" of Law, Justice, and Government
___---