Saturday, January 21, 2006

China, now the leading manufacturer of spam?

Nearly every product we buy, well let me rephrase that. Nearly every cheap product we buy nowadays is made in China. Nothing really wrong with that. Don't like it... don't buy it. Thats why we call it a free market.

But what happens when the Chinese pervasiveness crosses that boundary of freedom? Of late I have started tracking where my spam comes from. Tracking the source of spam is not always easy. Its easy to fudge email headers so amateurs like myself cannot determine who really sent the spam. But there is an easier way to track spam. Most spam email wants you to go to some web site to do some business. Who cares where the email came from. Clearly it was sent by those whose sites we are asked to visit.

So I started tracking these sites. Doing a whois seems to point me to random owners (apparently false information) in the United States. But strangely all the IP numbers for these web sites seem to come from China. They are all under APNIC and upong looking up the IP number at http://www.apnic.net/apnic-bin/whois.pl I get the following information:

inetnum: 221.11.128.0 - 221.11.223.255
netname: CNCGROUP-HI
descr: CNC Group Hainan province network
descr: China Network Communications Group Corporation
descr: No.156,Fu-Xing-Men-Nei Street,
descr: Beijing 100031
country: CN
admin-c: CH455-AP
tech-c: CH455-AP
remarks: service provider
mnt-by: APNIC-HM
mnt-lower: MAINT-CNCGROUP-HI
changed: hm-changed@apnic.net 20030122
status: ALLOCATED PORTABLE
source: APNIC
role: CNCGroup Hostmaster
e-mail: abuse@cnc-noc.net
address: No.156,Fu-Xing-Men-Nei Street,
address: Beijing,100031,P.R.China
nic-hdl: CH455-AP
phone: +86-10-82993155
fax-no: +86-10-82993102
country: CN
admin-c: CH444-AP
tech-c: CH444-AP
changed: abuse@cnc-noc.net 20041119
mnt-by: MAINT-CNCGROUP
source: APNIC


Almost 100% of all email I get send me to web sites that are have an IP number that is in the range 221.11.128.0 - 221.11.223.255. So I created a new gmail account and used it to send emails to abuse@cnc-noc.net to report this issue. I sent them all teh emails I was receiving and explaining that they need to do something to stop these sites.

Since I do not speak Mandarin or Cantonese or any other chineses language my emails were in English. So I was not necessarily surprised that I got no response.

What was also not much of surprise is that this brand new gmail address started receiving spam. And yes, all from these web sites that have their IP numbers coming from this network owned by China Network Communications Group Corporation.

So I wonder how is this possible. We are talking about a country where I thought people are tossed off into prison, tortured, and killed for little or no reason. So how could somone be so brave so as to be so corrupt? Or is it that the spam industry is now a favorite child of the Chinese government. I would like to investigate further, but then I do not wish to be arrested, tortured, and killed :-)

More on this later.....

1 Comments:

Blogger Gussa Waala said...

More on the Chinese spam connection. After much complaining I stopped getting spam from IP number at the network I mentioned in my post. Alas victory was not long lived. I started getting new spam and this time it was from a different network. A query on APNIC whois revealed the following:

inetnum: 222.83.128.0 - 222.84.255.255
netname: CHINANET-GX
descr: CHINANET Guangxi province network
descr: China Telecom
descr: No1,jin-rong Street
descr: Beijing 100032
country: CN
admin-c: CH93-AP
tech-c: CR766-AP
changed: hm-changed@apnic.net 20031030
mnt-by: APNIC-HM
mnt-lower: MAINT-CHINANET-GX
mnt-routes: MAINT-CHINANET-GX
remarks: This object can only modify by APNIC hostmaster
remarks: If you wish to modify this object details please
remarks: send email to hostmaster@apnic.net with your
remarks: organisation account name in the subject line.
status: ALLOCATED PORTABLE
source: APNIC

role: CHINANET GUANGXI
address: No.35,Minzhu Road,Nanning 530015
country: CN
phone: +86-771-2815987
fax-no: +86-771-2839278
e-mail: hostmaster@gx163.net
trouble: send spam reports to hostmaster@gx163.net
trouble: send abuse reports to hostmaster@gx163.net
trouble: times in GMT+8
admin-c: CR76-AP
tech-c: BD37-AP
nic-hdl: CR766-AP
remarks: http://www.gx.cninfo.net
notify: hostmaster@gx163.net
mnt-by: MAINT-CHINANET-GX
changed: hostmaster@gx163.net 20021024
source: APNIC

person: Chinanet Hostmaster
nic-hdl: CH93-AP
e-mail: anti-spam@ns.chinanet.cn.net
address: No.31 ,jingrong street,beijing
address: 100032
phone: +86-10-58501724
fax-no: +86-10-58501724
country: CN
changed: lqing@chinatelecom.com.cn 20051212
mnt-by: MAINT-CHINANET
source: APNIC

And when I sent an email to the spam reporting email box, it came back with a mailbox is full message.

Watch out people, unless you want to buy chinese viagra :-)

6:25 PM  

Post a Comment

<< Home

Free Website Counters
Free Website Counters