Scam Alert: OEM Software.
Results 1 to 10 of 10

Thread: Scam Alert: OEM Software.

  1. #1
    Banned
    Join Date
    Aug 2001
    Location
    Yes
    Posts
    4,429

    Scam Alert: OEM Software.

    I have an email address that I give out to everyone and everywhere (I call it my email-honeypot), and recently I noticed a LOT of "cheap software" offers.

    What's the offer in the email?

    The offers are (amongst others):


    - Microsoft Windows XP Professional 2002
    Retail price: $270.99 Our low Price: $50.00 You Save: $220.00
    - Adobe Photoshop 7.0
    Retail price: $609.99 Our low Price: $60.00 You Save: $550.00
    - Microsoft Office XP Professional 2002
    Retail price: $579.99 Our low Price: $60.00 You Save: $510.00
    - Adobe Illustrator 10
    Retail price: $270.99 Our low Price: $60.00 You Save: $210.00
    - Corel Draw Graphics Suite 11
    Retail price: $270.99 Our low Price: $60.00 You Save: $210.00
    - Delphi 7
    Retail price: $404.99 Our low Price: $60.00 You Save: $335.00
    Amazing, especially since those Retail prices are real retail prices (although leaning towards the more expensive end of the spectrum), and thus the savings are real, too.
    Office 2002 for $60.00 IS a nice deal.
    With an Academic License, MS Office 2003 Pro (granted, it's 2002 Vs. 2003, but still) is $189.98. Full retail price at CircuitCity? $499.99. Deal! Or not?

    Why is it so cheap - the scammers' explanation

    http://yqaofwr.edjihjem.info/?ClEH8n69LaJ_UC6LNNFjDM

    - How can you sell this software so cheap? It seems to good to be true -is there a catch?

    There is no catch - the software versions that we sell are OEM (Original Equipment Manufacturer) which means you will receive the installation CDs only (they do not come in their original retail packing and do not include the manual). We do guarantee that all programs are the 100% full working retail versions - no demos or academic versions. When you order, you will receive all materials required for a complete installation - or your money back. Why pay hundreds of dollars more when you can get exactly the same product but much cheaper? You don't have to pay that much for the fancy box and manuals.

    This software is recognized as a backup software.

    ...

    - What does OEM stand for? What is the difference between OEM and full retail packaging ?

    Customers who purchase the retail version are eligible for tech support and different rebates. With our offer this is not possible - hence cheap prices.
    Problems with their offer

    1. AFAIK, OEM versions are supposed to be sold along with hardware. The part about tech support is true for OEM versions: you usually don't get tech support from the manufacturer of the software when you have OEM software; the manufacturer of the hardware is/should be the one giving technical support.

    2. Notice the domain name (edjihjem.info):

    Whois on that domain

    djihjem.info = [ 221.139.2.72 ]

    Domain ID: D6015234-LRMS
    Domain Name: EDJIHJEM.INFO
    Created On: 25-Jun-2004 16: 28: 06 UTC
    Expiration Date: 25-Jun-2005 16: 28: 06 UTC
    Sponsoring Registrar: R123-LRMS
    Status: ACTIVE
    Status: OK
    Registrant ID: C4886832-LRMS
    Registrant Name: Mariana Donskaya
    Registrant Street1: puschinskoe shosse 19 77
    Registrant City: Moscow
    Registrant State/Province: RU
    Registrant Postal Code: 235634
    Registrant Country: RU
    Registrant Phone: 7.0956990043
    Registrant FAX: 7.0956990043
    Registrant Email: marialazenberg@mail.ru
    Russia... domain created today?? Pishy pishy pishy... (no offensive to minsky Russiani comradski ).

    3. Notice the part after http://yqaofwr.edjihjem.info/:
    ClEH8n69LaJ_UC6LNNFjDM

    This is a (legitimate) technique often used by web-companies who work with affiliates. The last part of the url represents the affiliate's ID number. Usually, this number is a simpler one, though (eg. the member number), or even the affiliate's real name. This "affiliate" sounds kind of cryptic, though. Something to hide, maybe?
    The source reveales that it indeed is an affiliate:


    <frameset frameborder=0 border=0 framespacing=0 cols=*,0>
    <frame src="http://yqaofwr.edjihjem.info/OE017/?
    affiliate_id=233763&campaign_id=601" name=list marginwidth=10 marginheight=10 scrolling=Auto frameborder=no framespacing=0><frame src=http://yqaofwr.edjihjem.info/blank.html name=blank scrolling=no frameborder=no framespacing=0></frameset></noscript></html>
    affiliate_id... there you have it.
    And campaign_id? Please don't tell me that Russia is on a campaign again...

    The first frame src is interesting:
    http://yqaofwr.edjihjem.info gives you a nice input-box to unsubscribe... huh? What from?
    source

    <frameset frameborder=0 border=0 framespacing=0 cols=*,0>
    <frame src="http://yqaofwr.edjihjem.info/ 000/?affiliate_id=0&campaign_id=0" name=list marginwidth=10 marginheight=10 scrolling=Auto frameborder=no framespacing=0><frame src=http://yqaofwr.edjihjem.info/blank.html name=blank scrolling=no frameborder=no framespacing=0></frameset></noscript></html>
    No "home" page... darn affiliates again... apparently, this is a page where you can unsubscribe from an affiliate's "something"...

    OK... what about that OE017 guy... http://yqaofwr.edjihjem.info/OE017... page doesn't exist... thanks to FireFox's Google-revealing capacitities though, this most interesting page shows up:
    http://www.telecom.by/game/portal/userinfo.php?uid=1061
    Apparently (my Russian is rusty), this is the gaming portal of a Belarusian ISP...
    Now THAT looks like an interesting dude: TelepuziK is into the purple TeleTubbie (Telepuzik in Russian? Tinky-Winky is the purple one, I think?).
    The forum has the option to display forum functions in English, but not member comments... I have no idea what he's saying...
    Our TeleTubbie appears to be from Minsk, the capital of Belarus...
    CIA FactBook - EXCELLENT source for country-info... even Teletubby-country
    After seven decades as a constituent republic of the USSR, Belarus attained its independence in 1991. It has retained closer political and economic ties to Russia than any of the other former Soviet republics. Belarus and Russia signed a treaty on a two-state union on 8 December 1999 envisioning greater political and economic integration. Although Belarus agreed to a framework to carry out the accord, serious implementation has yet to take place.
    Economic ties to Mother Russia... no kidding... "serious implementation has yet to take place?" Our TeleTubbie is doing his very best, Mr. Tennet!

    Not only is he into the Teletubbies, he also appears to be a gamer: Counter-Strike » Quake 3 » Battle.Net » Battlefield 1942 » Day of Defeat » Natural-Selection » CS: Stats » Q3: Stats » B.Net: Stats
    Are they talking CS/Quake-3/BF42/...-stats here? Any comradski's around?

    4.
    Where does this software come from ?
    The software is shipped from Eastern Europe.
    Wow... so it's not shipped from a reliable Western European/Northern American source? You almost tricked me there...

    5. Their "Testimonials":


    My Name is Robert Schwarz I have done business with OemCd and Have received everything as promised and it worked great. Software I plan to stock my store with.
    I have customers who are quite satisfied with OemCd Software and they love the fact they do not have to spend virtually hundreds for the stuff that costs the companies to produce less then $7.00 per cd.
    I will be doing most of my software business with OemCd as they are quick to respond and help out greatly.
    Robert Schwarz (USA)
    OemCd. And this guy buys their software, AND resells it?

    6. Let's "buy" something.

    The Order page isn't a secure one... how phishy can things get...

    7. Received emails - senders.

    kotona.demon.nl
    luc.ac.be
    grassland.com
    net.orst.edu
    vax.rhbnc
    vax.rhbnc
    mx.gw.com
    xx-162-68-9.vnnyca.adelphia.net
    axit.pl
    brown.edu

    That's a Belgian university... an American university... Dutch... Polish... Greek... funny thing is that the "Belgian" email was sent through one of Comcast's servers...



    Bottom line: it's a scam. Don't buy it. You'll probably never even receive the software (and if you do, it'll be illegal software), and you might see some weird activity on your credit card.

  2. #2
    Senior Member
    Join Date
    Apr 2004
    Posts
    1,024
    Thanks for the heads up... Time to send out emails to the computer illiterate and barely literate friends and relatives... I'm sure one of them will think it's real...
    [H]ard|OCP <--Best hardware/gaming news out there--|
    pwned.nl <--Gamers will love this one --|
    Light a man a fire and you\'ll keep him warm for a day, Light a man ON fire and you\'ll keep him warm the rest of his life.

  3. #3
    Right turn Clyde Nokia's Avatar
    Join Date
    Aug 2003
    Location
    Button Moon
    Posts
    1,696
    Hey, lets all sign marialazenberg@mail.ru up for some spam mail of his/her very own!

    Maybe to a overweight hairy russian shemales, porn site!
    Drugs have taught an entire generation of kids the metric system.

    http://tazforum.**********.com/

  4. #4
    Old Fart
    Join Date
    Jun 2002
    Posts
    1,658
    Neg...thanks for the testimonial....nice to see black and white proof that if it sounds too good to be true, it usually is.
    Al
    It isn't paranoia when you KNOW they're out to get you...

  5. #5
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    to be on the internet for a while is to be a cynic. it pays off.

    i really hate to email warnings to those that might fall for them. you know it'll become a fwd;fwd;fwd. even though i sent it from my 'spam honeypot' account every one that gets it
    will wind up getting more spam. in this case its the lesser of two evils.

    nice investigative work neg!
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  6. #6
    King Arana: Super Moderator
    Join Date
    Oct 2002
    Posts
    4,055
    if it sounds too good to be true, it usually is.
    That's correct and I'd like to say that non-computer experienced people should follow that rule of thumb very wisely. It can work in many branches of way's if thought out (for instance, download's being trojan's, games/application's being viruses, spam mail's not being legit, etc). So anyone who use's a computer should definitely follow that rule while on the internet (or any place else).

    Oh, and great work Neg
    Space For Rent.. =]

  7. #7
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,744
    The stuf was even to bloody cheap for OEM.. I don get OEM Win XP for us$20..



    Thanks Neg


    Cheers..
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  8. #8
    Old Fart
    Join Date
    Jun 2002
    Posts
    1,658
    Well Neg...looks like you and I have the dubious honor of being targeted by the same group of spammers as I got my copy this morning. Hell....I'm a certified M$ system builder and I can't get OEM software that cheap.
    Al
    It isn't paranoia when you KNOW they're out to get you...

  9. #9
    Junior Member
    Join Date
    Sep 2003
    Posts
    29
    Tele = tele
    puzik = belly!
    telepuzik = telebelly!

    Telcom is a russian game sever ran by the Belarus Institute of Higher Education
    Its a very small one though, that acts as a portal to play the games you mention in your post Quake, Counter Strike etc, the page you posted is the forum that all the "clans" meet up in to discuss tactics, cheats, teams etc.

    It has a mail server though and a mailing list on the home page so maybe that could be what the Unsubscribe page was for??

    As you pointed out Negative the emails where sent out from Universities and this is a university web site running what is basically a public access mail server!?!?

  10. #10
    Banned
    Join Date
    Aug 2001
    Location
    Yes
    Posts
    4,429
    cdstomper &gt; Thanks for the translations

    The Unsubscribe page is part of the OemCD-"network", not of the Telcom-network.
    The email-addresses I received the emails from were all spoofed; nothing was really sent out from a university...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides