I've been getting AIM spam lately. Mostly from generated names like aim236236437 and similar.
I decided to play Mr. Detective with the latest. It linked to here:
From there I got 2 domains:
Some things I noticed:
1. User account "cheez" spammed me to hopefully earn .003 cents from exitforcash.com
2. public.windupdates.com sounds a lot like windows update.
3. windupdates has removal instructions on it's main page, obviously because people didn't want it there in the first place. I'm wondering what exploit it uses to get on your box in the first place, or if you unwillingly click OK to an activex download.
4. info@(no spam)exitforcash.com is the listed contact address on exitforcash. Funny, they can dish spam out but can't take it.What is Wind Updates?
Wind Updates is free ad delivery software which provides targeted advertising offers.
How did Wind Updates get installed on your computer?
If you do not remember having seen an ActiveX prompt, you might have downloaded Wind Updates from a popular free software product (screensavers, games, file sharing software, etc.). Users always have to opt-in before installing the Wind Updates software.
Wind Updates supports many free software products through its advertising relevancy technology. If you remove Wind Updates from your system, certain free software that you installed may no longer function properly and you may have to reinstall them from a backup.
If you are sure that you want to remove Wind Updates from your computer just follow these two easy steps:
* Click Start -> Control Panel -> Add/Remove Programs
* Scroll to Wind Updates and click Remove
organization: CDT Inc.
owner: Domain Manager
address: P.O. Box 181
address: TMR P.O.
Waveflow Inc., Waveflow Inc. email@example.com
PO Box 87
Baysville, ON P0B 1A0
http://www.waveflowinc.com has no website.
It seems these spammers are from Canada? I'm guessing they tried to get money for referrals from windupdates and exitforcash from the same linked page.