Cart00ney 2009-004

28.December 2009

Wow the first t00n from Poland today, it seems stupidity finally reached Europe :-).
Of course that loser has no clue that what goes as provider in his country has a long history of netabuse.
But hey that t00n seems to be a close relative to El Tardo, he also mails to all addresses he could find...
Needless to say that German authorities are the ones that did set all those 20000+ spambots hosted at that Polish spammerhaeven into our list.

Here we go with the cart00ney:
=== START OF MESSAGE ===
X-From_: michkol@gmail.com Mon Dec 28 15:09:45 2009
Return-Path: michkol@gmail.com
Received: from mail-fx0-f219.google.com (209.85.220.219)
via SMTP by UCEPROTECT Proxy V4.1 at unimatrix.admins.ws, id smtpdCr6927; Mon Dec 28 15:09:43 2009
Received: by fxm19 with SMTP id 19so10020714fxm.37
for multiple recipients; Mon, 28 Dec 2009 06:09:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=gamma;
h=domainkey-signature:received:received:message-id
:disposition-notification-to:date:from:user-agent:mime-version:to
:subject:content-type:content-transfer-encoding;
bh=u/8DLslWGT1oO3r0FBfillNgbe+dFGfhWxtPeZqf2ho=;
b=mOBbOSURA8RVKWNdk+kZEXVEmdy4r5knmQoLYl6fmmc92vqIiHqXqvEzL9nxdm34wB
ZAfYBwJYqQ0k9+cllakB8mOnLkgPKmsw+LwvuJVXMS51hl+dzro/54Y7JlFMVBkqvqKI
KaO8Uj8TEUbbdkEKJZtp6R3OOZL7YctsK/9Ho=
DomainKey-Signature: a=rsa-sha1; c=nofws;
d=gmail.com; s=gamma;
h=message-id:disposition-notification-to:date:from:user-agent
:mime-version:to:subject:content-type:content-transfer-encoding;
b=h+12Bv0gv7G11Qhfmsvb0G7rAVm5EEf3Rlb5bFMyQy75hEjASHC2rM5Xj0KWQ102/i
dhTbuKi5sQtlJPD1ke/ImQtHzG06i17G4MVifaCWa+CjxPwRSBrIcmwF46rxsZHLZp2m
lYXEaxMTannOcIs6tSbVvk6JqiXYGV7tx8VPc=
Received: by 10.223.6.9 with SMTP id 9mr21119312fax.84.1262009050779;
Mon, 28 Dec 2009 06:04:10 -0800 (PST)
Received: from ?192.168.1.4? ([81.219.204.104])
by mx.google.com with ESMTPS id h2sm17224213fkh.2.2009.12.28.06.04.09
(version=SSLv3 cipher=RC4-MD5);
Mon, 28 Dec 2009 06:04:09 -0800 (PST)
Message-ID: 4B38BAD7.7060507@gmail.com
Disposition-Notification-To: =?UTF-8?B?TWljaGHFgiBLb2xpxYRza2k=?=
Date: Mon, 28 Dec 2009 15:04:07 +0100
From: =?UTF-8?B?TWljaGHFgiBLb2xpxYRza2k=?= michkol@gmail.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; pl; rv:1.9.1.5) Gecko/20091204 Thunderbird/3.0
MIME-Version: 1.0
To: we-dont-talk-to-listees( @ )uceprotect.net, orders( @ )fast9.uceprotect.net, abuse( @ )uceprotect.net, hostmaster( @ )uceprotect.net, root( @ )uceprotect.net
Subject: Blacklisting of 81.219.204.104 in dnsbl-2 and dnsbl-3.uceprotect.net
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit

You have 24 hours to remove 81.219.204.104 from your blacklists
dnsbl-2.uceprotect.net and dnsbl-3.uceprotect.net.

Otherwise, I will report your extortion activity to Bundeskriminalamt
and file a lawsuit against your company in a Polish court.

=== END OF MESSAGE ===