I intend to update this blog post in the future whenever I discover new domains related to this spam ring. If you have been spammed by this group, please see the "How to Report Spam from This Organization" section below.
Affiliated Domains
Following is a list of all the domains I'm aware of that this organization has linked or advertised in their spam. I've included some relevant links to McAfee SiteAdvisor, Web of Trust, and/or URLVoid reports for these domains. Many of the domains listed below are (or have previously been) classified as "yellow" or worse due to "suspicious behavior... which may pose a security risk," spam, and/or excessive popups:
- Currently listed as Yellow by McAfee: "McAfee TrustedSource web reputation analysis found potential suspicious behavior on this site which may pose a security risk. Use with caution." - formerly Yellow for pop-ups - also on Joe Wein's spam blacklist:
- scenenheard .info (McAfee SiteAdvisor, Web of Trust, URLVoid; domain appears to have a different owner now)
- Currently listed as Yellow by McAfee: "McAfee TrustedSource web reputation analysis found potential suspicious behavior on this site which may pose a security risk. Use with caution." - formerly Yellow for pop-ups:
- mysnapfish .info (McAfee SiteAdvisor, URLVoid; note the unethical and deceptive use of HP trademark "Snapfish"; I reported this trademark violation and the domain was shut down, but it has since been registered by a different person/organization who now operates the site)
- Currently listed as Yellow by McAfee: "McAfee TrustedSource web reputation analysis found potential suspicious behavior on this site which may pose a security risk. Use with caution.":
- raone .info (McAfee SiteAdvisor, URLVoid)
- bombaytimes .info (McAfee SiteAdvisor; domain expired 27 Aug 2010)
- Currently listed as Yellow by McAfee: "[McAfee's] analysis found that this site may be promoted through spammy e-mail." - also listed on SpamCop:
- bindaasspaces .info (McAfee SiteAdvisor, URLVoid; see also list.bindaasspaces .info on Web of Trust)
- Formerly listed as Yellow by McAfee: "McAfee TrustedSource web reputation analysis found potential suspicious behavior on this site which may pose a security risk. Use with caution." - also previously listed as Yellow for pop-ups:
- nitiraj .in (McAfee SiteAdvisor, URLVoid)
- click4birthchart .info (McAfee SiteAdvisor, URLVoid; domain appears to have a different owner now)
- typesms .biz (McAfee SiteAdvisor; domain is no longer registered)
- Formerly listed as Yellow by McAfee: "McAfee TrustedSource web reputation analysis found potential suspicious behavior on this site which may pose a security risk. Use with caution.":
- bindaaspoll .com (McAfee SiteAdvisor, URLVoid)
- eazeejob .com (McAfee SiteAdvisor, URLVoid)
- astrocast .in (McAfee SiteAdvisor, URLVoid)
- connect2friends .in (McAfee SiteAdvisor, URLVoid)
- bindaasphotos .com (McAfee SiteAdvisor, URLVoid)
- bindaasjokes .com (McAfee SiteAdvisor, URLVoid)
- raone .co.in (McAfee SiteAdvisor; domain is no longer registered)
- click4makaan .info (McAfee SiteAdvisor; domain is no longer registered)
- Formerly listed as Red by McAfee: "extremely high number of pop-ups":
- shilpashettyinbollywood .info (McAfee SiteAdvisor, URLVoid)
- Formerly listed as Yellow by McAfee: pop-ups:
- iisource .com (McAfee SiteAdvisor, URLVoid)
- typesms .name (McAfee SiteAdvisor, URLVoid)
- channelnewsx .com (McAfee SiteAdvisor, URLVoid)
- 53456 .mobi (McAfee SiteAdvisor; domain is no longer registered)
- User reports (other than just my own):
- list.bindaasspaces .info (Web of Trust)
- scenenheard .info (Web of Trust)
- bindaaspoll .com (McAfee SiteAdvisor)
- 53456 .mobi (McAfee SiteAdvisor; domain is no longer registered)
- Other domains (no known record of poor ratings or user reports aside from my own):
- bignaka .com (McAfee SiteAdvisor, URLVoid)
- findspace .co.in (McAfee SiteAdvisor, URLVoid)
- ehangout .co.in (McAfee SiteAdvisor, URLVoid)
- modelscalendar2010 .co.in (McAfee SiteAdvisor, URLVoid)
- bindaasjobs .com (McAfee SiteAdvisor, URLVoid)
- bindaastravel .com (McAfee SiteAdvisor, URLVoid)
- bindaasplanet .in (McAfee SiteAdvisor, URLVoid)
- bindaasworld .com (McAfee SiteAdvisor, URLVoid)
- glamnglory .com (McAfee SiteAdvisor, URLVoid)
- bindaasboll .com (McAfee SiteAdvisor, URLVoid)
- clubmahindra .com (McAfee SiteAdvisor, URLVoid; note that this domain currently has a Light Green rating on the community-operated Web of Trust site, which may indicate that a few people—perhaps just the domain owners—apparently feel that the site is legitimate in spite of having been affiliated with a spam ring)
- bindaasindya .com (McAfee SiteAdvisor)
- experiencechange .co.in (McAfee SiteAdvisor; domain pending deletion as of 31 Aug 2010)
- pehechankaun .com (McAfee SiteAdvisor; domain expired 19 Jul 2010)
- chouwmouw .com (McAfee SiteAdvisor; domain expired 3 Jul 2010)
- meragang .org (McAfee SiteAdvisor; domain is no longer registered)
Please report this spam to the domain registrar by forwarding unsolicited e-mails that either contain links to or are sent from these domains (or redirect to/through one of these domains) to the registrar's abuse address. The most common registrar for these domains is Net 4 India Limited, whose abuse addresses are abuse@net4.in, abuse@net4domains.com, and abuse@net4india.net. So far all of my reports to Net 4 India have been ignored.
These spammers violate CAN-SPAM by sending unsolicited commercial e-mail that does not contain functional opt-out instructions, does not clearly state that it's an advertisement, and never contains a postal mailing address. United States residents who receive any junk mail in violation of the CAN-SPAM Act should forward the e-mail to spam@uce.gov.
Please report spam to the anti-spam site KnujOn by forwarding the spam to nonregistered@coldrain.net.
If you receive spam that links to one of these domains through a bit.ly redirect URL, please forward the spam to abuse@bit.ly. Thankfully, bit.ly takes spam reports seriously and will often put up an interstitial warning page when users click on a spammed bit.ly URL. However, so far it appears that bit.ly hasn't shut down the spam group's bit.ly account; their account page with a list of several of their links can be found here: http://bit.ly/u/funnyjoke — note that a couple of their spammed links have gotten more than 100,000 clicks, and several others have had tens of thousands of clicks.
If you receive spam that links to one of these domains through a tiny.cc redirect URL, please forward the spam to tinylink@gmail.com. So far all of my reports to tiny.cc have been ignored.
Also, please add a comment to this post if you have been spammed by the Bindaas Spaces operation, and share any affiliated domains you've seen linked in their spam (don't link to them, just paste the domain in plain text).
For more from the JoshMeister on Security, please subscribe to the RSS feed or follow me on Twitter.
