<a href="http://www2.postcards.org">www2.postcards.org</a> has the same IP address, <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://64.151.106.108/" target="_blank">64.151.106.108</a>,
as <a href="http://marty.net">marty.net</a> and a number of other domains. Looking a little further,
the "Marty McKolskey Incident", at
<a href="http://www.everything2.com/index.pl?node_id=1468275">http://www.everything2.com/index.pl?node_id=1468275</a> may shed a ray of
light.<br><br><div><span class="gmail_quote">On 3/16/06, <b class="gmail_sendername">matti</b> <<a href="mailto:mathew_2000@yahoo.com">mathew_2000@yahoo.com</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Hi,<br><br>> Seems to me that there are probably three possibilities, in order of<br>> probability:<br>><br>> 1) The owner of <a href="http://postcards.org">postcards.org</a> is doing this scam<br>> 2) The system that hosts
<a href="http://postcards.org">postcards.org</a> is compromised and someone<br>> thought it'd be a good way to scam people<br>> 3) An insider @ ServePath configured the domain/system this way with<br>> or without permission.
<br><br>4) Adjacent system compromised (tom pointed this possibility out iirc)<br><br>fyi - there also are various ways to attack DNS servers<br>and host tables...<br><br>google search brings up a few interesting notes:<br>
(searched on: <a href="http://postcards.org">postcards.org</a> spyware)<br><a href="http://www.dynamoo.com/diary/postcards-org.htm">http://www.dynamoo.com/diary/postcards-org.htm</a><br><br><a href="http://spammuseum.co.uk">
spammuseum.co.uk</a> had what appeared to be your<br>exact server name "www2" but unfortunately<br>the original page isnt available (google<br>cache however does show it.)<br><br>in fact postcards themselves explain a bit:
<br><a href="http://www.postcards.org/postcards/special/aunt_edna_virus.html">http://www.postcards.org/postcards/special/aunt_edna_virus.html</a><br><br>looks like <a href="http://postcards.org">postcards.org</a> are really pissed off:
<br>"And if you happen to hit him with a fast-moving car,<br>we'll won't be displeased."<br><br>best<br>matti<br><br><br>__________________________________________________<br>Do You Yahoo!?<br>Tired of spam? Yahoo! Mail has the best spam protection around
<br><a href="http://mail.yahoo.com">http://mail.yahoo.com</a><br></blockquote></div><br>