RE: [Full-Disclosure] Backdoor not recognized by Kaspersky

From: Larry Seltzer (
Date: 03/04/04

  • Next message: Timothy Demulder: "Re: [Full-Disclosure] EFC Released"
    To: <>
    Date: Thu, 4 Mar 2004 06:20:48 -0500

    > Another quick workaround to SPF, Caller ID and Domain Keys has alredy
    > been implemented by spammers for a year or so. The only premise behind
    > S/C/D is that you are trusted if you have access to a DNS server.
    > Spammers are using compromised machines not only as SMTP servers, but
    > also web servers and DNS servers. The end result is that spammers have
    > already completely circumvented all three solutions way before they
    > were ever implemented.

    I'm really not clear how this could work on a DHCP client, which the overwhelming
    majority of compromised systems must be. Please don't just tell me it's magic and works.

    What you said in another message about just cracking the storage of credentials in the
    registry or file system impresses me more and I'm looking into it.

    Larry Seltzer Security Center Editor

    Full-Disclosure - We believe in it.

  • Next message: Timothy Demulder: "Re: [Full-Disclosure] EFC Released"

    Relevant Pages

    • Re: Permitting recursion can allow spammers to steal name server resources
      ... > The default configuration of many domain name servers (DNS) can leave ... relation to allowing global recursion. ... Often those same servers which are the target of spammers will also be ...
    • Re: Tool for validating sender address as spam-fighting technique?
      ... If most SMTP servers did the kind of verification you wish to do, than most spam would be sent with forged genuine addresses. ... So when considering using such a system, consider the overall cost to legitimate users vs the counter counter measures spammers will take. ... In this case the counter counter measures available to spammers is so much easier and cheaper than the verification system itself, that it's not really a good idea to try such verification. ...
    • Re: Problems with Outlook Express and new Security Update
      ... > Internet Explorer and through Outlook Express. ... Spammers found a way to exploit these servers for sending spam, ... Even I had written client side rules, using Pegasus Mail, to dump email sent ... MSN finally fixed those servers so the spammers no longer exploit them; ...
    • Re: Share my calendar
      ... Now, being a cooperative they share their servers between many users, ... discovered ('php injection', or something like this) which allowed ... spammers to use your site in some cases to send spams, ... l'initiale de Frédérique manque devant l'adresse email ci-dessus ...
    • Re: Fedora 11: Switching to single user mode (runlevel 1) -- Hey g.
      ... "There are spammers which just leech new addresses off PGP servers ... they spam each of them. ... encrypt emails not just to sign emails posted on a public mailing list. ...