Re: [Full-Disclosure] defamatory joe job attack by botnet
From: lsi (stuart_at_cyberdelix.net)
Date: 06/26/04
- Previous message: D'Amato Luigi: "[Full-Disclosure] ZH2004-13SA (security advisory): Sql Injection in Help Desp Pro 2.0"
- In reply to: Aditya, ALD [ Aditya Lalit Deshmukh ]: "Re: [Full-Disclosure] defamatory joe job attack by botnet"
- Next in thread: Jean-Marie Monnier: "Re: [Full-Disclosure] defamatory joe job attack by botnet"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Kane Lightowler" <Kane@contentsecurity.com.au>, <full-disclosure@lists.netsys.com>, "Aditya, ALD [ Aditya Lalit Deshmukh ]" <ald2003@users.sourceforge.net> Date: Sat, 26 Jun 2004 12:34:25 +0100
On 26 Jun 2004 at 11:51, Aditya, ALD [ Aditya Lalit Deshmukh ] wrote:
> > I can also confirm that this is continuing from one of my many email adresses also.
>
> so now we know that not only the spammers are slime and are the people who do "organised crime" but they are rasists
> i know this has nothing to do with security so please send mail on my personal address and *NOT* to the list
One of the reasons I posted was because although the spam is not a
vulnerability in itself, it is evidence which leads back to folks who
have done a lot of damage (see: Sobig) -- and who knows what else.
It has to do with security because we're getting a better picture of
what these people look like.
For instance, it also appears they are German, or Dutch, or they have
German or Dutch connections. And they might even live in a Turkish
area. Etc ...
Some people mailed me and said this is happening all the time to
everyone - I can't correlate that as I only saw a few bounces from
one ISP. An automated and/or large-scale joe-job makes a mess. I'm
not seeing constant traffic like this, so I conclude its not occuring
constantly. Maybe one address gets used to spam a range of
addresses on one ISP. This would keep the bounces down (fits the
observed circumstances of just a few bounces) ... and would suggest
the purpose is to spread the hatemail, not defame the spoofed sender
(switching addresses would mean the mail comes from someone else,
diluting any defamatory effect).
I got two bounces. The original recipients were louise@dircon.co.uk
and nicola@dircon.co.uk (my original message shows netscalibur, who
are apparently providing some kind of backend service for dircon).
Note alphabetic proximity of recipients.. L and N
The bot was going through a list ..... but as that's all the bounces
I saw, I conclude addresses other than my own were used to spam the
rest of the alphabet, and other ISPs.
So that's a lot of people who have had their names associated with
that stuff. Spamming might be a crime in some countries, but
tarnishing the names of others is almost certainly a crime in all
countries. When they finally get arrested it will be 200 million
counts of spamming, and also, 50000 counts of defamation (or whatever
crime it actually is..) ... pesky automated solutions!
RISK: When you program a robot to commit a crime, you are asking for
trouble.
Stuart
--- Stuart Udall stuart at@cyberdelix.dot net - http://www.cyberdelix.net/ --- * Origin: lsi: revolution through evolution (192.168.0.2) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: D'Amato Luigi: "[Full-Disclosure] ZH2004-13SA (security advisory): Sql Injection in Help Desp Pro 2.0"
- In reply to: Aditya, ALD [ Aditya Lalit Deshmukh ]: "Re: [Full-Disclosure] defamatory joe job attack by botnet"
- Next in thread: Jean-Marie Monnier: "Re: [Full-Disclosure] defamatory joe job attack by botnet"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
