Full Disclosure mailing list archives
Re: defamatory joe job attack by botnet
From: "lsi" <stuart () cyberdelix net>
Date: Sat, 26 Jun 2004 12:34:25 +0100
On 26 Jun 2004 at 11:51, Aditya, ALD [ Aditya Lalit Deshmukh ] wrote:
I can also confirm that this is continuing from one of my many email adresses also.so now we know that not only the spammers are slime and are the people who do "organised crime" but they are rasists
i know this has nothing to do with security so please send mail on my personal address and *NOT* to the list
One of the reasons I posted was because although the spam is not a vulnerability in itself, it is evidence which leads back to folks who have done a lot of damage (see: Sobig) -- and who knows what else. It has to do with security because we're getting a better picture of what these people look like. For instance, it also appears they are German, or Dutch, or they have German or Dutch connections. And they might even live in a Turkish area. Etc ... Some people mailed me and said this is happening all the time to everyone - I can't correlate that as I only saw a few bounces from one ISP. An automated and/or large-scale joe-job makes a mess. I'm not seeing constant traffic like this, so I conclude its not occuring constantly. Maybe one address gets used to spam a range of addresses on one ISP. This would keep the bounces down (fits the observed circumstances of just a few bounces) ... and would suggest the purpose is to spread the hatemail, not defame the spoofed sender (switching addresses would mean the mail comes from someone else, diluting any defamatory effect). I got two bounces. The original recipients were louise () dircon co uk and nicola () dircon co uk (my original message shows netscalibur, who are apparently providing some kind of backend service for dircon). Note alphabetic proximity of recipients.. L and N The bot was going through a list ..... but as that's all the bounces I saw, I conclude addresses other than my own were used to spam the rest of the alphabet, and other ISPs. So that's a lot of people who have had their names associated with that stuff. Spamming might be a crime in some countries, but tarnishing the names of others is almost certainly a crime in all countries. When they finally get arrested it will be 200 million counts of spamming, and also, 50000 counts of defamation (or whatever crime it actually is..) ... pesky automated solutions! RISK: When you program a robot to commit a crime, you are asking for trouble. Stuart --- Stuart Udall stuart at () cyberdelix dot net - http://www.cyberdelix.net/ --- * Origin: lsi: revolution through evolution (192.168.0.2) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- defamatory joe job attack by botnet lsi (Jun 24)
- Re: defamatory joe job attack by botnet Jean-Marie Monnier (Jun 25)
- Re: defamatory joe job attack by botnet Charles Richmond (Jun 25)
- Re: defamatory joe job attack by botnet Jean-Marie Monnier (Jun 25)
- Re: defamatory joe job attack by botnet Aditya, ALD [ Aditya Lalit Deshmukh ] (Jun 26)
- Re: defamatory joe job attack by botnet Jean-Marie Monnier (Jun 25)
- <Possible follow-ups>
- RE: defamatory joe job attack by botnet Kane Lightowler (Jun 24)
- Re: defamatory joe job attack by botnet Aditya, ALD [ Aditya Lalit Deshmukh ] (Jun 26)
- Re: defamatory joe job attack by botnet lsi (Jun 26)
- Re: defamatory joe job attack by botnet Aditya, ALD [ Aditya Lalit Deshmukh ] (Jun 26)