Re: Sending spam via sites and creating spam-botnets

["McGhee, Eddie" <Eddie.McGhee () ncr com>]

POC? 

-----Original Message-----
From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of 
MustLive
Sent: 20 July 2010 19:51
To: full-disclosure () lists grok org uk
Subject: [Full-disclosure] Sending spam via sites and creating spam-botnets

Hello participants of Full-Disclosure!

In continue to my last month's article Using of the sites for attacks on other sites and my previous article about 
creating of botnet from zombie-servers and program DDoS attacks via other sites execution tool (DAVOSET), I want to 
draw your attention to another aspect of Abuse of Functionality vulnerabilities. At the end of last week I wrote new 
article Sending spam via sites and creating spam-botnets (http://websecurity.com.ua/4382/). Which I'll tell you briefly 
about.

Similarly to using of the sites for attacks on other sites via Abuse of Functionality vulnerabilities, it's also 
possible via Abuse of Functionality to use sites for sending spam.

There are many such vulnerabilities in Internet, which I wrote about many times, as vulnerable sites, as vulnerable 
plugins (which used at many sites). So many sites can be used for sending spam.

Using of Abuse of Functionality for sending spam.

Researching of such vulnerabilities I begun already in 2007. From that time I found many web sites with such 
vulnerabilities and also vulnerable plugins for popular web applications. Particularly such plugins as WP-ContactForm 
for WordPress, Contact Form ][ for WordPress and com_alfcontact for Joomla.

Creating of spam-botnets from sites.

Similarly to tools for conducting of DDoS attacks via Abuse of Functionality vulnerabilities, as for example DAVOSET, 
in exactly the same way the tools for mass spam sending can be created. Via multiple Abuse of Functionality 
vulnerabilities at different sites. I.e. these vulnerabilities can be used for creating of spam-botnets with 
zombie-servers. And taking into account that spam will be sending from servers of well-known companies, then very 
likely that these letters will bypass spam-filters.

Taking into account widespread of Abuse of Functionality vulnerabilities at the sites, which allow to send spam, and 
ignoring of sites' admins of this problem, it's actual. And taking into account that network from these zombie-servers 
can be created without wasting of resources (including financial), as it occurs in classical botnets, then this type of 
botnets is very profitable from financial side. So with time spammers can draw attention at this method of sending spam 
and at this type of spam-botnets.

P.S.

If your site will be DDoSed from Google's servers or you will receive spam from IBM's servers, than you will be knowing 
what type of botnets it is.

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua 


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/