Re: Honey email address?

[Packet Man <packetman () altsec info>]

Chris Norton wrote:
> I am trying to think of a way to setup an email address sort of like a =
> honeypot, which I do run a few, to attract emails such as phishing, new =
> Mass mailing worms/viruses and would like some input on the best way of =
> doing this. I would think it would consist of doing something such as =
> posting the email address to a lot of places on the internet but what =
> would be the best way to go about this? Any help or ideas would be =
> great.

My experience:

1.  create several email accounts

2.  use these accounts to post messages to many forums,
    news groups, blogs, etc.

3.  do a search for so-called "job sites" that are thinly
    veiled email harvesters and post resumes for the email
    accounts

4.  on a public facing website, put lots of documents so
    that robots can harvest the email addresses

5.  while surfing the most obviously unscrupulous sites
    you can find, click on all the popups and enter the
    honey email addresses

6.  make sure the honeypot is listening on smtp AND the
    messaging ports (1025-1030, I believe)

If you have the same luck I've had, you'll be getting
spam and phish in no time at all.  As a side note, the
only phishing attempts I've gotten on my "real" email
address for this domain have been harvested from my
website and resume.  Plus, this email address which
is used only here has resulted in a small amount of
spam and phish as well.

Good luck.

Mark Stingley


--
Excellence in InfoSec and Linux
http://www.altsec.info