Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Matt Wright FormMail Attacks

From: <jlewis () lewis org>
Date: Mon, 14 Jan 2002 11:49:53 -0500 (EST)
On Sun, 13 Jan 2002, Dmitri Smirnov wrote:


just found "Matt Wright FormMail Attacks" as number 5 in 'Top Five' on
aris.securityfocus.com.
I've sent dozens of alerts to ISPs about formmail.pl incidents but still
having the probes from the same subnets (addresses) for few months already.
Looks like people are not serious about this probe. Is anybody know why
number of formmail.pl attacks is growing? May be it is a part of SPAM
toolkit or some very popular tool?


Open formmail scripts are commonly being used now by spammers as an
alternative form of open relays.  There seems to be commercial spamware
that searches for and tests formmail scripts.  Some of the anti-spam email
blacklists block IP's with open formmail's.  It wouldn't surprise me
terribly if any of them started scanning for open formmail's for the
purpose of preemptively blocking them.

-- 
----------------------------------------------------------------------
 Jon Lewis *jlewis () lewis org*|  I route
 System Administrator        |  therefore you are
 Atlantic Net                |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: