nanog mailing list archives
Re: New SPAM DOS
From: sthaug () nethelp no
Date: Fri, 08 Jan 2010 20:39:54 +0100 (CET)
I host scvrs.org on one of my servers, and, it does not have any outlook or owa services. For some reason, someone decided to try and send this message out to various internet recipients:
...
Anyone seen this before? Any good techniques for combatting it?
If you look more closely at the messages I believe you'll find that they are multipart/alternative, and that the second part gives a slightly modified version of the owa URL. For instance, for my own nethelp.no domain the first part of message says http://nethelp.no/owa/... but the second part specifies URLs like http://nethelp.no.ujjikx.co.im/owa/... http://nethelp.no.ujjiks.net.im/owa/... http://nethelp.no.ikuu8w.com/owa/... http://nethelp.no.ikuu8e.net/owa/... This is a very old trick, seen lots of times in connection with phishing sites, for instance. Steinar Haug, Nethelp consulting, sthaug () nethelp no
Current thread:
- New SPAM DOS Owen DeLong (Jan 08)
- Re: New SPAM DOS Shane Ronan (Jan 08)
- RE: New SPAM DOS Blake Pfankuch (Jan 08)
- Re: New SPAM DOS John Peach (Jan 08)
- RE: New SPAM DOS Blake Pfankuch (Jan 08)
- Re: New SPAM DOS sthaug (Jan 08)
- Re: New SPAM DOS Owen DeLong (Jan 08)
- Re: New SPAM DOS William Herrin (Jan 08)
- Re: New SPAM DOS Owen DeLong (Jan 08)
- RE: New SPAM DOS Aaron Wendel (Jan 08)
- Re: New SPAM DOS Chris Fuenty (Jan 08)
- Re: New SPAM DOS Shane Ronan (Jan 08)