Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Retarted XV.Net spam filter

From: Fyodor <fy-xvtest () insecure org>
Date: Fri, 13 Feb 2004 08:38:43 -0800
Hey everyone.  I'm back from a great Europe trip, and back to Nmap
coding and book writing.

People who have been posting to nmap-hackers and nmap-dev have been
receiving forged emails from XV.Net purporting to be "a automated
message from nmap-dev () insecure org".  It also claims that "We have
chosen to use XV.NET (eXtreme Email Protection) as our Anti-Spam
E-Mail filter due to the security and ease. We suggest you use it
also!"  This is the most retarded spam filter I have ever seen.  It
apparently just looks at the 'To' address and then forges email as
coming from that address.  This obviously doesn't work for mailing
lists and probably breaks for email that is CC'd too.  Whois shows
that it seems to be run by the same guys who hijacked the
kismetwireless.com domain (real kismet is kismetwireless.net).  The
mail headers don't show what user is forwarding to XV.  If anyone is
using this nonsense, please desist or unsubscribe from the Nmap lists.
If anyone gets further responses to your posts like the one below,
please let me know.  Thanks to Martin for forwarding me this one.

----- Forwarded message from "support @ xv. net" <nmap-dev () insecure org> -----

Return-Path: <xvnet () server2 xv net>
Delivered-To: martin.macok () underground cz
Received: from server2.xv.net (unknown [66.98.160.81])
        by technomat.underground.cz (Postfix) with ESMTP id C58C0EC003
        for <martin.macok () underground cz>; Fri, 13 Feb 2004 15:04:06 +0100 (CET)
Received: from xvnet by server2.xv.net with local (Exim 4.24)
        id 1ArdvG-0004kv-84
        for martin.macok () underground cz; Fri, 13 Feb 2004 09:04:02 -0500
To: martin.macok () underground cz
Subject: Please confirm your email for nmap-dev () insecure org
From: support () xv net <nmap-dev () insecure org>
Message-Id: <E1ArdvG-0004kv-84 () server2 xv net>
Date: Fri, 13 Feb 2004 09:04:02 -0500
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server2.xv.net
X-AntiAbuse: Original Domain - underground.cz
X-AntiAbuse: Originator/Caller UID/GID - [32003 504] / [47 12]
X-AntiAbuse: Sender Address Domain - server2.xv.net
X-Spam-Level: 


This is a automated message from nmap-dev () insecure org.

Due to the high rate of spam and viruses, we ask that you perform a ONE TIME ONLY verification of your email address.

We have chosen to use XV.NET (eXtreme Email Protection) as our Anti-Spam E-Mail filter due to the security and ease. We 
suggest you use it also! http://www.XV.net

Just click the link below to deliver the email message you have sent with the subject:  Re: Why does nmap fingerprint 
the application by using the standard probes

** YOU MUST CLICK THE LINK BELOW **
http://www.xv.net/live/verify.php?code=martin.macok@underground.czinnvdyqpfbvkjeolgkhrigntnmap-dev () insecure org

If you do not click the link below, your email will NOT be delivered to nmap-dev () insecure org

Thank You,
support () xv net

The XV.NET (eXtreme Email Protection) E-mail Verifier.

----- End forwarded message -----


---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List archive: http://seclists.org
Previous By Date Next
Previous By Thread Next

Current thread: