WebApp Sec mailing list archives

Re: Article - A solution to phishing

From: Joseph Miller <joseph () tidetamerboatlifts com>
Date: Mon, 20 Dec 2004 08:51:50 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Exon,
Would you happen to have that script available?  If many people had access to 
this script it could possibly cause DDoS and severely limit spammers.  I 
would, of course, not necessarily recommend this particular action because of 
the legal implications, so I must say, "We could use this as a possible 
threat to illegal spammers".  Thanks for the info.

- -Joseph

On Thursday 16 December 2004 11:47 am, exon wrote:

Ian wrote:

On 14 Dec 2004 at 13:43, Adam Tuliper wrote:

<snip>

Personally, I like stringing them on and giving them false information
and wasting their time. Its fun, I recommend all of you try it : )


You make have stumbled across a solution
here ;)

Why not code an automated system that fills
in their bogus log in screens with false
information?

There are only a limited number of banking
web sites around so a template could be
created for each.

If enough people join in these phishers
would get swamped with information and
wouldn't know the good from the bad.

Thoughts ?


This is known to be effective against spammers which use href-links in
email to verify 'live' email-addresses. It's usually highly effective if
you find something that looks like
www.some-site.com/remove_me.asp?m=email () somewhere org

I used to get around 400 spam emails a day, so I wrote a quick script to
connect to a couple of these urls a couple of million times with
auto-generated email-addresses. Sometime during the second night of
running I kept getting connection refused and spam dropped down to
around 40 / day.

Another anti-mischief act was when some organisation (can't remember
which) found out the IRL address of a spammer who had used their
mail-server and signed him up for every free hard-copy snailmail ads and
catalogues they could find. As it turned out, the spammer received some
four tons of advertising papers and leaflets through his mailbox in a
week, effectively causing a DoS on his own apartment. Retaliation can be
so fun. ;)

/exon

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBxtj4mXZROF+EADURAvNeAJ9oWsMhp3sep2nPSRNeJ3meaT7sEgCghoTH
0yrvOqZjlb8SfrDyf7yc75c=
=JwXW
-----END PGP SIGNATURE-----

Current thread:

RE: Article - A solution to phishing, (continued)
- - RE: Article - A solution to phishing lists (Nov 27)
    - Re: Article - A solution to phishing Joseph Miller (Nov 29)
    - Re: Article - A solution to phishing Michael Silk (Nov 29)
    - Re: Article - A solution to phishing Rogan Dawes (Nov 30)
    - Re: Article - A solution to phishing Adam Shostack (Dec 01)
    - Re: Article - A solution to phishing Rogan Dawes (Dec 03)
  - Message not available
    - Re: Article - A solution to phishing Michael Silk (Dec 14)
    - Re: Article - A solution to phishing Adam Tuliper (Dec 15)
    - Re: Article - A solution to phishing Ian (Dec 16)
    - Re: Article - A solution to phishing exon (Dec 20)
    - Re: Article - A solution to phishing Joseph Miller (Dec 20)
    - Re: Article - A solution to phishing exon (Dec 22)
    - Re: Article - A solution to phishing Rogan Dawes (Dec 22)
  - RE: Article - A solution to phishing Christopher Canova (Dec 14)
- Re: Article - A solution to phishing focus (Nov 27)
  - RE: Article - A solution to phishing Mark Curphey (Nov 29)
    - RE: Article - A solution to phishing focus (Nov 29)
  - Re: Article - A solution to phishing Tran Viet Phuong (Nov 29)
  - Re: Article - A solution to phishing Saqib . N . Ali (Nov 29)
    - Re: Article - A solution to phishing Mark Burnett (Nov 29)
    - RE: Article - A solution to phishing WebAppSecurity [Technicalinfo.net] (Nov 29)

(Thread continues...)