Re: Domain HiJacking by SPAMMERS

["Ho Chaw Ming" <chawming () pacific net sg>]

I would be interested too, since we got a client who got "attacked" in such
a way yesterday. We received an estimated 30,000 bounced emails alone from
the fake reply to email address in a matter of hours. The data center
received hundreds of ill-informed abuse reports.

We took a sample and they trace to US and Europe, from a large variety of
ISPs, leading us to believe it's probably compromised machines.

I would thus be interested too to hear about how this can be resolved. We
don't wish to terminate the client, or ask him to move, but this causes us
tremendous resources to deal with. At the same time,  we don't want
ill-informed reports to cause us to be blacklisted by ISPs or Spam lists.

Any suggestions will be appreciated. Thanks.

regards

----- Original Message ----- 
From: <saliskor () cyberus ca>
To: <security-basics () securityfocus com>
Sent: Thursday, January 29, 2004 11:45 PM
Subject: Domain HiJacking by SPAMMERS




A client of mine has been having serious difficulties with SPAMMERS using
their domain name as a return address for sending spam. The Names are
ficticious, of course, and only a inconvenience due to the NDRs being
returned through the mail system.

The most serious problem is that the subject of the SPAM could cause a major
public relations problem for the company, since it is mostly online-drug
sales and private enhancements being marketed.

A thorough check of the mail system and tracing of the original spam
messages confirm that the company's systems are not being used as relays.
Most the the messages originate in the Far/Middle east or Europe.

Any suggestions as to what can be done, or how to handle such a situation
would definitely be appreciated.

Rick

---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any
course! All of our class sizes are guaranteed to be 10 students or less.
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention,
and many other technical hands on courses.
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off
any course!
----------------------------------------------------------------------------


---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any 
course! All of our class sizes are guaranteed to be 10 students or less. 
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, 
and many other technical hands on courses. 
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off 
any course!  
----------------------------------------------------------------------------