Re: defamatory joe job attack by botnet

["lsi" <stuart () cyberdelix net>]

On 26 Jun 2004 at 11:51, Aditya, ALD [ Aditya Lalit Deshmukh ] wrote:

> > I can also confirm that this is continuing from one of my many email adresses also.
>
> so now we know that not only the spammers are slime and are the people who do "organised crime" but they are rasists 

> i know this has nothing to do with security so please send mail on my personal address and *NOT* to the list  

One of the reasons I posted was because although the spam is not a 
vulnerability in itself, it is evidence which leads back to folks who 
have done a lot of damage (see: Sobig) -- and who knows what else.

It has to do with security because we're getting a better picture of 
what these people look like.

For instance, it also appears they are German, or Dutch, or they have 
German or Dutch connections.  And they might even live in a Turkish 
area.  Etc ...

Some people mailed me and said this is happening all the time to 
everyone - I can't correlate that as I only saw a few bounces from 
one ISP.  An automated and/or large-scale joe-job makes a mess. I'm 
not seeing constant traffic like this, so I conclude its not occuring 
constantly.   Maybe one address gets used to spam a range of 
addresses on one ISP.  This would keep the bounces down (fits the 
observed circumstances of just a few bounces) ... and would suggest 
the purpose is to spread the hatemail, not defame the spoofed sender 
(switching addresses would mean the mail comes from someone else, 
diluting any defamatory effect).

I got two bounces.  The original recipients were louise () dircon co uk 
and nicola () dircon co uk (my original message shows netscalibur, who 
are apparently providing some kind of backend service for dircon).

Note alphabetic proximity of recipients.. L and N

The bot was going through a list ..... but as that's all the bounces 
I saw, I conclude addresses other than my own were used to spam the 
rest of the alphabet, and other ISPs.

So that's a lot of people who have had their names associated with 
that stuff.  Spamming might be a crime in some countries, but 
tarnishing the names of others is almost certainly a crime in all 
countries.  When they finally get arrested it will be 200 million 
counts of spamming, and also, 50000 counts of defamation (or whatever 
crime it actually is..) ... pesky automated solutions!  

RISK: When you program a robot to commit a crime, you are asking for 
trouble.

Stuart

---
Stuart Udall
stuart at () cyberdelix dot net - http://www.cyberdelix.net/

--- 
 * Origin: lsi: revolution through evolution (192.168.0.2)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html