Full Disclosure mailing list archives
Re: Sending spam via sites and creating spam-botnets
From: Benji <me () b3nji com>
Date: Wed, 21 Jul 2010 11:44:50 +0100
P.S. If your site will be DDoSed from Google's servers or you will receive spam from IBM's servers, than you will be knowing what type of botnets it is.
Pjear bitches. Sent from my iPhone On 20 Jul 2010, at 19:50, "MustLive" <mustlive () websecurity com ua> wrote:
Hello participants of Full-Disclosure! In continue to my last month's article Using of the sites for attacks on other sites and my previous article about creating of botnet from zombie-servers and program DDoS attacks via other sites execution tool (DAVOSET), I want to draw your attention to another aspect of Abuse of Functionality vulnerabilities. At the end of last week I wrote new article Sending spam via sites and creating spam-botnets (http://websecurity.com.ua/4382/). Which I'll tell you briefly about. Similarly to using of the sites for attacks on other sites via Abuse of Functionality vulnerabilities, it's also possible via Abuse of Functionality to use sites for sending spam. There are many such vulnerabilities in Internet, which I wrote about many times, as vulnerable sites, as vulnerable plugins (which used at many sites). So many sites can be used for sending spam. Using of Abuse of Functionality for sending spam. Researching of such vulnerabilities I begun already in 2007. From that time I found many web sites with such vulnerabilities and also vulnerable plugins for popular web applications. Particularly such plugins as WP-ContactForm for WordPress, Contact Form ][ for WordPress and com_alfcontact for Joomla. Creating of spam-botnets from sites. Similarly to tools for conducting of DDoS attacks via Abuse of Functionality vulnerabilities, as for example DAVOSET, in exactly the same way the tools for mass spam sending can be created. Via multiple Abuse of Functionality vulnerabilities at different sites. I.e. these vulnerabilities can be used for creating of spam-botnets with zombie-servers. And taking into account that spam will be sending from servers of well-known companies, then very likely that these letters will bypass spam-filters. Taking into account widespread of Abuse of Functionality vulnerabilities at the sites, which allow to send spam, and ignoring of sites' admins of this problem, it's actual. And taking into account that network from these zombie-servers can be created without wasting of resources (including financial), as it occurs in classical botnets, then this type of botnets is very profitable from financial side. So with time spammers can draw attention at this method of sending spam and at this type of spam-botnets. P.S. If your site will be DDoSed from Google's servers or you will receive spam from IBM's servers, than you will be knowing what type of botnets it is. Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Sending spam via sites and creating spam-botnets MustLive (Jul 20)
- Re: Sending spam via sites and creating spam-botnets Benji (Jul 21)
- Re: Sending spam via sites and creating spam-botnets McGhee, Eddie (Jul 21)
- Re: Sending spam via sites and creating spam-botnets MustLive (Jul 22)