Vulnerability Development mailing list archives

Re: Strange e-mails from Excite.com

From: Dave Woods <dave () TECHWEAVERS NET>
Date: Fri, 9 Feb 2001 09:12:52 -0700

one possibility might be a spam list verifier. sends out a wierd message in
the hopes that you will respond. once a response has been received the list
knows that you have an account active and starts sending you spam or selling
your address. The reason why you can not find the account on excites
directory service might be that the user has been removed already for
sending out just such messages. This to me is one possibility but I doubt
that it is an attack. most people will reply to a strange and vague message
wondering what they are talking about.

my $0.02 Canadian (that is pocket lint in the U.S.)

-----Original Message-----
From: VULN-DEV List [mailto:VULN-DEV () SECURITYFOCUS COM]On Behalf Of Greg
Rice
Sent: Thursday, February 08, 2001 10:33 PM
To: VULN-DEV () SECURITYFOCUS COM
Subject: Re: Strange e-mails from Excite.com


I too have received several emails from various excite.com addresses asking
the same question.  Before that I received a couple of emails from
excite.com addresses directing me to "Find Out About Anyone Fast" websites.
All attempts to find out about the members or reply to the addresses have
failed.

perhaps this is a better questions for the incidents list though...

greg

-----Original Message-----
From: VULN-DEV List [mailto:VULN-DEV () SECURITYFOCUS COM]On Behalf Of
DAVID CULLEN
Sent: Thursday, February 08, 2001 12:57 PM
To: VULN-DEV () SECURITYFOCUS COM
Subject: Strange e-mails from Excite.com


My Web site has received 3 e-mails in the last week, via a Web
Support form (believe it is a CGI form), from the Excite.com
domain. All three e-mails asked verbatim:

"Whats your corporate HQ street address?"

Has anyone else received similar messages in the past week?

I don't know if it is anything--beyond a simple address request--but
my company's supporters have not seen anything similar to these
requests in the last year.

I checked with Excite and I could not find the member names listed
in their directory.

Does anyone know of a possible exploit scenario? I was thinking
of a send-mail attack. Am I being paranoid?

Any thoughts, speculations would be greatly appreciated,

Thanks,
David

Current thread:

Strange e-mails from Excite.com DAVID CULLEN (Feb 08)
- Re: Strange e-mails from Excite.com Greg Rice (Feb 08)
  - Re: Strange e-mails from Excite.com Dave Woods (Feb 10)
  - Re: Strange e-mails from Excite.com fire-eyes (Feb 11)
    - Re: Strange e-mails from Excite.com Blue Boar (Feb 11)
- Re: Strange e-mails from Excite.com Don Tansey (Feb 10)
- <Possible follow-ups>
- Re: Strange e-mails from Excite.com Kristen Brooks (Feb 10)