| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon Sep 12 15:21:49 2005 From: xploitable at gmail.com (n3td3v) Subject: Automated mass abuse of form mailers A worm/virus code is in the underground, where the malicious code searches for: http://groups.google.com/group/n3td3v/browse_thread/thread/74395c44ef94c107/729603543ed1379e?q=vxer+vectors&rnum=1#729603543ed1379e And then sends whatever the service is invite/article or web link, depending on what the form's function is, this will bring carriers to a crawl, as the mass amount of mail being sent. This is nothing new, and the most high profile offender was Yahoo Inc, as reported by me on F-D a while back. Yahoo now have (unconfirmed) patched their mailers and forms for invites to Yahoo services. I have been researching the potential of VXers using the mass amount of vulnerable webforms on the web for a long time. The most common offender are online media news outlets, offering you to send an article link to a friend. The VXer wouldn't worry what the content of the mail being sent is, weather it be a random invite to a service or a link/ news story, to the VXer, all he cares about is the data being sent, to slow down networks/ internet. Funnily tho, many web forms for invites and news stories, allow the user to add their own message, so this can be filled with garbage data, or include executable exploit code, for a particular software flaw. Regradless of this, its the fact that these web forms are accessable, with no word verification, to stop bots/zombies/worm/virii code from exploiting these mailers. CNET News is the _only_ media outlet or site generally that has bothered to protect its send this article web form and functionality. The rest from my observations are wide open, millions of them across the web. Thats alot of data, that could be sent across web. To me its a ticking time bomb. The Yahoo thingy I just mentioned had an added twist that the invites sent, by-passed Yahoo Mail's spam technology, sending all mail straight to the inbox of the user, instead of the bulk folder. This was because the mailers were trusted by Yahoo's anti-spam, thinking the invites were coming from a trusted corporate source, but they weren't. http://seclists.org/lists/fulldisclosure/2004/Oct/0151.html http://lists.grok.org.uk/pipermail/full-disclosure/2005-March/032128.html http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026967.html http://readlist.com/lists/lists.netsys.com/full-disclosure/1/8435.html And so on. Way back in 2004 was when I realised the threat to the wider web and not just Yahoo's network. You're talking about spammers using mailers to advertise a product, their connected with, however the threat of infected computers sending wanted invites, web links, news articles from websites to consumer and corporate networks, is just as great, if not greater. Thats all for now. Thanks... On 9/12/05, Michael Holzt <kju-fd@...n.org> wrote: > Automated mass abuse of form mailers > -- http://www.geocities.com/n3td3v
Powered by blists - more mailing lists