lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu Jun 22 00:44:38 2006 From: cardosolistas at contraditorium.com (Cardoso) Subject: phishing and comment spam Initiatives like akismet (http://akismet.com/) are very effective against comment spam, and since web comments are not sensitive as email, a few false positives are not the end of the world. Problem is: It costs CPU and small rent-a-host servers can't handle it. A Movable Type blog that I take care almost died, because someone was spamming it's trackback interface with undreds of messages. No processes left to legitimate users. On Wed, 21 Jun 2006 16:29:10 -0500 (CDT) Gadi Evron <ge@...uxbox.org> wrote: GE> Today we received one of the first phish attempts to be made as a web spam GE> (comment spam / blog spam) attempt. GE> GE> I wasn't convinced, and thought that perhaps it was a way to gather and GE> verify RELEVANT online identities. Someone put me straight. It's phishing. GE> GE> I've often in the past had run-ins with the good folks in the anti virus GE> realm back between 1996 and 2005 who thought Trojan horses and then GE> spyware were not part of their business. Years later the AV business GE> people ruled it is part of their business and ran to catch up. Same with GE> botnets. GE> I've often had friendly discussions with anti spam folks who said phishing GE> isn't part of the spam problem, or interesting to them. Or that if spam is GE> done on a medium other than email, it obviously isn't spam and needs a new GE> name. GE> GE> They were wrong. I wasn't very smart in how I approached the subject GE> matter, though. GE> GE> Today, most anti spam experts consider phishing a priority. Today, Trojan GE> horses, bots and spyware are considered a priority with AV-ers. GE> GE> Web related spam is still in the terminology and turf fighting stage, but GE> with the increasing ROI and interest combined with the decreased success GE> of other mediums over time, we can see the results for our selves. GE> GE> Where there is ROI, the Bad Guys adapt. The Good Guys are a step behind GE> regardless of faith, as we are inherently reactive. Still, we should stop GE> being surprised. :) GE> GE> Today, phishing makes the transition to yet another medium, which is GE> comment spam. GE> GE> Here is a quote of the phish, as it came in the comment spam earlier GE> today: GE> GE> "HEllo, i just wanted to say, after 3 years of playing neopets, GE> i have GE> gotten bored with it and have decided to quit. insted of letting my GE> neopoints and items just sit there and rot, i am gonna give them away. in GE> my years of playing i have made about 6 million neopints and have a couple GE> million neopoints worth of items. all you need to do is send me your GE> screenname and password so i can put the stuff in your account and a GE> reason stating why i should give you my hard earned items." GE> GE> So, we start with neopets and move on to the rest. Welcome phishing to yet GE> another distribution channel, the world of comment spam. GE> GE> Gadi. GE> GE> _______________________________________________ GE> Full-Disclosure - We believe in it. GE> Charter: http://lists.grok.org.uk/full-disclosure-charter.html GE> Hosted and sponsored by Secunia - http://secunia.com/ GE> Allgemeinen Anschulterlaubnis Cardoso <cardoso@...ox.com> - SkypeIn: (11) 3711-2466 / (41) 3941-5299 vida digital: http://www.contraditorium.com site pessoal e blog: http://www.carloscardoso.com
Powered by blists - more mailing lists