| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 31 Oct 2007 03:00:25 -0000 From: "lsi" <stuart@...erdelix.net> To: "Aaron Katz" <atkatz@...il.com>, full-disclosure@...ts.grok.org.uk Subject: Re: spammer wades into US Presidential race I didn't do much in the way of research, cos this is surely spam, and we know spammers forge as much as possible. So, I presume Derk Gaston doesn't exist (I note his email address is janek@...withxxx.com, unlikely). I note the mail is coming from .cn, a quick ping and traceroute confirm this, again, it's unlikely Mr Paul is posting his newsletter via China. I also note the forged Received: line containing the hostname dns02e.hants.gov.uk (this must be forged since it claims that host has the IP 59.52.247.195, yet my own mailserver has resolved 59.52.247.195 to 195.247.52.59.broad.nc.jx.dynamic.163data.com.cn, and besides, there's no reason for Hampshire Council to be forwarding my mail, especially when it's concerning an American politican and it's sent from China by a guy named Derk with an email address that starts with Jane ... Finally I note the randomness inserted and the end of the subject line and body. That looks like professionally-produced spam, if its possible for spam to be professional, which is why I forwarded it, because I don't recall seeing spammers take much of an interest in politics before. Unless of course Ron Paul commissioned the spam, which is unlikely but certainly newsworthy if so. All of these unlikelies got me curious... Stu On 28 Oct 2007 at 12:04, Aaron Katz wrote: Date sent: Sun, 28 Oct 2007 12:04:13 -0400 From: "Aaron Katz" <atkatz@...il.com> To: stuart@...erdelix.net Subject: Re: [Full-disclosure] spammer wades into US Presidential race Copies to: full-disclosure@...ts.grok.org.uk > Could you provide a little more information/investigation (I'm too > lazy, at this very moment, to do the background investigation that you > should have provided, like who derk gaston is)? According to the > headers, this looks like it might be forged (not just the little "may > be forged" notice, but the source locations, and even the name of the > person sending the mail - what association do they have to Ron Paul?) > > On 10/28/07, lsi <stuart@...erdelix.net> wrote: > > [Well, it could be worse. Spam that wants to end the Iraq war, > > great! - Stu] > > > > Return-Path: <janek@...withxxx.com> > > Received: from 195.247.52.59.broad.nc.jx.dynamic.163data.com.cn > > (195.247.52.59.broad.nc.jx.dynamic.163data.com.cn [59.52.247.195] > > (may be forged)) > > by x.y.net (8.13.1/8.13.1) with ESMTP id l9S5irW8004442 > > for <x@...et>; Sun, 28 Oct 2007 05:44:54 GMT > > Received: from [59.52.247.195] by dns02e.hants.gov.uk; Sun, 28 Oct > > 2007 05:44:51 +0000 > > Message-ID: <000701c81925$02a66001$93e966b1@...dwrot> > > From: "derk gaston" <janek@...withxxx.com> > > To: <x@...et> > > Subject: Government Wasteful Spending Eliminated By Ron Paul yGVed > > Date: Sun, 28 Oct 2007 03:57:28 +0000 > > > > [...] > > > > Hello Scott, > > > > Ron Paul is for the people, unless you want your children to > > have human implant RFID chips, a National ID card and create > > a North American Union and see an economic collapse far worse > > than the great depression. Vote for Ron Paul he speaks the > > truth and the media and government is afraid of him. This is > > the last honest politican left to bring this country out of > > this rut from the War Profiteers and bush Administration has > > created. Get motivated America, don't believe the lies of the > > media he has also WON the GOP Debate On Sunday! Value Freedom > > and Liberty instead of corporate lies and corruption. Bypass > > this media blackout they are doing to Ron Paul, tell your family > > and friends and get involved in a local group at meetup.com make > > your voice heard! He will end the War In Iraq immediately, > > He will eliminate the IRS and wasteful government spending, and > > eliminate the Federal Reserve and restore power to the people > > and the only person not a member on the CFR. Can any other runner > > make these claims or give Americans the true freedom we were all > > raised to believe? We are all economic slaves to the banks and the > > illegal federal Reserve. This is why our currency is worth nothing > > because of Hidden Inflation Tax and the IRS taking everything > > you make! > > > > ** RON PAUL WILL STOP THE IRAQ WAR IMMEDIATELY! ** > > > > He has NEVER voted: > > * to raise taxes > > * for an unbalanced budget > > * to raise congressional pay > > * for a federal restriction on gun ownership > > * to increase the power of the executive branch > > > > He HAS voted: > > * against the Iraq war > > * against the inappropriately named USA PATRIOT act > > * against regulating the internet > > * against the Military Commissions Act > > > > He will eliminate the IRS, Wasteful Government Spending & > > Stop The Iraq War Immediately! > > > > Most importantly, he voted NO on anything in Congress that > > is not allowed by the Constitution. And he Despises any > > politican that does not do their job for the people and lives > > up to the constitution! > > > > Google.com & Youtube.com Search: "Ron Paul" > > Join The Revolution! > > > > *************************************** > > We Need A Real President That Will Restore And Protect > > Americans! Stop The War! Protect Our Borders! > > *********VOTE RON PAUL 2008************ > > rIQdkb > > > > > > -- End -- > > > > > > --- > > Stuart Udall > > stuart at@...erdelix.dot net - http://www.cyberdelix.net/ > > > > --- > > * Origin: lsi: revolution through evolution (192:168/0.2) > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > --- Stuart Udall stuart at@...erdelix.dot net - http://www.cyberdelix.net/ --- * Origin: lsi: revolution through evolution (192:168/0.2) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists