lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Thu, 06 Dec 2007 04:02:40 -0000
From: "lsi" <stuart@...erdelix.net>
To: full-disclosure@...ts.grok.org.uk
Subject: Inside the "Ron Paul" Spam Botnet

[Half the backstory, gg, lol, etc.  And we are led to somewhere in 
Eastern Europe, a dead-end I hear you say!  No, no no... let's think 
like a spammer, one who just had his botnet toasted ... he knows the 
identity of his sponsor.  That sponsor, if exposed, stands to lose a 
lot, and thus that identity is worth money.  My advice to the spammer 
now is to approach a major western media outlet and sell them your 
story.  At least that way you cover the loss of your botnet.  We'd 
all just love to find out which lowlife paid you, even more than we'd 
love to know who you are.  Don't leave the CIS tho ... - Stu]

Inside the "Ron Paul" Spam Botnet

URL: http://www.secureworks.com/research/threats/ronpaul
Date: December 4, 2007
Author: Joe Stewart

On the weekend of October 27, 2007, the Internet was suddenly 
bombarded with a rash of spam emails promoting U.S. presidential 
candidate Ron Paul. The spam run continued until Tuesday, October 30, 
when it stopped as suddenly as it began. At the same time, political 
blogs began to light up, accusing the campaign (or at least its 
ardent supporters) of running a criminal botnet for political 
purposes. We decided to cut through the spin and take a closer look 
at this botnet to determine its origins and shine some light on who 
might be responsible.

Tracking the Spam

Tracking specific spam back to a particular piece of botnet malware 
is somewhat challenging, but given the right cooperation between 
researchers who hold different pieces of the puzzle, ...

[continues at http://www.secureworks.com/research/threats/ronpaul ..]

---
Stuart Udall
stuart at@...erdelix.dot net - http://www.cyberdelix.net/

--- 
 * Origin: lsi: revolution through evolution (192:168/0.2)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ