| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: dotslash at snosoft.com (KF) Subject: Advances in Spamming Techniques viva la pr0j3kt m4yh3m! get a life snot... -KF security snot wrote: >I responded to an earlier post, from a respectable security personality >known as the dotslasher (d0tslasha@...sfot.com) with a bit of sarcasm. I >don't remember the incident 100%, but it was regarding a piece of spam >that he had recieved, that had a fake gpg signature attached to it. > >Recently I've also observed certain advances on bypassing spam filters, >which are being actively exploited out in the wild. Since this is >apparently a serious security-related matter (unsolicited email) I thought >I might share the body of this email with this list, so that everyone can >know what to watch out for in the future, and begin to develop better >antispam security filters. > ><spam> >We meet h0t y0ung guys (18-24) all the time who want to get fiuic ked, >to feel a hard c0ck in their aiss for the very first time, and we've >made it our mission in life to help as many of these hot tiwinks as >we can. They're a horny bunch and they spend a fair amount of time >covered in sipunk, f1uicking and suiciking c0ck like champions. > >One of our "students": > >Name: William Age: 18 Comments: 3 c0cks are better than 1! >When we met William he was so shy that we teamed him up with 2 of our >best educators... Jeff and Steven had sweet Willie suiciking c0ck like >an old pro in no time. >Contents: Full-length downloadable harid core video plus 150 pics. > > >Let's go? ></spam> > >Normally, spam filters will score on phrases such as "hot young guys" and >"hard core" (and other variations, such as "hardcore"); words like >"fucked", "cock", "sucking", etc. In this bit of unsolicited email that I >recieved after making a post to alt.gay.* (sorry, there may be minors >reading the list and I wouldn't want them to know where they can be >exposed to such adult conversations - here I am, exercising my right to >limited free speech), we can observe that those filters are being bypassed >by altering the spelling of the words and emulating "l33tspeak". > >Providing better regular expressions to mail filters, to account for this >type of attack, is probably the best idea. What we're seeing here is a >spinoff of polymorphic shellcode and attack mechanisms (originally >designed to bypass Intrusion Detection Systems) being applied to more >tangible areas of technology. It is interesting, however, to see >technology evolve in this way. > >For those of you who don't understand how this could be a security-related >matter, imagine trying to attack an "internal" mailserver on a network, >where mail is forwarded from a spam-filtering proxy. Normally, the >filters on the mail proxy would drop your message in transit, before >reaching the vulnerable mailserver. By applying stealthlike operations on >our spam, we're able to bypass the filters and have our malicious email >attack the victim. > >I'd like to thank KF for his assistance in preparing this post, and for >his many intelligence discussions on this mailing list. I'd also like to >thank his colleague dug-h0 y0ng (expl0it1t13z) for a concise and accurate >paper on exploiting format string vulnerabilities; his paper addressed >many things that the five-hundred other papers on the subject managed to >do correctly. > >I plan on arranging an academic study into the subject of bypassing spam >filters, and how this affects the stability of the internet. If anyone is >interested in working on this with me, please drop me a message. > >Thanks, >-snot > >----------------------------------------------------------- >"Whitehat by day, booger at night - I'm the security snot." >- CISSP / CCNA / A+ Certified - www.unixclan.net/~booger/ - >----------------------------------------------------------- >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.netsys.com/full-disclosure-charter.html > > >
Powered by blists - more mailing lists