lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <3F21AE8A.2050003@snosoft.com>
From: dotslash at snosoft.com (KF)
Subject: Advances in Spamming Techniques

viva la pr0j3kt m4yh3m!

get a life snot...
-KF


security snot wrote:

>I responded to an earlier post, from a respectable security personality
>known as the dotslasher (d0tslasha@...sfot.com) with a bit of sarcasm.  I
>don't remember the incident 100%, but it was regarding a piece of spam
>that he had recieved, that had a fake gpg signature attached to it.
>
>Recently I've also observed certain advances on bypassing spam filters,
>which are being actively exploited out in the wild.  Since this is
>apparently a serious security-related matter (unsolicited email) I thought
>I might share the body of this email with this list, so that everyone can
>know what to watch out for in the future, and begin to develop better
>antispam security filters.
>
><spam>
>We meet h0t y0ung guys (18-24) all the time who want to get   fiuic ked,
>to feel a hard c0ck in their   aiss   for the very first time, and we've
>made it our mission in life to help as many of these hot   tiwinks   as
>we can. They're a horny bunch and they spend a fair amount of time
>covered in   sipunk, f1uicking  and suiciking c0ck like champions.
>
>One of our "students":
>
>Name: William Age: 18 Comments: 3 c0cks are better than 1!
>When we met William he was so shy that we teamed him up with 2 of our
>best educators... Jeff and Steven had sweet Willie suiciking  c0ck like
>an old pro in no time.
>Contents: Full-length downloadable harid core video plus 150 pics.
>
>
>Let's go?
></spam>
>
>Normally, spam filters will score on phrases such as "hot young guys" and
>"hard core" (and other variations, such as "hardcore"); words like
>"fucked", "cock", "sucking", etc.  In this bit of unsolicited email that I
>recieved after making a post to alt.gay.* (sorry, there may be minors
>reading the list and I wouldn't want them to know where they can be
>exposed to such adult conversations - here I am, exercising my right to
>limited free speech), we can observe that those filters are being bypassed
>by altering the spelling of the words and emulating "l33tspeak".
>
>Providing better regular expressions to mail filters, to account for this
>type of attack, is probably the best idea.  What we're seeing here is a
>spinoff of polymorphic shellcode and attack mechanisms (originally
>designed to bypass Intrusion Detection Systems) being applied to more
>tangible areas of technology.  It is interesting, however, to see
>technology evolve in this way.
>
>For those of you who don't understand how this could be a security-related
>matter, imagine trying to attack an "internal" mailserver on a network,
>where mail is forwarded from a spam-filtering proxy.  Normally, the
>filters on the mail proxy would drop your message in transit, before
>reaching the vulnerable mailserver.  By applying stealthlike operations on
>our spam, we're able to bypass the filters and have our malicious email
>attack the victim.
>
>I'd like to thank KF for his assistance in preparing this post, and for
>his many intelligence discussions on this mailing list.  I'd also like to
>thank his colleague dug-h0 y0ng (expl0it1t13z) for a concise and accurate
>paper on exploiting format string vulnerabilities; his paper addressed
>many things that the five-hundred other papers on the subject managed to
>do correctly.
>
>I plan on arranging an academic study into the subject of bypassing spam
>filters, and how this affects the stability of the internet.  If anyone is
>interested in working on this with me, please drop me a message.
>
>Thanks,
>-snot
>
>-----------------------------------------------------------
>"Whitehat by day, booger at night - I'm the security snot."
>- CISSP / CCNA / A+ Certified - www.unixclan.net/~booger/ -
>-----------------------------------------------------------
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>  
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ