lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <002f01c35381$2d383210$0200000a@BOB>
From: bugtraq at post.cybercity.dk (Jacob Joensen)
Subject: Advances in Spamming Techniques

dear snot,

Would you mind taking your gay spam whining somewhere else?

Jacob

----- Original Message ----- 
From: "security snot" <booger@...xclan.net>
To: <full-disclosure@...ts.netsys.com>
Sent: Friday, July 25, 2003 11:38 PM
Subject: [Full-Disclosure] Advances in Spamming Techniques


> I responded to an earlier post, from a respectable security personality
> known as the dotslasher (d0tslasha@...sfot.com) with a bit of sarcasm.  I
> don't remember the incident 100%, but it was regarding a piece of spam
> that he had recieved, that had a fake gpg signature attached to it.
>
> Recently I've also observed certain advances on bypassing spam filters,
> which are being actively exploited out in the wild.  Since this is
> apparently a serious security-related matter (unsolicited email) I thought
> I might share the body of this email with this list, so that everyone can
> know what to watch out for in the future, and begin to develop better
> antispam security filters.
>
> <spam>
> We meet h0t y0ung guys (18-24) all the time who want to get   fiuic ked,
> to feel a hard c0ck in their   aiss   for the very first time, and we've
> made it our mission in life to help as many of these hot   tiwinks   as
> we can. They're a horny bunch and they spend a fair amount of time
> covered in   sipunk, f1uicking  and suiciking c0ck like champions.
>
> One of our "students":
>
> Name: William Age: 18 Comments: 3 c0cks are better than 1!
> When we met William he was so shy that we teamed him up with 2 of our
> best educators... Jeff and Steven had sweet Willie suiciking  c0ck like
> an old pro in no time.
> Contents: Full-length downloadable harid core video plus 150 pics.
>
>
> Let's go?
> </spam>
>
> Normally, spam filters will score on phrases such as "hot young guys" and
> "hard core" (and other variations, such as "hardcore"); words like
> "fucked", "cock", "sucking", etc.  In this bit of unsolicited email that I
> recieved after making a post to alt.gay.* (sorry, there may be minors
> reading the list and I wouldn't want them to know where they can be
> exposed to such adult conversations - here I am, exercising my right to
> limited free speech), we can observe that those filters are being bypassed
> by altering the spelling of the words and emulating "l33tspeak".
>
> Providing better regular expressions to mail filters, to account for this
> type of attack, is probably the best idea.  What we're seeing here is a
> spinoff of polymorphic shellcode and attack mechanisms (originally
> designed to bypass Intrusion Detection Systems) being applied to more
> tangible areas of technology.  It is interesting, however, to see
> technology evolve in this way.
>
> For those of you who don't understand how this could be a security-related
> matter, imagine trying to attack an "internal" mailserver on a network,
> where mail is forwarded from a spam-filtering proxy.  Normally, the
> filters on the mail proxy would drop your message in transit, before
> reaching the vulnerable mailserver.  By applying stealthlike operations on
> our spam, we're able to bypass the filters and have our malicious email
> attack the victim.
>
> I'd like to thank KF for his assistance in preparing this post, and for
> his many intelligence discussions on this mailing list.  I'd also like to
> thank his colleague dug-h0 y0ng (expl0it1t13z) for a concise and accurate
> paper on exploiting format string vulnerabilities; his paper addressed
> many things that the five-hundred other papers on the subject managed to
> do correctly.
>
> I plan on arranging an academic study into the subject of bypassing spam
> filters, and how this affects the stability of the internet.  If anyone is
> interested in working on this with me, please drop me a message.
>
> Thanks,
> -snot
>
> -----------------------------------------------------------
> "Whitehat by day, booger at night - I'm the security snot."
> - CISSP / CCNA / A+ Certified - www.unixclan.net/~booger/ -
> -----------------------------------------------------------
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ