lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <40DD6D51.17033.4B3E549@localhost>
From: stuart at cyberdelix.net (lsi)
Subject: defamatory joe job attack by botnet

On 26 Jun 2004 at 11:51, Aditya, ALD [ Aditya Lalit Deshmukh ] wrote:

> > I can also confirm that this is continuing from one of my many email adresses also.
> 
> so now we know that not only the spammers are slime and are the people who do "organised crime" but they are rasists 

> i know this has nothing to do with security so please send mail on my personal address and *NOT* to the list  

One of the reasons I posted was because although the spam is not a 
vulnerability in itself, it is evidence which leads back to folks who 
have done a lot of damage (see: Sobig) -- and who knows what else.

It has to do with security because we're getting a better picture of 
what these people look like.

For instance, it also appears they are German, or Dutch, or they have 
German or Dutch connections.  And they might even live in a Turkish 
area.  Etc ...

Some people mailed me and said this is happening all the time to 
everyone - I can't correlate that as I only saw a few bounces from 
one ISP.  An automated and/or large-scale joe-job makes a mess. I'm 
not seeing constant traffic like this, so I conclude its not occuring 
constantly.   Maybe one address gets used to spam a range of 
addresses on one ISP.  This would keep the bounces down (fits the 
observed circumstances of just a few bounces) ... and would suggest 
the purpose is to spread the hatemail, not defame the spoofed sender 
(switching addresses would mean the mail comes from someone else, 
diluting any defamatory effect).

I got two bounces.  The original recipients were louise@...con.co.uk 
and nicola@...con.co.uk (my original message shows netscalibur, who 
are apparently providing some kind of backend service for dircon).

Note alphabetic proximity of recipients.. L and N

The bot was going through a list ..... but as that's all the bounces 
I saw, I conclude addresses other than my own were used to spam the 
rest of the alphabet, and other ISPs.

So that's a lot of people who have had their names associated with 
that stuff.  Spamming might be a crime in some countries, but 
tarnishing the names of others is almost certainly a crime in all 
countries.  When they finally get arrested it will be 200 million 
counts of spamming, and also, 50000 counts of defamation (or whatever 
crime it actually is..) ... pesky automated solutions!  

RISK: When you program a robot to commit a crime, you are asking for 
trouble.

Stuart

---
Stuart Udall
stuart at@...erdelix.dot net - http://www.cyberdelix.net/

--- 
 * Origin: lsi: revolution through evolution (192.168.0.2)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ