[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <506258B6-B3EE-4F02-827E-606B50D27004@b3nji.com>
Date: Wed, 21 Jul 2010 11:44:50 +0100
From: Benji <me@...ji.com>
To: MustLive <mustlive@...security.com.ua>
Cc: "<full-disclosure@...ts.grok.org.uk>" <full-disclosure@...ts.grok.org.uk>
Subject: Re: Sending spam via sites and creating
spam-botnets
> P.S.
>
> If your site will be DDoSed from Google's servers or you will receive spam
> from IBM's servers, than you will be knowing what type of botnets it is.
>
Pjear bitches.
Sent from my iPhone
On 20 Jul 2010, at 19:50, "MustLive" <mustlive@...security.com.ua> wrote:
> Hello participants of Full-Disclosure!
>
> In continue to my last month's article Using of the sites for attacks on
> other sites and my previous article about creating of botnet from
> zombie-servers and program DDoS attacks via other sites execution tool
> (DAVOSET), I want to draw your attention to another aspect of Abuse of
> Functionality vulnerabilities. At the end of last week I wrote new article
> Sending spam via sites and creating spam-botnets
> (http://websecurity.com.ua/4382/). Which I'll tell you briefly about.
>
> Similarly to using of the sites for attacks on other sites via Abuse of
> Functionality vulnerabilities, it's also possible via Abuse of Functionality
> to use sites for sending spam.
>
> There are many such vulnerabilities in Internet, which I wrote about many
> times, as vulnerable sites, as vulnerable plugins (which used at many
> sites). So many sites can be used for sending spam.
>
> Using of Abuse of Functionality for sending spam.
>
> Researching of such vulnerabilities I begun already in 2007. From that time
> I found many web sites with such vulnerabilities and also vulnerable plugins
> for popular web applications. Particularly such plugins as WP-ContactForm
> for WordPress, Contact Form ][ for WordPress and com_alfcontact for Joomla.
>
> Creating of spam-botnets from sites.
>
> Similarly to tools for conducting of DDoS attacks via Abuse of Functionality
> vulnerabilities, as for example DAVOSET, in exactly the same way the tools
> for mass spam sending can be created. Via multiple Abuse of Functionality
> vulnerabilities at different sites. I.e. these vulnerabilities can be used
> for creating of spam-botnets with zombie-servers. And taking into account
> that spam will be sending from servers of well-known companies, then very
> likely that these letters will bypass spam-filters.
>
> Taking into account widespread of Abuse of Functionality vulnerabilities at
> the sites, which allow to send spam, and ignoring of sites' admins
> of this problem, it's actual. And taking into account that network from
> these zombie-servers can be created without wasting of resources (including
> financial), as it occurs in classical botnets, then this type of botnets is
> very profitable from financial side. So with time spammers can draw
> attention at this method of sending spam and at this type of spam-botnets.
>
> P.S.
>
> If your site will be DDoSed from Google's servers or you will receive spam
> from IBM's servers, than you will be knowing what type of botnets it is.
>
> Best wishes & regards,
> MustLive
> Administrator of Websecurity web site
> http://websecurity.com.ua
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists