lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ADC6B4D847A6C74A94ECA2B78BEC05DB05928CD0AC@susday214.corp.ncr.com>
Date: Wed, 21 Jul 2010 08:14:46 -0400
From: "McGhee, Eddie" <Eddie.McGhee@....com>
To: MustLive <mustlive@...security.com.ua>,
	"full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Re: Sending spam via sites and creating
 spam-botnets

POC? 

-----Original Message-----
From: full-disclosure-bounces@...ts.grok.org.uk [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of MustLive
Sent: 20 July 2010 19:51
To: full-disclosure@...ts.grok.org.uk
Subject: [Full-disclosure] Sending spam via sites and creating spam-botnets

Hello participants of Full-Disclosure!

In continue to my last month's article Using of the sites for attacks on other sites and my previous article about creating of botnet from zombie-servers and program DDoS attacks via other sites execution tool (DAVOSET), I want to draw your attention to another aspect of Abuse of Functionality vulnerabilities. At the end of last week I wrote new article Sending spam via sites and creating spam-botnets (http://websecurity.com.ua/4382/). Which I'll tell you briefly about.

Similarly to using of the sites for attacks on other sites via Abuse of Functionality vulnerabilities, it's also possible via Abuse of Functionality to use sites for sending spam.

There are many such vulnerabilities in Internet, which I wrote about many times, as vulnerable sites, as vulnerable plugins (which used at many sites). So many sites can be used for sending spam.

Using of Abuse of Functionality for sending spam.

Researching of such vulnerabilities I begun already in 2007. From that time I found many web sites with such vulnerabilities and also vulnerable plugins for popular web applications. Particularly such plugins as WP-ContactForm for WordPress, Contact Form ][ for WordPress and com_alfcontact for Joomla.

Creating of spam-botnets from sites.

Similarly to tools for conducting of DDoS attacks via Abuse of Functionality vulnerabilities, as for example DAVOSET, in exactly the same way the tools for mass spam sending can be created. Via multiple Abuse of Functionality vulnerabilities at different sites. I.e. these vulnerabilities can be used for creating of spam-botnets with zombie-servers. And taking into account that spam will be sending from servers of well-known companies, then very likely that these letters will bypass spam-filters.

Taking into account widespread of Abuse of Functionality vulnerabilities at the sites, which allow to send spam, and ignoring of sites' admins of this problem, it's actual. And taking into account that network from these zombie-servers can be created without wasting of resources (including financial), as it occurs in classical botnets, then this type of botnets is very profitable from financial side. So with time spammers can draw attention at this method of sending spam and at this type of spam-botnets.

P.S.

If your site will be DDoSed from Google's servers or you will receive spam from IBM's servers, than you will be knowing what type of botnets it is.

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua 


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ