Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Mailing lists and unsolicited/malicious spam
From: GuidoZ <uberguidoz () gmail com>
Date: Mon, 20 Dec 2004 02:27:05 -0500

Yeah the last time I can remember that someone tried that on FD, was
that some called exploit that had a IRC trojan in it...it was discovered
after about 5 secs..lol

Ah yes - that perl script that magically appeared in the tmp
directory. heh, hey, can't blame the guy for trying.

Also to touch on the Nigerian scam, I get more of those to my "list
only" address then anything else. I've never seen so many per day
either... they must be crawling the lists, desperate for suckers. I
dragged someone along for a few months just for $hits and giggles. lol
He sent me pictures, passport photocopy, bank transfer statements, all
kinds of good stuff. I posted it over on: http://www.scamorama.com/

Good times.

--
Peace. ~G


On Fri, 26 Nov 2004 13:44:01 -0600, Todd Towles
<toddtowles () brookshires com> wrote:
Yeah the last time I can remember that someone tried that on FD, was
that some called exploit that had a IRC trojan in it...it was discovered
after about 5 secs..lol

-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of Ron
Sent: Friday, November 26, 2004 12:40 PM
To: n3td3v
Cc: full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] Mailing lists and
unsolicited/malicious spam

One thing to note, however, is that people who post on this
list would tend to be the ones who know better than to listen
to spam or to open viruses or to help out those pool old
Nigerian Diplomats.


n3td3v wrote:

How many people are actually subscribed (on FD) and what are the
general figures for subscribers for high profile mailing
lists, has any
figures ever been released? And would the theft of the list
of e-mails
subscribed be of value to spammers? I think it would be, I hope FD
admin is up to date with and keeping tracks of bugs as the
rest of us.
If malicious hackers/script kiddies got hold of the list, I
think they
would be able to attack a good percentage of inboxes with
whatever they
send. Weather it be porn spam or a phishing to take
passwords or if it
be malcious code to take advantage of POP mail clients via SMTP.

I think already FD is targeted by spam/phishing hackers who wish to
collect e-mail addresses for further exploration. Perhaps
posting on FD
could be a security risk in itself (well not just FD but
mailing lists
online in general) as far as POP mail clients and SMTP is concerned.
(web-based e-mail has its own problems which usually don't have the
risk of taking over computers like mail clients do. Usually
web-based
e-mail is just at risk from xss/cookie disclosure/account theft,
whereas malicious code sent to mail clients can take over whole
computer systems)

For those of you who already have a "mailing list only"
e-mail address
and a seperate address for work related/corporate/company
matters, do
you see a different level of unsolicited spam, compared to the work
address or other private e-mail address for friends and family? I'm
thinking about setting up the same myself, just for experimental
reasons! I think i'll find some differences between the two.

Sorry if you don't care about anti-spam, but its something i'm
interested in. Sorry to all the script kiddie hax0rs who
don't like me
working against you and your e-mail collecting bots!

Plus, do FD admin and other high profile mailing lists have
honey pots
or similar methods to catch FD/mailing list born spam? I
believe a big
mailing list can have its own domestic/internal spam,
seperate from the
general internet who are not subscribed to the given mailing list or
lists, and even different mailing lists having its own group of
spammers targeting them, with its own nature of spam/phish/malicious
code exploration.

Thanks,
n3td3v

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html





_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault