Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Mailing lists and unsolicited/malicious spam
From: GuidoZ <uberguidoz () gmail com>
Date: Mon, 20 Dec 2004 02:19:49 -0500

[Big snip]

For those of you who already have a "mailing list only"
e-mail address and a seperate address for work
related/corporate/company matters, do you see a different
level of unsolicited spam, compared to the work address or
other private e-mail address for friends and family? I'm
thinking about setting up the same myself, just for
experimental reasons! I think i'll find some differences
between the two.
This is true, GuidoZ could expand on this fact I know. If he is
around..lol Then again most corporate e-mails systems (and some people
at their house) have very in-depth spam filters and programs to weed out
spam and junk mail. The number would look different and should be
different.

Yeah, I'm around now and then. ;) I have a "list only" email address
(this one) that I started recently and only use for mailing lists. (It
gets around 20 of them or so. Mostly SecFocus lists, also the BTs, few
scattered support lists.) I have noticed an increase in spam - and it
can only come from one place: Spam crawlers. I haven't used this email
address to register software, I haven't given it to anyone, and I
haven't emailed anything BUT a list from it. I'm only getting about 8
spam a day so far, which isn't bad at all. Gmail is good about
catching 99% of them.

As for my other addresses, they are receiving more spam simply because
they have been around longer. However, a few addresses I've created
recently JUST for consulting (it's only on my business card, nowhere
else) hasn't received a single spam message in almost 7 months. (My
Gmail "list-only" account is about the same age.)

The email addresses I've had for a decade are receiving roughly 5,000
spam a day (yes, 5 thousand - wee!). I've given up trying to save them
and don't use them anymore, except to study spam and phishing
attempts. =) In fact, I'm current working with someone at the Georgia
Institute of Technology (gatech.edu) to analyze the different
spam/phishing tactics for better filtration and general knowledge.
Hey, for once spam was good for something...

--
Peace. ~G


On Fri, 26 Nov 2004 08:13:47 -0600, Todd Towles
<toddtowles () brookshires com> wrote:
How many people are actually subscribed (on FD) and what are
the general figures for subscribers for high profile mailing
lists, has any figures ever been released? And would the
theft of the list of e-mails subscribed be of value to
spammers? I think it would be, I hope FD admin is up to date
with and keeping tracks of bugs as the rest of us. If
malicious hackers/script kiddies got hold of the list, I
think they would be able to attack a good percentage of
inboxes with whatever they send. Weather it be porn spam or a
phishing to take passwords or if it be malcious code to take
advantage of POP mail clients via SMTP.
Number 1, I highly doubt than a spam message would be very effective
using the FD list of address only. Number 2, this list is full of
security professional (white, black and grey) and I would guess that
most of the core users you see on here would not just run a attachment
or be fooled by the double extensions trick. Given there most likely are
"normal internet users" on this list but I would guess that number is
pretty low.

I think already FD is targeted by spam/phishing hackers who
wish to collect e-mail addresses for further exploration.
Perhaps posting on FD could be a security risk in itself
(well not just FD but mailing lists online in general) as far
as POP mail clients and SMTP is concerned. (web-based e-mail
has its own problems which usually don't have the risk of
taking over computers like mail clients do. Usually web-based
e-mail is just at risk from xss/cookie disclosure/account
theft, whereas malicious code sent to mail clients can take
over whole computer systems)
Every mailing list is targeted by spammers and phishing. There are
program that are designed to spider google and collect e-mail addresses.
Since this list is mirrored several times in several sites in different
countries, this shouldn't be a surprise.


For those of you who already have a "mailing list only"
e-mail address and a seperate address for work
related/corporate/company matters, do you see a different
level of unsolicited spam, compared to the work address or
other private e-mail address for friends and family? I'm
thinking about setting up the same myself, just for
experimental reasons! I think i'll find some differences
between the two.
This is true, GuidoZ could expand on this fact I know. If he is
around..lol Then again most corporate e-mails systems (and some people
at their house) have very in-depth spam filters and programs to weed out
spam and junk mail. The number would look different and should be
different.

Plus, do FD admin and other high profile mailing lists have
honey pots or similar methods to catch FD/mailing list born
spam? I believe a big mailing list can have its own
domestic/internal spam, seperate from the general internet
who are not subscribed to the given mailing list or lists,
and even different mailing lists having its own group of
spammers targeting them, with its own nature of
spam/phish/malicious code exploration.
I would guess that most spammers don't mail thru mailing list. Most
would use the thousands and thousands of relay bots all over the
internet to hide their e-mail in bulk. When I say in bulk, I mean in
bulk. To target a single list with a crafted message would be anymore
wasteful. Now that doesn't mean it wouldn't work, it would most likely.
But just like in stealing cars or wireless internet. Why take the time
to create the special message (or break the WEP) if you can send out a
general "New Microsoft patch" or "We need your banking info" and get a
10% return. There 10% return will be normal internet users that most
likely don't know about about computers, don't have AV and don't know
about the spam underworld. Spammers don't want to get caught, they want
to use the computers that are still infected with the CodeRed worm.
Unmanged computer heaven. ;)


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault