Home page logo

fulldisclosure logo Full Disclosure mailing list archives

RE: Mailing lists and unsolicited/malicious spam
From: "Todd Towles" <toddtowles () brookshires com>
Date: Fri, 26 Nov 2004 13:44:01 -0600

Yeah the last time I can remember that someone tried that on FD, was
that some called exploit that had a IRC trojan in it...it was discovered
after about 5 secs..lol 

-----Original Message-----
From: full-disclosure-admin () lists netsys com 
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of Ron
Sent: Friday, November 26, 2004 12:40 PM
To: n3td3v
Cc: full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] Mailing lists and 
unsolicited/malicious spam

One thing to note, however, is that people who post on this 
list would tend to be the ones who know better than to listen 
to spam or to open viruses or to help out those pool old 
Nigerian Diplomats.

n3td3v wrote:

How many people are actually subscribed (on FD) and what are the 
general figures for subscribers for high profile mailing 
lists, has any 
figures ever been released? And would the theft of the list 
of e-mails 
subscribed be of value to spammers? I think it would be, I hope FD 
admin is up to date with and keeping tracks of bugs as the 
rest of us. 
If malicious hackers/script kiddies got hold of the list, I 
think they 
would be able to attack a good percentage of inboxes with 
whatever they 
send. Weather it be porn spam or a phishing to take 
passwords or if it 
be malcious code to take advantage of POP mail clients via SMTP.

I think already FD is targeted by spam/phishing hackers who wish to 
collect e-mail addresses for further exploration. Perhaps 
posting on FD 
could be a security risk in itself (well not just FD but 
mailing lists 
online in general) as far as POP mail clients and SMTP is concerned. 
(web-based e-mail has its own problems which usually don't have the 
risk of taking over computers like mail clients do. Usually 
e-mail is just at risk from xss/cookie disclosure/account theft, 
whereas malicious code sent to mail clients can take over whole 
computer systems)

For those of you who already have a "mailing list only" 
e-mail address 
and a seperate address for work related/corporate/company 
matters, do 
you see a different level of unsolicited spam, compared to the work 
address or other private e-mail address for friends and family? I'm 
thinking about setting up the same myself, just for experimental 
reasons! I think i'll find some differences between the two.

Sorry if you don't care about anti-spam, but its something i'm 
interested in. Sorry to all the script kiddie hax0rs who 
don't like me 
working against you and your e-mail collecting bots!

Plus, do FD admin and other high profile mailing lists have 
honey pots 
or similar methods to catch FD/mailing list born spam? I 
believe a big 
mailing list can have its own domestic/internal spam, 
seperate from the 
general internet who are not subscribed to the given mailing list or 
lists, and even different mailing lists having its own group of 
spammers targeting them, with its own nature of spam/phish/malicious 
code exploration.


Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]