Home page logo

fulldisclosure logo Full Disclosure mailing list archives

nac-gaf spam attacks
From: "Steve Cooperman" <worried () gmail com>
Date: Sun, 18 Mar 2007 16:56:44 -0400

Good Afternoon,
I'm seeing wide-spread spam attacks across several different shared hosting
servers, operated by multiple companies. The attacks forge emails on the
fly, and follow a pattern. The spam first takes the client's domain name,
for example, plastic.com. Then adds the word "nac" to the beginning, and
"gaf" to the end, making the from email address nacplasticgaf () plastic com .
If the domain were rockin.com, the email would be nacrockingaf () rockin com .
Byob.com, nacbyobgaf () byob com, etc.

Has anyone else noticed this trend this afternoon? It seems they just
started a couple of hours ago. It doesn't seem like a security risk, just
standard forging of email headers. The main company I work for makes use of
SPF, however not every mail server on the internet makes use of it. I'm only
submitting this because it seems like a wide-spread issue this afternoon.

All the best,
Mike Bailey
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
  • nac-gaf spam attacks Steve Cooperman (Mar 18)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]