Network Security: Detailed info on Re: [Full-Disclosure] Mailing lists and unsolicited/malicious spam

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security FullDisclosure

[Top] [All Lists]

Re: [Full-Disclosure] Mailing lists and unsolicited/malicious spam

from [Valdis . Kletnieks] Network Security

[Permanent Link]

Subject:	Re: [Full-Disclosure] Mailing lists and unsolicited/malicious spam
Date:	Fri, 26 Nov 2004 15:13:43 -0500

On Fri, 26 Nov 2004 16:51:27 GMT, n3td3v said:

Yahoo! Groups, a fully featured user group and mailing list has taken
steps to prevent malicious users harvesting new e-mail addresses to
add to spam list databases. They (Yahoo) cut the e-mail address on the
website, so harvesting becomes impossible by only showing the user
side of the e-mail address. Example "n3td3v@...".


So you take that left-hand side, and do this:

for i=1 to 100
        send_spam("leftside@" || common_domain[i]);
done;

OK, so for 95 of them it generates a bogus address, and you might even miss
the actual domain of the person you targeted, but if you get 5 accidental
matches..

(And yes, they do this - when you have 40K zombies, trying 100 million addresses
in the hopes of hiting 100K actual addresses is a sensible way to do things...)

pgpH35q671f9a.pgp
Description: PGP signature

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[Full-Disclosure] Mailing lists and unsolicited/malicious spam, n3td3v Re: [Full-Disclosure] Mailing lists and unsolicited/malicious spam, Ron RE: [Full-Disclosure] Mailing lists and unsolicited/malicious spam, David Taylor Re: [Full-Disclosure] Mailing lists and unsolicited/malicious spam, Ralph Angenendt RE: [Full-Disclosure] Mailing lists and unsolicited/malicious spam, pingywon MCSE Re: [Full-Disclosure] Mailing lists and unsolicited/malicious spam, Danny RE: [Full-Disclosure] Mailing lists and unsolicited/malicious spam, pingywon MCSE RE: [Full-Disclosure] Mailing lists and unsolicited/malicious spam, Todd Towles Re: [Full-Disclosure] Mailing lists and unsolicited/malicious spam, n3td3v Re: [Full-Disclosure] Mailing lists and unsolicited/malicious spam, Valdis . Kletnieks <= Re: [Full-Disclosure] Mailing lists and unsolicited/malicious spam, Andrew Farmer Re: [Full-Disclosure] Mailing lists and unsolicited/malicious spam, Valdis . Kletnieks Re: [Full-Disclosure] Mailing lists and unsolicited/malicious spam, devis Re: [Full-Disclosure] Mailing lists and unsolicited/malicious spam, Valdis . Kletnieks RE: [Full-Disclosure] Mailing lists and unsolicited/malicious spam, Todd Towles RE: [Full-Disclosure] Mailing lists and unsolicited/malicious spam, Todd Towles

Previous by Date:	[Full-Disclosure] [ GLSA 200411-35 ] phpWebSite: HTTP response splitting vulnerability, Matthias Geerdsen
Next by Date:	RE: [Full-Disclosure] Mailing lists and unsolicited/malicious spam, Todd Towles
Previous by Thread:	Re: [Full-Disclosure] Mailing lists and unsolicited/malicious spam, n3td3v
Next by Thread:	Re: [Full-Disclosure] Mailing lists and unsolicited/malicious spam, Andrew Farmer
Indexes:	[Date] [Thread] [Top] [All Lists]