Slashdot Mirror
Examining an Automated Spam Tool
Saint Aardvark writes "SecurityFocus has published an excellent column detailing how spammers r00ted an Apache server, and used it to send spam. The tool they used is (I hate to admit it) pretty sophisticated: it has macro capabilities, picks up email addresses from and reports success or failure to the master server. It's a very frightening read...and so is this: Message Labs reports that they now intercept 27 spam emails per second, up from 2 per second this time last year. Virus-created proxies are mainly to blame."
One day I noticed that one of my remote servers was sending 24 hours a day a continuous 11Kbytes stream, using the 100% of the upload bandwidth (128Kbits).
Seems greed has once again turned around and bit someone in the ass (in this case it was a good thing). So all these spammers really need to do is slow down the avalanche of spam somewhat, and throttle their speeds when relaying. Otherwise, how long would this have went on for if he hadnt noticed his upload being maxed?
Although I haven't experienced spam that goes so far, I have received (in my special spam account for playing with Nigerians and lottery managers) quite a few mails with requests to confirm my e-mail address. It works like this - you get a mail saying something a la: "I am controlling the e-mail sent to my inbox for the following address: sucker@born.every.minute.com. By asking for you to confirm that you really sent email to me I can ensure that I receive no spam and that your email address really exists. This is a one time confirmation, please click the link below and your email will be delivered straight away, now and in the future. Regards, Alberto Huber"
The funny thing about it was that the "I" in question was neither someone I sent mail to nor someone I know at all.
Now if they think I'm going to go click the link to confirm that my e-mail address exists, then they would surely be willing to buy some property on Mars I have for sale. Radiation-free. Really.
People say I'm crazy, I got diamonds on the soles of my shoes...
I think it's time we get a new mail protocol.
If we can somehow get a list of relays authorized for the sender's domain, it would be easier to flag a message as SPAM.
Also, I think the messages should be stored on the relay, with just a URL sent in the mail body. It would solve two problems:
* The size of the message will be limited by the size of the sender's mailbox.
* It will use more resources on the relay, and the admin should be less likely to run an open relay.
Death has been proven to be 99% fatal in lab rats.
The spam contains ads for the "Asta Design Group", which has been widely spamvertized. A bit of searching turns up this address:
360 NE 49 St
Fort Lauderdale, Florida USA 33334
E-mail: seafish1@ix.netcom.com
Another lead gives us
SeafishNET
360 NE 49 St.
Oakland Park, Florida 33334 USA
(954) 351-7961
seafish1@ix.netcom.com
Same address and zip code, but in Oakland Park, a Ft. Lauderdale neighborhood. Now we have a phone number. Google gives us
Checking the satellite imagery, that's a tract house backing up to a six-lane highway. It's not a mailbox service.
Since we're talking about felony computer intrusion here, that's the address to give the cops. This may or may not be the intruder, but they probably know who it is.