Slashdot Mirror

← Back to Stories (view on slashdot.org)

How Hackers Identify Their Targets

Posted by ryuzaki0 on from the drawing-a-bead dept.

narramissic writes "In a recent article, security guru Brent Huston writes about research he did to get inside the minds of spammers and expose some of the processes they use to identify potential targets. Huston says that among the four common ways that spam is spread, the most common method that spammers use is via open relays. Huston's research also revealed that 'they were doing much more server analysis' than he had expected and that they take a multi-step approach: 'They scan the server for proper RFC compliance, and then they send a test message to a disposable address. Only after these are complete did they adopt the tool to dump their spam.'"

12 of 95 comments (clear)

  1. How Hackers Identify Their Targets: by Anonymous Coward · · Score: 5, Funny


    1) Look for SSID "Linksys"

    2) Connect
    3) ????
    4)> Profit!

  2. hacker /= spammer by enlefo · · Score: 5, Insightful

    The title to the story says how hackers identify there targets but the story is about spammer. They are different.

    1. Re:hacker /= spammer by Hamilton+Lovecraft · · Score: 3, Funny

      Editor and author both meant "Nazi Islamofascists".

      --
      step 3: god dammit, it doesn't work
  3. My favorite tool... by $RANDOMLUSER · · Score: 3, Funny

    ...for getting into the minds of spammers is a couple rounds of semi-jacketed .357 hollow-points.

    --
    No folly is more costly than the folly of intolerant idealism. - Winston Churchill
    1. Re:My favorite tool... by Tackhead · · Score: 5, Funny
      > ...for getting into the minds of spammers is a couple rounds of semi-jacketed .357 hollow-points.

      *BLAM!*

      You have received this delivery of copper and lead because you or a friend subscribed you to the "Bullet of the Week" list.

      To opt out of "Bullet of the Week", please have each spammer in your MLM's downline submit the following form in triplicate, including at least one of their own fingerprints, as well as one of your fingerprints, dipped in the bloody goo from your still-steaming remains.

      Your security and privacy are important to us, so please allow 6-8 weeks for us to conduct the proper forensic analysis to verify the identity of your downline member before we can remove you from our "Bullet of the Week" list.

      NOTE TO DOWNLINE MEMBERS: Pay no attention to the fact that the middle of the three forms includes the verbiage "By placing my bloody fingerprint on this form, I hereby opt in to the Bullet of the Week mailing list".

  4. Hackers != Spammers by NaNO2x · · Score: 5, Insightful

    This is the type of negative image that hackers need to stop. I had a long conversation with someone on the differences between hackers and crackers and I can understand the confusion, but spammers and hackers, this is taking it a bit to far.

    --
    Utinam me logica falsa tuam philosophiam totam suffodiant.
  5. Re:Duh... It's so obvious... by laffer1 · · Score: 3, Informative

    Like sendmail is the only mail server to ever have a security problem. iMail and Netscape/iPlanet/Sun One/Java Enterprise mail server comes to mind. Even the holy grail of mail servers (to some) has had issues in the past.

    See http://postfix.it-austria.net/releases/official/po stfix-2.3.3.HISTORY and search for Security.

    I really get sick of this sendmail bashing. There are problems with sendmail and they are trying to rewrite sendmail to solve them. There is no such thing as perfectly secure software. Even OpenBSD has had a remote security hole in 8 years :)

    --
    MidnightBSD: The BSD for Everyone
  6. Re:Duh... It's so obvious... by daeg · · Score: 4, Insightful

    It doesn't take a security vulnerability to make sendmail vulnerable... all it takes is a rookie Linux administrator configuring it and setting it up incorrectly.

    Many times I imagine that rookie administrators are trying to get sendmail just to work right so they enable something they shouldn't. It works... and they never bother to address their issue correctly, or even know that they addressed it incorrectly.

  7. The Article is WRONG by E++99 · · Score: 3, Informative

    While I don't doubt the writer's observation that "continuous scans for open mail systems are ongoing in most IP blocks," his claim that this is the method that generates the bulk of spam is wrong. As someone who gets about 200 spams a day over three domains, and successfully blocks over 99% of it without using any techniques that can create false positives, I can tell you that well over 90% of spam comes from "servers" on IP addresses allocated for dial-up, dsl, cable or the like. In other words, either spammers running their own server software on an ISP account, or, more likely, botnets.

  8. Re:Duh... It's so obvious... by whoever57 · · Score: 4, Informative
    I really get sick of this sendmail bashing. There are problems with sendmail and they are trying to rewrite sendmail to solve them. There is no such thing as perfectly secure software.
    Perfectly secure: no. But look at Secunia's reports:

    Postfix 1.x:

    Affected By 1 Secunia advisories

    Unpatched 0% (0 of 1 Secunia advisories)

    Postfix 2.x:

    Affected By 0 Secunia advisories

    in contrast, look at Sendmail 8:

    Affected By 10 Secunia advisories

    Unpatched 10% (1 of 10 Secunia advisories)

    So, given that there are unpatched vulnerabilities in Sendmail, why should you wait for the team to finish re-writing the code? Now, it is possible that Sendmail has some advantages in very high volume situations (although there are some older benchmarks that show Postfix was faster), but why would you want to use an MTA that is more difficult to configure and has known vulnerabilities?

    I believe the main reason that people use Sendmail is that, having gone to the trouble to learn how to configure it, they don't want to waste that effort (as well as it being the default MTA in many distributions).

    --
    The real "Libtards" are the Libertarians!
  9. Re:Oh, give it up, already! by kinglink · · Score: 3, Insightful

    except hackers were original and always were good, it's because of the media who has told us over and over hackers are bad.

    Read "Hackers" the book, written in 1984, long before any of those media morons that you believe now had even thought of the word.

    Hacker is a term of skill, cracker is a term for a person who breaks into systems. And as you say just because the media tells me a banana is a car doesn't make it so.

  10. Re:Duh... It's so obvious... by strabo · · Score: 3, Informative
    Unpatched 10% (1 of 10 Secunia advisories)

    Oooooh! Unpatched vulnerability!! Eek!

    Sendmail fails to log all relevant data

    Critical: Not critical

    Description:

    Sendmail fails to log all details about connections if supplied with an IDENT of more then 95 characters.

    It is possible to hide your identity from the sendmail log, if you supply an IDENT that is more than 95 characters, information about your identity however will still be written in any email you may sent. The problem is that someone may try to footprint your system, but when you check your log files, you will not be able to find the IP address and hostname of the attacker (or spammer).

    Solution:

    The easiest way to log these data is by enabling logging on the firewall and making sure that the time is synchronised on the firewall and mail server.