Jaroslaw Rafa via mailop wrote:
Hello,
a few days ago someone managed to abuse an account registration form on my
personal website and a few dozens of random recipients at different domains
(mostly at Yahoo) got registration confirmation emails from my address. The
scale of the attack was not big, it was about 20-30 mails in total until I
noticed it and secured the form to block the attack.
However I wonder - and here I'm looking for your opinion - what can be a
possible gain for the attacker from such an attack? The form does not have
any field to enter own information that could be passed to the recipient -
just login, password and email - so all the recipient gets is a standard
message saying that someone registered an account named XYZ on my website
using their email address, and if they want to confirm it, they should click
the link, otherwise do nothing and the registration will expire in 24 hours.
How can anyone benefit from spamming people with such messages?
It's hard to say without seeing what else is going on in the various
recipients' inboxes.
It seems likely you've spotted the webhost end of an attack we've seen
on the receiving end. It's not so much an attack on the webform as an
attack on the recipients, and you're just one of many forms stuffed with
those addresses in a short time.
We periodically see a customer bombarded with low thousands to literally
hundreds of thousands (fortunately only one case so far) of signup
messages. Contact forms, forum signups, mailing lists of all kinds.
(Many of the latter coming from "Subscribe to our newsletter!" website
widgets naturally send a "Thanks for subscribing" instead of a "Please
confirm your subscription", because COI is a dirty word to Marketing.)
In most cases the goal seems to have been "just the lulz". In a few
cases though, it appears to have been an effort to obscure a compromise
of the targeted recipient's email account, and in at least one case
likely linked to a credit card compromise (or at least of some linked
retail account with a saved CC) as well.
-kgd
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
