[Full-Disclosure] Re: Any news on www.kievonline.org site?

2003-10-14 Thread Johannes Segitz 
Steve Wray <[EMAIL PROTECTED]> wrote:
> So far in my googling I havn't found anything about
> the site.

It's slowly getting into the index
http://groups.google.com/groups?q=kievonline.org&hl=en&lr=&ie=UTF-8&oe=utf-8&sa=N&tab=wg

It's spam. Just feed your $BAYESIAN_FILTER

Regards,
Johannes
-- 
  Give a man a match and he will be warm for a while,
light him on fire and he will be warm for the rest of his life

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

[Full-Disclosure] Re: Any news on www.kievonline.org site?

2003-10-14 Thread Dan Brosemer 
On Tue, Oct 14, 2003 at 10:11:17PM +1300, Steve Wray wrote:
> Hi all,
> today I found a really wierd email in my inbox,
> which got me curious about this kievonline.org
> that this guy is screaming about (I had never heard of
> it before. I may be an 'infidel' not being moslem
> but they guy has my skintone and drinking habits all wrong!)

Yesterday, I received this.  I don't remember seeing anything else from
there, but my spam filters are pretty good:



Date: Mon, 13 Oct 2003 22:59:53 +
From: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
Subject: you have been sent this email by
To: Mail Delivery Subsystem <[EMAIL PROTECTED]>

   You have been spamed by an individual who has nothing else what to do.
   Please ignore this, i have already notified the authorities in the USA
   and in Israel. Sorry for this.



Quite odd.

-Dan

-- 
"Burnished gallows set with red
 Caress the fevered, empty mind
 Of man who hangs bloodied and blind
 To reach for wisdom, not for bread."  -- Deoridhe Grimsdaughter

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

[Full-Disclosure] Re: Any news on www.kievonline.org site?

2003-10-15 Thread Sean Earp 
All-

Hopefully this will be the last word regarding kievonline so we can get 
back to discussing Full Disclosure, and not annoying spam...   Recently 
updated at the site ...



Dear Visitor;

If you came to this website because  you received a SPAM and/or a hate 
e-mail from [EMAIL PROTECTED] please  read the following 
announcement:

 

To Whom It May Concern;

In recent days, we have been  attacked by individuals who hacked or 
used some type of program(s) which sent  out an unknown amount of 
emails to many individuals and companies using our  domain name 
(kievonline.org) with the above mentioned email address 
:([EMAIL PROTECTED]) We  do not have such an email address setup.

Be advised, we at kievonline.org DID  NOT send you this email, it did 
not get sent from our mail server, it got  sent to you by these 
individuals who hacked or tried to hack into our server.  Our hosting 
company notified us regarding these emails and together we decided  to 
temporally disable this website.

We regret and apologize to all of you  whom have been harassed in any 
shape or form. Please forward the email to your  ISP (Internet Service 
Provider) and they might be able to trace it from where it had 
originated.

We have contacted the local authorities  in the USA and abroad (we 
believe that these individuals are not from the USA).  We have a trace 
of their IP addresses and other valuable information which will  assist 
the authorities upon who we are dealing with.

In closing we would like to comment that  this website has been set up 
for the use of an online forum (bulletin board) for  students of the 
Kiev School as a tool to keep in touch (general chat). This website and 
its  members have not and will not have acted in such a terrible manner.

PS We hope to have this forum up in  running in the near future.

Yours truly,

M.A.

Administrator

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

RE: [Full-Disclosure] Re: Any news on www.kievonline.org site?

2003-10-14 Thread Michael A. Starr 

Gentlemen;

I got the same message that is being discussed in this thread.  I include it
again, not to continue the propagation, but to have it convenient for
viewing.  From reading this thread, it seems that the site in question is,
or rather was, some kind of porn site, possibly which this guy
[EMAIL PROTECTED] would like to advertise.  If you look at the words that
were chosen, you'll notice that there are several of the words that *should*
get picked up by body content filters (if we're running body content
filters) -- ranging from sex (fuck, head), to golden showers (piss), to
"hate words" (nigger), to "hacking and warez" (hacking), phrases like "in my
face", and "a man needs" might get tagged as well.

What I suspect is that the kievonline.org site was a throw-away, and that
this guy is really running some kind of sophisticated probe against mail
servers to determine what filters we have in place.  I hate to say so, but
it might even be a subscriber to this list that is monitoring who reports
receiving this email.  The spam assassin score was a 3.0, so that probably
won't catch it. Header filters certainly won't stop the subject "Thank you".
He's even prepped us for a spam flood by saying that he added our address to
every spam list he could find. . .  All in all a very convincing package. I
don't think the point of this is a malicious code attack, but as I said, a
probe to see what can be gotten through.

Any thoughts?

Michael Starr, GSEC



<---Begin Spam --->
You are a piss head for hacking my site and informing my isp !!! Fuck you
nigger.

if your a man you should come here and tell me in my face
A man needs to make a living you know, Now you think my isp is going to do
something to stop me ?

FUCK YOU

Nice try. I have added your email address to every fucking spam list I can
find

Next time youll fuck with the right person
<--- End Spam --->

-Original Message-
From: Johannes Segitz [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 14, 2003 5:48 AM
To: [EMAIL PROTECTED]
Subject: [Full-Disclosure] Re: Any news on www.kievonline.org site?


Steve Wray <[EMAIL PROTECTED]> wrote:
> So far in my googling I havn't found anything about
> the site.

It's slowly getting into the index
http://groups.google.com/groups?q=kievonline.org&hl=en&lr=&ie=UTF-8&oe=utf-8
&sa=N&tab=wg

It's spam. Just feed your $BAYESIAN_FILTER

Regards,
Johannes
--
  Give a man a match and he will be warm for a while,
light him on fire and he will be warm for the rest of his life

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html



___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Re: Any news on www.kievonline.org site?

2003-10-14 Thread stefmit 
agged as well.
>
> What I suspect is that the kievonline.org site was a throw-away, and that
> this guy is really running some kind of sophisticated probe against mail
> servers to determine what filters we have in place.  I hate to say so, but
> it might even be a subscriber to this list that is monitoring who reports
> receiving this email.  The spam assassin score was a 3.0, so that probably
> won't catch it. Header filters certainly won't stop the subject "Thank
> you". He's even prepped us for a spam flood by saying that he added our
> address to every spam list he could find. . .  All in all a very convincing
> package. I don't think the point of this is a malicious code attack, but as
> I said, a probe to see what can be gotten through.
>
> Any thoughts?
>
> Michael Starr, GSEC
>
>
>
> <---Begin Spam --->
> You are a piss head for hacking my site and informing my isp !!! Fuck you
> nigger.
>
> if your a man you should come here and tell me in my face
> A man needs to make a living you know, Now you think my isp is going to do
> something to stop me ?
>
> FUCK YOU
>
> Nice try. I have added your email address to every fucking spam list I can
> find
>
> Next time youll fuck with the right person
> <--- End Spam --->
>
> -Original Message-
> From: Johannes Segitz [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, October 14, 2003 5:48 AM
> To: [EMAIL PROTECTED]
> Subject: [Full-Disclosure] Re: Any news on www.kievonline.org site?
>
> Steve Wray <[EMAIL PROTECTED]> wrote:
> > So far in my googling I havn't found anything about
> > the site.
>
> It's slowly getting into the index
> http://groups.google.com/groups?q=kievonline.org&hl=en&lr=&ie=UTF-8&oe=utf-
>8 &sa=N&tab=wg
>
> It's spam. Just feed your $BAYESIAN_FILTER
>
> Regards,
> Johannes
> --
>   Give a man a match and he will be warm for a while,
> light him on fire and he will be warm for the rest of his life
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Re: Any news on www.kievonline.org site?

2003-10-14 Thread Jonathan A. Zdziarski 
> FYI: I got the "thank you" reply very close after reporting the original 
> message to spamcop.net ==> makes me think that some monitoring takes place?!? 

Doubt it.  Mine sat in spam quarantine all night and I still got the
"Thank you" message...which if yours is like mine it was more of a "F***
you" message


___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Re: Any news on www.kievonline.org site?

2003-10-14 Thread Nick FitzGerald 
stefmit <[EMAIL PROTECTED]> wrote:

> FYI: I got the "thank you" reply very close after reporting the original
> message to spamcop.net ==> makes me think that some monitoring takes
> place?!? 

It may make _you_ think that, but I received the same "thank you" 
without reporting him/her/it to anyone, so I think you need a better 
conspiracy theory in this case...8-)


Regards,

Nick FitzGerald

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html