Automated mass abuse of form mailers
2005/09/12, Michael Holzt, kju -at- fqdn.org
1. Summary
Lately webpage mail forms has become a target of spammers. The attacks
seems to be automated and try to exploit the use of untrusted input data
in a lot of these form mailers. The attacks
Michael Holzt wrote:
Automated mass abuse of form mailers
2005/09/12, Michael Holzt, kju -at- fqdn.org
1. Summary
Lately webpage mail forms has become a target of spammers. The attacks
seems to be automated and try to exploit the use of untrusted input data
in a lot of these form
Yo guys are sick! :-)
I found a hole in my pants, is this a possible information disclosure
vulnerability
misiu
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by
On 9/11/05 8:21 PM, Paul Schmehl [EMAIL PROTECTED] wrote:
Download the knoppix std distro and burn it to a cd. Use dcfldd for drive
imaging and the forensics tools for recovery of erased files and the like.
Paul.
Does dcfldd allow me to mirror the disk in such a manner as to include
===
Ubuntu Security Notice USN-181-1 September 12, 2005
mozilla, mozilla-thunderbird, mozilla-firefox vulnerabilities
CAN-2005-2871
===
A security issue affects the following
Hey Thanks!
Can I use the copy made by dd for the analysis? Specifically... 1)I want to
go to the site, 2)copy the drive, 3)take the copy made back to my location,
4) restore the data to another drive and mount it to an existing system and
then 5) forensically analyze the restored copy for
Original Message
From: Luc Stroobant
Message-Id: [EMAIL PROTECTED]
The abusers also try to track sucessfull attempts. In a number of
cases a bcc to an aol email address ([EMAIL PROTECTED]) was inserted
into the message as well. Other internet users reported such abuse as
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 807-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
September 12th, 2005
A worm/virus code is in the underground, where the malicious code
searches for:
http://groups.google.com/group/n3td3v/browse_thread/thread/74395c44ef94c107/729603543ed1379e?q=vxer+vectorsrnum=1#729603543ed1379e
And then sends whatever the service is invite/article or web link,
depending on what
By experimental I assume you mean stolen?
installing an experimental version of OS X.
-KF
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia -
On Mon, Sep 12, 2005 at 10:11:24AM -0400, Red Leg wrote:
On 9/11/05 8:21 PM, Paul Schmehl [EMAIL PROTECTED] wrote:
Download the knoppix std distro and burn it to a cd. Use dcfldd for drive
imaging and the forensics tools for recovery of erased files and the like.
Paul.
Does
much love to mactelbase.rar
-KF
Todd Towles wrote:
Nah, you went out and grabbed a copy of OS X that will run on x86
hardware with Windows XP. What do you think?
Should have used Vmware if you ask me
___
Full-Disclosure - We believe in
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200509-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
This has been delayed until the vendor had released a new version:
SNIP
Date: Fri, 26 Aug 2005 11:48:48 -0700
From: Greg Ferrar [EMAIL PROTECTED]
User-Agent: Mozilla Thunderbird 1.0.2 (Macintosh/20050317)
X-Accept-Language: en-us, en
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: FW:
as if this was the first time this would happen...
spammers exploit that vulnerability since years and its also public
knowledge since years.
but i find it really strange... a spammer intelligent enough to abuse
a server don't even bother to tweak-tune his spam mail can make sure
it passes
The VXer on the project I speak of doesn't require that the user reads
the message, however for added exploit code, this would be useful that
the mail is opened.
The likeliness of the mail being opened from a sender as
[EMAIL PROTECTED] is strong.
The Yahoo thing -did- bypass filters, however,
On Mon, 12 Sep 2005 21:59:21 +0545, Bipin Gautam said:
but i find it really strange... a spammer intelligent enough to abuse
a server don't even bother to tweak-tune his spam mail can make sure
it passes through most* spam filters criteria.
What's so strange about a spammer using a tool
James Wicks top-posting to someone:
Symantec Ghost was not presented as a means of getting a forensic duplicate.
As stated in my first response, the Ghost image is to be added to the new
drive and that drive is placed in the suspect desktop so that it can be
placed back into production.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 808-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
September 12th, 2005
On Mon, 12 Sep 2005, Michael Holzt wrote:
Automated mass abuse of form mailers
[smip]
Nothing new really, this has been an issue for many years now. And often
the result of folks still using matt's cgi scripts even our web masters
were as recent;ly as a year ago pointing our
Red Leg wrote:
I was wondering if anyone knows of a program/system that I can purchase, as
a private individual, that will allow me to
1) mirror a hard drive on location and
2) take that mirror and restore it to another drive. And
3) Find any CONVENTIONALLY erased files?
Why not give a try
You're missing the point, as i've tried to outline. This is an active
project, and written code for such an outbreak is already within the
hands of *underground hacker communities*.
If you look at my background posts, as posted earlier on the threat,
you'll see the lead up.
Thanks..
On
misiu wrote:
Yo guys are sick! :-)
I found a hole in my pants, is this a possible information disclosure
vulnerability
Not given the size of the information that would be disclosed.
...
Now can we finally kill this overworn thread by ignoring it???
Please
Regards,
Nick
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200509-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
On Mon, 12 Sep 2005, n3td3v wrote:
You're missing the point, as i've tried to outline. This is an active
project, and written code for such an outbreak is already within the
hands of *underground hacker communities*.
If you look at my background posts, as posted earlier on the threat,
Being tired of OT security posts everywhere, and looking to MAKE them
without cross-posting to a hundred lists, we created a new mailing list
which is already very active called funsec.
Check out the archives for just ONE day of activity, and subscribe if
you like:
On Mon, 12 Sep 2005, Red Leg wrote:
Hey Thanks!
Can I use the copy made by dd for the analysis? Specifically... 1)I want to
go to the site,
This is outside the scope of my response, hehe
2)copy the drive,
This will allow you to make a copy of the hard drive
3)take the copy made back to
Larry Seltzer wrote:And how exactly do you propose to leave out the details and PoC when the
presence of the bug and the steps taken to fix it can not be concelaed frompublic view given that the source code and the entire CVS entries are freelyavailable for anyone to browse?
You really don't think
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 809-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
September 13th, 2005
29 matches
Mail list logo
