Re: [nznog] [Fwd: Re: Bizarre spam]
I'd go with zombie's :) the . Then new line new line thing means that the rest of whatever your script does is ignored by the SMTP server, and the big long number might be either a "key" to get the target of an attack (eg, HTTP to this server, present this key, get details back) or something, or the IP / DNS name / something else of it, maybe base64'ed or encrypted somehow. I could see a virus/trojan/etc sitting there, polling a pop3 account, looking for emails with those words in the subject, and some form of payload, then it pings up and goes and does something. Maybe the attacked script was used as a "trigger"?? Damn it's time for a beer. N
-----Original Message----- From: Justin Cook [mailto:justin(a)skull.co.nz] Sent: Friday, 2 December 2005 3:01 p.m. To: nznog(a)list.waikato.ac.nz Subject: [nznog] [Fwd: Re: Bizarre spam]
It was, and it's already dealt with. Just looking for the reason behind it. Adrian is probably on the mark when he calls it a DoS.
James Clark wrote:
Sounds like PHP injection, assume it's PHP. If not ignore me.
These articles explain the cause and fixes in more depth:
http://securephp.damonkohler.com/index.php/Email_Injection http://www.nyphp.org/phundamentals/email_header_injection.php
Justin Cook wrote:
I've got a question for the appropriate higher minds.
I fixed one of my clients self-built contact forms after I had an inkling that someone was injecting headers into it to use it as a relay. Turns out I was right, but it's beyond me what
to accomplish:
Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: which a rising moon now threw from the scattered clouds bcc: charleslegbe(a)aol.com
648a4d46b041327ac30fe4f27a9b72ee .
Tons and tons of that just that. What possible use could
they're trying this garbage
be? Is someone trying to blackhole their domain?
Cheers Justin
_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog
_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog
participants (1)
-
Nic Wise