[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] nac-gaf spam attacks

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] nac-gaf spam attacks
From: "Steve Cooperman" <worried@xxxxxxxxx>
Date: Sun, 18 Mar 2007 16:56:44 -0400

Good Afternoon,
I'm seeing wide-spread spam attacks across several different shared hosting
servers, operated by multiple companies. The attacks forge emails on the
fly, and follow a pattern. The spam first takes the client's domain name,
for example, plastic.com. Then adds the word "nac" to the beginning, and
"gaf" to the end, making the from email address nacplasticgaf@xxxxxxxxxxx .
If the domain were rockin.com, the email would be nacrockingaf@xxxxxxxxxx .
Byob.com, nacbyobgaf@xxxxxxxx, etc.

Has anyone else noticed this trend this afternoon? It seems they just
started a couple of hours ago. It doesn't seem like a security risk, just
standard forging of email headers. The main company I work for makes use of
SPF, however not every mail server on the internet makes use of it. I'm only
submitting this because it seems like a wide-spread issue this afternoon.

All the best,
Mike Bailey

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] [SECURITY] [DSA 1269-1] New lookup-el packages fix insecure temporary file
Next by Date: [Full-disclosure] [ GLSA 200703-17 ] ulogd: Remote execution of arbitrary code
Previous by thread: [Full-disclosure] [SECURITY] [DSA 1269-1] New lookup-el packages fix insecure temporary file
Next by thread: [Full-disclosure] [ GLSA 200703-17 ] ulogd: Remote execution of arbitrary code
Index(es):
- Date
- Thread