Mailing List CGatePro@mail.stalker.com Message #97196
From: Todd Schuldt <tschuld@kirkwood.edu>
Subject: RE: Spam sent by rooms full of clones using a web browser?
Date: Wed, 4 Feb 2009 09:39:01 -0600
To: 'CommuniGate Pro Discussions' <CGatePro@mail.stalker.com>
And don't forget the logic they put in the scripts to change the attack based on the webmail interface they encounter (Squirrel Mail, Horde, CGP, etc).

When a student here is phished we usually see the web bots send a test message to a throw away yahoo account with an innocuous test message, then the next day the account gets buried in webmail message posts, then for the next day or 2 they are back to the small test message (Kind of like, did we get caught yet?) then the next day it buries the account again.  It took us several days to notice the first one since the box it's on runs for 15,000 students and they hit us between terms when all the kids were passed out from finals.

Todd Schuldt
Senior System Administrator
Kirkwood Community College
(319) 398-5899 x5763


-----Original Message-----
From: CommuniGate Pro Discussions [mailto:CGatePro@mail.stalker.com] On Behalf Of Stefan Seiz
Sent: Wednesday, February 04, 2009 8:44 AM
To: CommuniGate Pro Discussions
Subject: Re: Spam sent by rooms full of clones using a web browser?

On 04.02.2009 15:07 Uhr "Jeff Wark" <jwark@tbaytel.net> wrote:

> The person's webmail account is logged into and then the compose
> settings are adjusted.  The 'From' address is changed AND the signature
> for the account is set to be the entire spam message.  All the spammer
> has to do then is create a new message and paste a group of 10, 20, 50,
> addresses or whatever is allowed into the To/CC/BCC field and away he
> goes.  When we first saw it we thought "How clever".  Now it is just
> annoying.

Webmail doesn't necessarily have to be done by a human through a webbrowser.

It is amazing how easily scriptable HTTP is ;-)

--
Stefan Seiz <http://www.StefanSeiz.com>
Spamto: <bin@imd.net>



#############################################################
This message is sent to you because you are subscribed to
  the mailing list <CGatePro@mail.stalker.com>.
To unsubscribe, E-mail to: <CGatePro-off@mail.stalker.com>
To switch to the DIGEST mode, E-mail to <CGatePro-digest@mail.stalker.com>
To switch to the INDEX mode, E-mail to <CGatePro-index@mail.stalker.com>
Send administrative queries to  <CGatePro-request@mail.stalker.com>
Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster