[Dshield] Suejdz & Kleze anyone

KeithTarrant@spamcop.net KeithTarrant at spamcop.net
Thu Oct 24 05:33:27 GMT 2002


> On Tue, 2002-10-22 at 18:35, KeithTarrant at spamcop.net wrote:
> > So with Klez email actually from AOL you would see an x-apparently
line
> > with the actual AOL account (at least until some hacker thinks to fake
> > that too).
>
> A spammer/wormer adding a forged X-Apparently-From: header won't confuse
> things much, as the mail server will still add it's own, and hopefully
> the mail server is smart enough to discard any preexisting
> X-Apparently-From: header.

You're not thinking deviously enough ;) ... you add the AOL headers to
email from non-AOL machines, that way they are the only AOL headers.  So
you just have "X-Apparently-From: BillNovak at aol.com" or anyone else with
an AOL account that you hate.  Then do the usual bounce of the open mail
server.

Of course this would only cause a mass of nasty email to block Mr. Novak's
inbox if lots of people knew to check for x-apparently headers, and there
are a few other things a hacker would have to sort out.






More information about the list mailing list