[Dshield] anybody else seen this kind of "terror" messages?

Ben Robson ben at robson.ph
Tue Oct 14 16:38:06 GMT 2003


Members of the Full-Disclosure mailing list are reporting numerous 
receipts of this email.

The general consensus at the moment is that either a spammer is 
harvesting email addresses, using the technique to confirm valid email 
addresses, versus invalid ones.  Or the thought is that this might be a 
pre-cursor to some new social-engineering led attack.

Analysis of both the original email and the followup abuse mail reveals 
no malware content, but it is possible that having establihsed a line of 
communication the author may insert malware in to a future email.  This 
principle may prove to be to get peoples interest going, with a view to 
having people do the "what the heck do they want now" motivation to read 
an email, instead of just deleting it.

So, in summary.... No issue identified at the moment, but watch this space.

BenR.

Bruyere, Michel wrote:

> Hi,
> 	I received a "normal" piece of spam (it follows) 
>I sanitized it for getting it through the list.
> 
> ***
> Hi I am running a small website, please come visit me and click on my
> sponsors, this way I will be able to pay my ISP bills.
> The site is here.
> http://www.kievonline.org/
> please be patient as the site is only 1 week old and we need money to pay
> for it
> we do have a nice forum though
> http://www.kievonline.org/forum/
> Thanks allot
> ***
> 
> And I received the following some time later... where they try to use fear
> dunno why or to achieve what...
> 
> ****
> You are a p___ head for hacking my site and informing my isp !!! F___ y__
> nigger.
> if your a man you should come here and tell me in my face
> A man needs to make a living you know; now you think my isp is going to do
> something to stop me?
> F___ Y__
> Nice try. I have added your email address to every f_______ spam list I can
> find
> Next time you'll f___ with the right person
> ****
> 
> I must say that I never "hacked" this site, even more, I never
>been/reported on it.
> 
> Is it "new" that spammers try to use fear? I can't see what the direct gain
> is for them... if any.
> If you want I can send the original email with headers, off list, on
> request. The original message isn't sanitized.
> 
> Are there others that received this kind of emails?
> 
> Thanks
> 
>
>Note to moderator: Sorry to have sent it un-sanitized the first time... I
>forgot about it ;/
>
>
>
> M. Bruyere
>
>_______________________________________________
>list mailing list
>list at dshield.org
>To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
>
>  
>




More information about the list mailing list