The six headed spam monster
by Berislav Kucan - for Help Net Security
Several days ago I visited an on-line forum of one of the Internet Presence Providers (IPP) in my country and found a topic dealing with spam. One user of the IPP in this topic, posted that by accessing his web site he receives the standard 403 forbidden message. He thought that it was some kind of a problem on the server, but the reality is that his account was shut down (and all files deleted?). The reason is - spam. It looks like he massively spammed a large number of usenet groups about his web site, where he is offering the most visited and demanded content on the Internet - naked chicks with a focus on nude celebrities.

After a reply by on of IPP's administrators where he says that the account is being locked because of spam, the user started to beg for his web space to return, that he is sorry for the spam, that he wouldn't do it again, etc. Another user, apparently his friend, stood on his side, and posted that spamming isn't such a big deal to lock someone's account. Well guess what it is ... Let us see a copy of the e-mail from a company where this IPP has their servers. Mail noted below is sent from a "Security & Abuse Team". Just to note that company name is shadowed with XXX's.


-------- Original Message --------
From: XXX Network Support
Subject: Re: [xxx-A21484] (fwd) Pamela Anderson and others nude
To: contacts@IPP.dom

Dear XXX Reseller/Customer:

This letter is to inform you that we have received at least one complaint or notification which indicates that you are in violation of XXX's acceptable use policy with regard to unsolicited commercial email and/or newsgroup postings. A report of the incident in question will proceed this message.

If you are a reseller and this complaint was received in regards to a violation by one of your customers or associates, we suggest that you terminate their service immediately.

To ensure that your service is not interrupted, please respond to this message within one business day from reciept, documenting what actions you plan to take to ensure that this activity comes to an end. Do not remove the [XXX-Axxxx] tracking number from the subject field of your reply.

If you believe that this message was sent to you in error, please provide us with a brief explaination of the situation at hand. One of our representatives will contact you via email to follow up.

If we have not heard from you by that time, network connectivity to your site may be terminated until this issue has been resolved.

Thank you for your prompt attention to this matter.


The actual user in question has already received an alert from the IPP for his first spamming trip, and after the first alert, the next one the is fatal one - losing user privilages and web hosting. So if you read the mail that I noted, a part of it could be a vital one - "If we have not heard from you by that time, network connectivity to your site may be terminated until this issue has been resolved". This provides you with the information about how spam could practically be dangerous to any Internet Presence Provider and its users. Why would a company lose a link to their servers, just because one of its users doesn't know the Netiquette and some basic being-online-behaviour.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Mon, Feb 8th