The six headed spam monster
by Berislav Kucan - for Help Net Security
Several days ago I visited an on-line forum of one of the Internet Presence Providers (IPP) in my country and found a topic dealing with spam. One user of the IPP in this topic, posted that by accessing his web site he receives the standard 403 forbidden message. He thought that it was some kind of a problem on the server, but the reality is that his account was shut down (and all files deleted?). The reason is - spam. It looks like he massively spammed a large number of usenet groups about his web site, where he is offering the most visited and demanded content on the Internet - naked chicks with a focus on nude celebrities.

After a reply by on of IPP's administrators where he says that the account is being locked because of spam, the user started to beg for his web space to return, that he is sorry for the spam, that he wouldn't do it again, etc. Another user, apparently his friend, stood on his side, and posted that spamming isn't such a big deal to lock someone's account. Well guess what it is ... Let us see a copy of the e-mail from a company where this IPP has their servers. Mail noted below is sent from a "Security & Abuse Team". Just to note that company name is shadowed with XXX's.

................................................


-------- Original Message --------
From: XXX Network Support
Subject: Re: [xxx-A21484] (fwd) Pamela Anderson and others nude
http://www.XXX.net/babes
To: contacts@IPP.dom
CC: abuse@XXX.net

Dear XXX Reseller/Customer:

This letter is to inform you that we have received at least one complaint or notification which indicates that you are in violation of XXX's acceptable use policy with regard to unsolicited commercial email and/or newsgroup postings. A report of the incident in question will proceed this message.

If you are a reseller and this complaint was received in regards to a violation by one of your customers or associates, we suggest that you terminate their service immediately.

To ensure that your service is not interrupted, please respond to this message within one business day from reciept, documenting what actions you plan to take to ensure that this activity comes to an end. Do not remove the [XXX-Axxxx] tracking number from the subject field of your reply.

If you believe that this message was sent to you in error, please provide us with a brief explaination of the situation at hand. One of our representatives will contact you via email to follow up.

If we have not heard from you by that time, network connectivity to your site may be terminated until this issue has been resolved.

Thank you for your prompt attention to this matter.

................................................


The actual user in question has already received an alert from the IPP for his first spamming trip, and after the first alert, the next one the is fatal one - losing user privilages and web hosting. So if you read the mail that I noted, a part of it could be a vital one - "If we have not heard from you by that time, network connectivity to your site may be terminated until this issue has been resolved". This provides you with the information about how spam could practically be dangerous to any Internet Presence Provider and its users. Why would a company lose a link to their servers, just because one of its users doesn't know the Netiquette and some basic being-online-behaviour.

Spotlight

USBdriveby: Compromising computers with a $20 microcontroller

Posted on 19 December 2014.  |  Security researcher Samy Kamkar has devised a fast and easy way to compromise an unlocked computer and open a backdoor on it: a simple and cheap ($20) pre-programmed Teensy microcontroller.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Fri, Dec 19th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //