RE: Re: [OT] Massive spam increase recently?

["Keith Doxey" <ukha@xxxxxxx>]

Hi Sean

your email address doesnt need to have been harvested from anywhere.

The spammers are running scripts that generate email addresses from parts
of
addresses they have found previously and lists of firstnames,surnames and
domain names. eg

fred.smith@xxxxxxx
bill.jones@xxxxxxx

They will generate the following emails

fred.smith@xxxxxxx
fred.smith@xxxxxxx
fred.smith@xxxxxxx
fred.smith@xxxxxxx
fred.smith@ <thousands of other domains>

bill.jones@xxxxxxx
bill.jones@xxxxxxx
bill.jones@xxxxxxx
bill.jones@xxxxxxx
bill.jones@ <thousands of other domains>

<hundreds_of_thousands_of_names> @ <thousands of other domains>

Obviously they target major ISP's like BTOpenworld or Freeserve etc where
there is a greater chance of actually hitting a valid email address.

This is no different to the way the script kiddies also target the IP
address ranges of major ISP's as well in the hope they will find an
unprotected PC to hack into.

I have now basically abandoned my BTInternet addresses for normal email as
they get over 100 spams per day which I just delete. Sorting them by
subject
is quite revealing as well. The same email subject will arrive from 2 or 3
different senders. The same email messages also seem to end up being sent
to
both of my main BTI accounts. Interestingly I have several email addresses
in the form <department>.<website>@<domain_name> or
<mail_list>@<domain_name> which despite being openly posted on
the internet
have never received any spam.

The fact that in your case, "sean6" has just started receiving
spam ties in
with what I said above. When you try to sign up to a popular service you
tend to try and use either your christian name or a favourite nickname. You
enter "wibble" it says wibble is taken but suggests wibble25 or
wibble2003
so you take one of them. The spammers know this and also generate email
addresses from christian names suffixed by a number dave1, dave2, dave3
etc.
Takes a bloody long time to type but a PC can generate thousands of them
>from

On a related theme....
I have notices from the webstats for my sites that in the 404 not found
section there are entries for pages which I have NEVER had but to me they
look like an attempt by someone to find a website that will allow them to
launch spam from it. The page names in question contain multiple different
permutations of directory nams and case sensitivity looking for a perl or
cgi script to post emails from.

/cgi-bin/formmail.pl
/cgi-bin/formmail.cgi
/cgi-bin/FormMail.pl
/cgi-sys/FormMail.pl
/cgi-bin/Formmail.pl
/cgi-bin/mail.pl
/cgi-bin/FORMMAIL.PL
/cgi-sys/formmail.cgi
/cgi-sys/formmail.pl
/cgi-bin/FormMail.cgi

I assume they have failed in their attempt because of the 404 entry but it
is something that I hadnt even considered that someone would try.

I wonder how much the speed of the internet would increase of all the spam
and virus crap was suddenly turned off ????

Keith

www.diyha.co.uk
www.kat5.tv


> -----Original Message-----
> From: Sean Stratton [mailto:groups@xxxxxxx]
> Sent: 16 April 2003 22:05
> To: ukha_d@xxxxxxx
> Subject: Re: [ukha_d] Re: [OT] Massive spam increase recently?
>
>
> I did the google check for my main (and now most spamed
> address) address
> It came back with ZIP nada nothing but a new twist has just
> came to the
> forefront I just started getting spams for sean6 @ blaa this is a OLD
> address I used when a friend set me up for 6 degrees of
> separation years
> ago, If I remember right me used my "real" email address and
> I joined with
> the sean6 one to ID it.
> I just tried to find it but no luck could be they went under
> and flogged off
> their database recently anyone else been there?
>
> Sean