[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: spam on CIS: sendmail exploit used commercially ?



On Mon, 25 Aug 1997, Peter Lorand Peres wrote:

> 
> Following the mail 'accident' I have caused a few days ago, I have noticed
> that on my CIS account I sometimes get spam with weird headers. CIS uses
> BSD machines as gateways (at least for telnet) on the Internet side.
> 
> The headers appeared to be sentby the spammer to hmiself ! I have no idea
> how such a message got into my mailbox on CIS. It was not the only one
> however. The From: header was the spammer, the To: too and the
> Distribution also. I tried to send myself mail and the From: was myself
> obviously (100310.2360@compuserve.com).
> 
> I have no idea what mailer they are using but I think they should take a
> look at it...

(max)/system/asher>telnet mx1.compuserve.com 25
Trying...
Connected to mx1.compuserve.com.
Escape character is '^]'.
220 arl-img-2.compuserve.com ESMTP Sendmail 8.8.6/8.8.6/2.5; Mon, 25 Aug
1997 14:18:35 -0400 (EDT)

looks like plain sendmail to me.
my guess would be that the spammer is using some kinky scripts that 
f*ck with the headers.

+--------------------------------------------------------------------+
| Asher Frenkel 			   Unix System Administrator |
| Fax   : +972-3-6978115                        Phone: +972-3-6978263| 
| E-Mail:asher@ibm.net.il                              +972-3-6978687| 
+--------------------------------------------------------------------+
IBM Israel
2, Weizmann St.
Tel Aviv 61336                         ======   =======    ===     ===
http://www.ibm.net.il/                 ======   ========   ====   ====
Dialup registration:   177-022-3993      ==      ==   ==    ==== ====
Company services:        03-6978663      ==      ======     == === ==
Internet sales fax:      03-6978115      ==      ==  ===    ==  =  ==
Enquiries:          info@ibm.net.il    ======   ========   ===     ===
Technical support:   noc@ibm.net.il    ======   =======    ===     ===
----------------------------------------------------------------------