This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. Send mail to mimeat_private for more info. --------------876928B79EE80B37CF56D742 Content-Type: TEXT/PLAIN; CHARSET=us-ascii Content-ID: <Pine.SUN.3.96.981202181404.3873Hat_private> Forwarded From: darek milewski <darekmat_private> http://www.computerworld.com/home/news.nsf/CWFlash/9812023spam Computerworld victim of spoof By Tom Diederich We've been "spoofed." Last week, hackers began sending out spam E-mail promoting pornographic Web sites. The message headers made it appear as if the originator of the E-mail was Computerworld.com.ph, which is the domain of Computerworld Philippines, a Computerworld sister publication. This practice is called "spoofing," a hacking technique in which third-party servers are covertly used to relay information. According to Tom Lamoureux, Computerworld Inc.'s director of support services, the hackers relayed the spam through servers at four U.S. universities. Lamoureux said his team is working with the colleges in an attempt to find who actually sent the E-mail and to determine how many people were targeted. "It's impossible to tell right now, but I would imagine somewhere between thousands and hundreds of thousands have gotten the spam," Lamoureux said. "These messages probably did not originate in the Philippines," he added. "My guess is they came from somewhere domestic because they all ultimately pointed to www.tripod.com, an online community site. The porn sites promoted in the spam E-mail also resided on Tripod. Tripod, in Williamstown, Mass., did not immediately respond to a request for an interview. However, Lamoureux said he spoke with an employee there who said that such attacks are not uncommon. Tripod's standard procedure is to shut down accounts and pull all related sites when such activity is detected. Unfortunately, spoofing is a simple procedure. "In order to do a smut posting like this, all you really need is a place to put the files -- there's a lot of online Web-hosting companies that will do that for you -- and a dial-up account with an [Internet service provider], which are a dime a dozen," Lamoureux said. "It's really impossible to tell how many people were affected. The only real way to tell would be to check the mail server that [the spam] was relayed through, but the problem is that colleges have lots of servers in place and not all of them are administered." By checking the message headers, Computerworld's technicians determined that servers at four U.S. colleges were affected: Virginia Commonwealth University, the University of Wyoming, the University of Michigan and Duke University. Michigan and Duke were spammed yesterday, Lamoureux said. "The best chance to find out who originated the messages is really with these two colleges, because they can look at the logs." Even though the domain name address has been spoofed, he said, the sender's real IP address typically is present. However, Lamoureux said, proxy servers can be used to cook up fake IP addresses. The spammers may have used a dial-up account with an Internet service provider. "Unless companies, and in this case universities, tighten down their mail servers, this problem will really happen forever," Lamoureux said. --------------876928B79EE80B37CF56D742-- -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:13:07 PDT