CRIME Spam as a attack method?

From: Andrew Plato (aplato@private)
Date: Tue May 20 2003 - 12:16:02 PDT

Next message: Daggett, Steve: "CRIME FW: Verified by VISA (card number harvester)"

Previous message: Larry Whittington: "Re: CRIME Fwd: Your account is On Hold."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Yeah, I get a zillion spams a day as well. But I think I saw something a
little different this weekend. 

Somebody bombarded our network with thousands of spam messges. It was a
standard dictionary attack. We fought that off quickly, thanks to the
SMTP proxy we use. But along with the spams were some honest attempts to
penetrate our network. A few shell-code attacks, some Unicode stuff,
standard IIS type attacks. Nothing terribly clever, but they were in
there. I suspect the spams were just a smokescreen to overload our
firewall and IDS.

Fortunately, it didn't work. Our Guard box came through like a champ and
blocked the intrusions (and left us with yummie evidence filled trace
files.) Guard had blocked over 300 IP addresses, so whomever they were,
they were persistent. Restored my faith in IPS. 

However, it also highlights the ongoing problems with spammers. Spam is
beyond just being annoying, it's becoming more and more of a security
risk. How long before hackers use spamming methods to capture internal
information from companies. I can already envision spam that comes to
you company mailbox that LOOKS like something from the HR department.
Similar to the spams Rich saw, they grab your SSN or company logon and
then use that to penetrate the network or carry out social engineering
hacks. Sure, most of us are smart enough to delete such messages. But
we're the minority. Most people would fill that out and assume all was
well and good.

___________________________________
Andrew Plato, CISSP
President / Principal Consultant
Anitian Corporation

Enterprise Security &
Infrastructure Solutions
 
503-644-5656 Office
503-644-8574 Fax
503-201-0821 Mobile
www.anitian.com 
___________________________________




> -----Original Message-----
> From: Crispin Cowan [mailto:crispin@private] 
> Sent: Tuesday, May 20, 2003 10:54 AM
> To: Rich Rohrich
> Cc: CRIME@private
> Subject: Re: CRIME Fwd: Your account is On Hold.
> 
> I get about 100 spams a day. I get an "identity theft kit" 
> about once a 
> week. I think the first one was maybe 2 years ago: a page of 
> HTML that 
> looked just like Paypal.com's web site, and said Paypal all 
> over it, but 
> the hyper links behind the blue linked to paypai.com. Since 
> then there 
> have been many more. Recently I've also been hit with a lot 
> of security 
> advisories from "microsoft" that somehow seem to link to 
> something that 
> isn't quite Microsoft.
> 
> Is it really news any more that spammers send con games?
>

Next message: Daggett, Steve: "CRIME FW: Verified by VISA (card number harvester)"
Previous message: Larry Whittington: "Re: CRIME Fwd: Your account is On Hold."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue May 20 2003 - 13:12:07 PDT