Neil's News

+ 2010
+ 2009
+ 2008
+ 2007
+ 2006
+ 2005
+ 2004
- 2003
 Christmas Spam
 Mission Accomplished
 Particular Sounds
 Mooving right along
 Going Native
 MUDzilla
 Sitefinder T&C
 Inverness Bridges
 Public Relations
 Old Friend
 Canada
 Larval mode
 Many Moo Menus
 Remote Reboot
 Search Highlighter
 More Chain Reaction
 Java Chain Reaction
 Updates & Upgrades
 Silly Quotes
 Summer Solstice
 No Picnic
 SlashProxy
 Wheel Shapes
 Image to HTML
 Windows Parallel Ports
 SETI@home
 Democratic Bugs
 Political Irony
 Gray Code
 ScotRail
 iPIX
 April Fools
 Signs
 Schrödinger's Cat
 Danger Pay
 Highland Life
 New Math
 Elgin
 Veeblefester
 Triana
 Post Columbia
 Work work work
 First Snow
+ 2002

Christmas Spam

25 December 2003

It's Christmas! A nice relaxing day. All my co-workers are with their families, so I have the office all to myself. Should be able to get some good solid programming done. But first, a quick email check.

Receiving message 1 of 42840...

After muttering something unbecoming of a British citizen, I terminate our mail server and start sifting through the overflowing logs. Sure enough, we've got a spammer on the loose. He's found a way to hijack a web-email gateway and is in the process of carpet-bombing AOL addresses with ads for Adobe Illustrator.

The spammer's loophole was simple, but one we hadn't seen before. He'd replaced the hidden subject field with a multi-line field containing additional To: and CC: headers, followed by a 100KB email. I'd gone to great lengths to make our To: and CC: headers configurable yet secure, but he simply side-stepped all that and created his own.

There's also no way to identify the spammer, since his web connections arrived from hundreds of IP addresses all over the world. He must be controlling a network of zombies, infected by a virus or worm. When I secured our gateway, one zombie connected, failed to send, and none of the other zombies ever reconnected. He certainly keeps his minions on a tight leash.

Recently I began to wonder if I was getting a bit too paranoid about server security. It is always a balancing act between making life easier for customers vs making life difficult for attackers. Today's episode helps put that in perspective.

Merry Christmas.

Update: This has become a huge exploit. We are now getting probed several times every day. Naturally we are totally immune, but I can only imagine what it's like out there for those who haven't protected themselves. It's just a matter of time before they find you...

< Previous | Next >
 
-------------------------------------
Neil Fraser: News: Christmas Spam