RE: Domain HiJacking by SPAMMERS

["Bruyere, Michel" <mbruyere () ezemcanada com>]

HI, 
        Actually this is more a "Joe Job" then a hijack (if I understand the
situation correctly). Unfortunately there is no Magic solution for that. As
long as the spammers will use his domain as spoofed "from" he will receive
notifications and some nice email from users who think that they are the
sender of it, they will hardly thank him for it ;/

The most you can do actually is to get an email (spam) and track the IP from
the sender (in the headers) and contact his ISP and forward the message to
them... quite a big job in front of you. I wish you good luck to get ISP
shut down the sending IP; normally they are not very responsive to this...





M.Bruyere



> -----Original Message-----
> From: saliskor () cyberus ca [mailto:saliskor () cyberus ca]
> Sent: jeudi 29 janvier 2004 10:45
> To: security-basics () securityfocus com
> Subject: Domain HiJacking by SPAMMERS
>
>
>
> A client of mine has been having serious difficulties with SPAMMERS using
> their domain name as a return address for sending spam. The Names are
> ficticious, of course, and only a inconvenience due to the NDRs being
> returned through the mail system.
>
>
>
> The most serious problem is that the subject of the SPAM could cause a
> major public relations problem for the company, since it is mostly online-
> drug sales and private enhancements being marketed.
>
>
>
> A thorough check of the mail system and tracing of the original spam
> messages confirm that the company's systems are not being used as relays.
> Most the the messages originate in the Far/Middle east or Europe.
>
>
>
> Any suggestions as to what can be done, or how to handle such a situation
> would definitely be appreciated.
>
>
>
> Rick
---------------------------------------------------------------------------
> Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any
> course! All of our class sizes are guaranteed to be 10 students or less.
> We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion
Prevention,
> and many other technical hands on courses.
> Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off
> any course!
---------------------------------------------------------------------------
> -

---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any 
course! All of our class sizes are guaranteed to be 10 students or less. 
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, 
and many other technical hands on courses. 
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off 
any course!  
----------------------------------------------------------------------------