Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Re: Any news on www.kievonline.org site?

From: "Michael A. Starr" <mstarr () ampeisch com>
Date: Tue, 14 Oct 2003 11:31:40 -0400

Gentlemen;

I got the same message that is being discussed in this thread.  I include it
again, not to continue the propagation, but to have it convenient for
viewing.  From reading this thread, it seems that the site in question is,
or rather was, some kind of porn site, possibly which this guy
admin () kievonline org would like to advertise.  If you look at the words that
were chosen, you'll notice that there are several of the words that *should*
get picked up by body content filters (if we're running body content
filters) -- ranging from sex (fuck, head), to golden showers (piss), to
"hate words" (nigger), to "hacking and warez" (hacking), phrases like "in my
face", and "a man needs" might get tagged as well.

What I suspect is that the kievonline.org site was a throw-away, and that
this guy is really running some kind of sophisticated probe against mail
servers to determine what filters we have in place.  I hate to say so, but
it might even be a subscriber to this list that is monitoring who reports
receiving this email.  The spam assassin score was a 3.0, so that probably
won't catch it. Header filters certainly won't stop the subject "Thank you".
He's even prepped us for a spam flood by saying that he added our address to
every spam list he could find. . .  All in all a very convincing package. I
don't think the point of this is a malicious code attack, but as I said, a
probe to see what can be gotten through.

Any thoughts?

Michael Starr, GSEC



<---Begin Spam --->
You are a piss head for hacking my site and informing my isp !!! Fuck you
nigger.

if your a man you should come here and tell me in my face
A man needs to make a living you know, Now you think my isp is going to do
something to stop me ?

FUCK YOU

Nice try. I have added your email address to every fucking spam list I can
find

Next time youll fuck with the right person
<--- End Spam --->

-----Original Message-----
From: Johannes Segitz [mailto:jusenet2 () segitz de]
Sent: Tuesday, October 14, 2003 5:48 AM
To: full-disclosure () lists netsys com
Subject: [Full-disclosure] Re: Any news on www.kievonline.org site?


Steve Wray <steve.wray () paradise net nz> wrote:

So far in my googling I havn't found anything about
the site.


It's slowly getting into the index
http://groups.google.com/groups?q=kievonline.org&hl=en&lr=&ie=UTF-8&oe=utf-8
&sa=N&tab=wg

It's spam. Just feed your $BAYESIAN_FILTER

Regards,
Johannes
--
      Give a man a match and he will be warm for a while,
light him on fire and he will be warm for the rest of his life

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: