5/15/2005

Xenophobic email attacks use mutiple NonDelivery messages as vehicle for D.O.S.

[Subtitle: "Invasion of the Zombie PC's"]

Nearly a year ago , Joe Wein correctly predicted that if this security hole was not corrected, it would lead to huge abuse. And, wasn't he ever right!

What is happening is this: Sober.G / Sober.H requests copies of its mails to be sent to 40 additional made-up addresses at a time and since most of these are invalid, whoever has his email address abused by Sober may end up with bounces (Non-Delivery Notifications, NDN). The email servers are mindlessly "doing their job" - and actually creating this flood of multiple DOS (Denial of Service) attacks.

I quote Mr. Wein:

"A combination of generating multiple bounces for a large number of invalid carbon copy addresses and attaching the complete original mail is dangerous. Unless such issues are addressed soon and on virtually all vulnerable mail servers, sooner or later someone will abuse this well-documented gaping security hole."

This is an excellent example of how to make the enemy unwittingly turn its weapons against itself.

Read more here, including a downloadable whitepaper on the subject.

One of the ways you can help protect your address from being harvested is to encode all "Mailto:" links on your site's web pages. A full-featured easy email-encoder that will generate
the script to do this can be found here. It's far from 100% protection, but at least it's a start. If your email address appears in plain text on a web page, you can pretty much BET that it's getting harvested by these bastards.


Read it and weep, folks.