www [ [ net

Sleeve · Windoze skiddie Joined: Apr 10, 2005 Posts: 3

I'm not ususally the one to double post but it's easier to copy and past than it is to re-type everything.

I have a proof of concept that I want people to know about...

I am a site op for a small company that absolutely gets bombarded by spam. 90% of it is from these fake mortgage webistes that harvest personal info for the purpose of either ID theft, or list selling to direct mailers. I traced it back to one site that has over 700 subdomains used for spamming and/or a landing site for victims. One of the domains are http://truck.ok-mrg-now.net if you are interested in checking in to it. They must be on just about evey blacklist in the U.S.!

Upset at their nefarious intentions and the ungodly amount of spam we recieve from them, I decided to fight back by giving them what they want...names and addresses...and a LOT of them

I created the first ever FORM FILLER that generates FAKE names, addresses phone numbers and email addresses and then SUBMITS the data directly to the data harvesting pages MILLIONS OF TIMES PER DAY! This will prevent them from distinguishing the fake names from the real names, thus preventing victims, and it will use HUGE amounts of process time and resources on their server. Let's FIGHT BACK!

I got up to 15 MILLION FORMS successfully submitted before they k-lined me. I need some help to beta test this app and to take down the worlds biggest spammer. After they are gone, we will take down the second biggest spammer and so on.

The software is Flash based and is NOT an executable. If you know anything about Flash, it cannont directly access your registry, hard drive or memory. It is absolutely incapable of viral-like doings so please do not worry.

You can find it here: http://bdonner.coconia.net/

HELP me test it and KILL THE SPAMMERS! Post your stats/comments/question to this thread and spread the word. Lets FIGHT BACK and let the spammers know that we will not tolerate this anymore!

I am in the very early stages of development and if this works, I will be further developing it and accepting other spammers for consideration as targets. e.g fake sofware sites, fake pharmacy sites, fake banks and any other evil entities. E-mail me at with any questions.

Regards,

PL222

NealT · Posted: Mon Apr 11, 2005 5:32 am Post subject:

I hate to tell you this, but by my reading of things, what you are doing is not legal. Further, if by some remote chance you happen to stumble on a name/address/phone combination of a REAL person, it is my view that you would be liable for damages caused.....

I would suggest before you go any further, you contact a reputable attorney.
_________________

etee · Posted: Mon Apr 11, 2005 6:27 am Post subject:

Interesting concept -- definitely on the "grey hat" side, but interesting nonetheless. I have several spam-bot poisoners I am involved with (I might even be running one or more of them on this site -- who knows?), but this is both using a new technology (flash), and is more "active" (going out and registering on the sites, rather than sitting there and waiting for them to come to you.) It's the latter that I think NealT might have had the heartburn about. The algorithms for generating real-looking (bur fake) email addresses is pretty well known by now. And, better yet, you can generate real email addresses that go to "spam traps" -- a number of anti-spam products (and people) use this method to tag the spam.

My concern is about exactly what sites the "solution" registers with. If indeed these are ID-theft sites, then quite frankly the goal is to shut them down -- and the quicker the better. Dropping a dime on the site to the ISP (or the upstream) is a much better idea in that instance, IMHO.
_________________
Cheers,
-etee
"Supreme Commander of the Buffalo Wing, Spicey Chicken Cartel"

Sleeve · Windoze skiddie Joined: Apr 10, 2005 Posts: 3

First to address NealT - If there is a name/address combination that points to a real person generated by this script, it would be more rare than winning the mega millions lottery twice in a row with a $1.00 ticket. The algorithm used ensures this will not happen.

Furthermore, this is not a DDoS attack. It uses a public web portal to auto-fill forms and submit data. The goal is to dilute the database so they cannot distinguish real people from auto generated. There are several programs that auto fill data already, just in a more constructive way than mine. Everyone I've spoken with about this says it's abuse AT BEST and perfectly legal. To me it's fighting fire with fire in a measured and controlled way.

Now to address etee - This perticular ISP and webhost have been warned several times over the last year or so to no avail. It resides in China so it is outside of US law and they are not responding to complaints. Considering the amount of money they are making by spamming, my guess is that they aren't about the shut down the operation with a 'friendly' reminder that SPAM is illegal.

Agreed, it is a 'grey' area but you must also agree that if I can prevent one ID theft victim by doing this, it is a worthwhile effort.

Sleeve

BobCat · Posted: Mon Apr 11, 2005 8:57 am Post subject:

Normally I am on the "don't fight abuse with abuse" track, but remember: THEY DID ASK YOU TO FILL OUT THEIR FORM, right? ^_^

OK, so you couldn't do it right the first 500 times. You just kept trying until you got it right, after all, you wanna do it right, correct? ^_^
_________________
--BobCat
Spicey Chicken Cartel (tinSCC)#23, Lumber Cartel (tinLC)#1606
"Spam is used by lusers who don't want to do business with you ethically."

Sleeve · Windoze skiddie Joined: Apr 10, 2005 Posts: 3

Yes, that's the idea Twisted Evil

Take one of the most sinister perpetrators...fake 'male enhancement' sites that actually steal your dollars by draining your CC when you try to order. Here is an example: http://chattanooga3b.order-x.com and another: http://pentecost2b.order-x.com and yet another: http://muffle1a.order-x.com/. Identical websites, identical offers. GO ahead, order something with false info...you will see it's a scam clear as day. Now look at the whois.sc - http://www.whois.sc/order-x.com - hosted in China and BLACKLISTED.

Now ask yourself, is it possible to 'Abuse' these guys?

It can take weeks to get a response from an ISP or webhost and even if you get a response, they may not act and take the site down. My script can take down a site entirely in just DAYS and/or seriously handicap their ability to victimize people IMMEDIATELY.

To me a war is fought with guns on both sides.

etee · Posted: Mon Apr 11, 2005 12:58 pm Post subject:

Well, it may be legal (I Am Not A Lawyer, Nor do I Play One on TV), but I still feel it is really grey hat, bordering on black hat. Not that I am totally opposed to grey hat stuff, mind you -- I wear one myself on occasion. I would be darn sure, though, that the program was rate-limited to the point you couldn't DDoS the site -- even accidentally. DDoS, even if the site is pond scum, is treated as "computer access crime" by most prosecutors.
_________________
Cheers,
-etee
"Supreme Commander of the Buffalo Wing, Spicey Chicken Cartel"

etee · Posted: Mon Apr 11, 2005 3:16 pm Post subject:

NealT · Posted: Wed Apr 13, 2005 10:25 am Post subject:

BobCat · Posted: Wed Apr 13, 2005 10:48 am Post subject:

Remember we (tinw) don't use guns. We (tinw) use LARTs. And trust me, there is much more imagination that could go into LARTing ^_^
_________________
--BobCat
Spicey Chicken Cartel (tinSCC)#23, Lumber Cartel (tinLC)#1606
"Spam is used by lusers who don't want to do business with you ethically."

etee · Posted: Wed Apr 13, 2005 11:16 am Post subject:

I think the reference to firearms was metaphorical, not literal. In that context, both sides have good points. I simply am concerned about collateral damage, which was one of the concerns of the "Make Love Not Spam(m)" program that Lycos Europe unleashed (then withdrew.) I feel that this type of "fight back/attack back" response is truly a last resort, after all other avenues of dealing with it (including the IDP) are exhausted (I have found that null-routing the IP addresses at the routers is really effective.)
_________________
Cheers,
-etee
"Supreme Commander of the Buffalo Wing, Spicey Chicken Cartel"

NealT · Posted: Wed Apr 13, 2005 7:00 pm Post subject:

I guess that is the nice part about this country (and media). We all have the right to disagree...
_________________

BobCat · Posted: Thu Apr 14, 2005 12:40 am Post subject:

I say LART first, ask questions later Smile

_________________
--BobCat
Spicey Chicken Cartel (tinSCC)#23, Lumber Cartel (tinLC)#1606
"Spam is used by lusers who don't want to do business with you ethically."

etee · Posted: Thu Apr 14, 2005 1:48 pm Post subject:

LART everything that moves, then LART THEM AGAIN!!!11 After that, let boB sort 'em out. Rolling Eyes

_________________
Cheers,
-etee
"Supreme Commander of the Buffalo Wing, Spicey Chicken Cartel"

BobCat · Posted: Thu Apr 14, 2005 5:28 pm Post subject:

Just pull an Arnold: Hasta la LARTsa baby!
_________________
--BobCat
Spicey Chicken Cartel (tinSCC)#23, Lumber Cartel (tinLC)#1606
"Spam is used by lusers who don't want to do business with you ethically."