SEARCH

  • [:en]Recent Posts[:af]Onlangse bydraes

  • [:en]Categories[:af]Kategorieë

  • [:en]Archives[:af]Argiewe

«
»

What does Rumplestiltskin and spam have in common?Wat het Repelsteeltjie en gemorspos in gemeen?

Once of the most common questions we get asked by users is “How do these spammers get my e-mail address?” 

There are a number or methods that these spammers use, but today we will focus on one of the methods,  The “Rumplestiltskin” attack.

A dictionary or Rumplestiltskin attack is an attack where the spammer floods e-mail servers with usernames selected from a dictionary. The name of course, comes from the old Grimm’s fairytale.

Long, long ago when the university’s e-mail system was still very primitive and e-mail addresses were limited to 8 characters, most personnel at the university had simple names like ab@sun.ac.zaaa1@sun.ac.za, bv@sun.ac.za. It is relatively easy to make up a list of common letter combinations and just add @sun.ac.za onto it to create a e-mail list. Add to that common  role-based accounts, such as admin, help and support, as well as adding the latest Baby Names list and you have a list that can be used to launch a Rumplestiltskin attack.

If you send  E-mail to Unknown Users or address that do not exist, Why bother?

Firstly rather than spammers buying a list from other spammers, they can just spam to any possible name they can generate. It might seem rather inefficient but sending email is cheap.

The second reason – which is far more sinister – is that spammers use these techniques to generate lists of valid email accounts. They first send to a generated list and when they do get a response or the receiving mail server doesn’t answer back and say“unknown e-mail address”, this allows them to either sell these lists of “verified” emails or be more accurate in their other spamming activities.

With this second reason in mind, you should be able to see the danger of replying to these mails or filling in the “opt-out” option, that is commonly included in such mails, or by setting your “Send delivery receipt” to automatic on your e-mail. As soon as these spammers realize that there is a real person at the other end of the e-mail, they will increase their spam. They get paid to send out the mail, not for how many people respond to them.

In our next edition we will focus on a second way spammers harvest e-mail addresses in – Part 2 – Trojan Horses, Bots and Zombies

[ARTICLE BY DAVID WILES]

Een van die algemeenste vrae wat gebruikers vir ons vra is: Hoe kry hierdie gemorsposversenders my adres?! 

Daar is `n hele paar metodes, maar die keer fokus ons op die “Repelsteeltjie”-aanval.  

`n Woordeboek of Repelsteeltjie-aanval is `n aanval waar die gemorspos-versender e-pos bedieners oorval met gebruikersname uit `n woordeboek. Die naam is natuurlik afkomstig van die ou Grimm sprokiesverhaal.

Lank, lank gelede toe die universiteit se e-pos sisteeem nog primitief was en e-posadresse beperk tot 8 karakters, het die meeste personeel eenvoudige adresse gehad soos ab@sun.ac.zaaa1@sun.ac.za, bv@sun.ac.za.  

Dis redelik eenvoudig om `n lys van algemene letterkombinasies saam te stel en @sun.ac.za by te las en `n e-pos adreslys saam te stel. Voeg daarby algemene rolgebaseerde rekeninge soos admin, help en support, sowel as die nuuste babaname lys en jy het `n lys waarmee jy jou aanval kan loods. 

Hoekom sal jy `n e-pos stuur na onbekende gebruikers of `n adres wat nie bestaan nie?

Eerder as om `n lys te koop by ander gemorsposverspreiders, is dit makliker en natuurlik goedkoper om net gemorspos te stuur na enige moontlike naam wat gegenereer kan word. 

Die tweede rede – en `n meer oneerlike een – is dat versenders dit gebruik om juis `n lys van geldige adresse op te bou. Eers word `n gegenereerde lys gestuur en wanneer hulle `n antwoord kry of die e-pos bediener aan die ontvangkant nie terugantwoord en bevestig dat die adres ongeldig is nie, kry hulle die geleentheid om die lys te verkoop as “bevestigde” adresse of om meer akkuraat te wees met hul aktiwiteite.

Hiermee in gedagte, kan jy jouself indink hoe gevaarlik dit is om op hierdie e-posse te antwoord of te kliek op die “teken uit” opsie wat algemeen by die tipe e-posse ingesluit word. Selfs om “Send delivery receipt” op outomaties te stel hou `n gevaar in.

Sodra die skuldiges besef dat daar `n regte, lewendige persoon aan die ander kant van die e-pos is, sal die gemorspos net eenvoudig toeneem. Hulle word betaal om die e-posse suksesvol uit te stuur, nie noodwendig vir hoeveel mense daarop reageer nie.  

Volgende keer kyk ons na nog `n metode wat gebruik word om adresse te oes in Deel 2 – Trojaanse perde, Robotte en Zombies

[ARTIKEL DEUR DAVID WILES]

Email

This entry was posted on Friday, August 16th, 2013 at 10:30 am and is filed under Communication, Security. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.